! ! 部門ごとにネットワークを分割(コミュニティVLAN) + ゲストルームの通信を制限(アイソレートVLAN) : コマンド設定 ! ! ! SWX2310P-28GT ! ! dns-client enable ! access-list 100 10 permit any host 192.168.100.200 192.168.100.0 0.0.0.255 access-list 100 20 deny any any any access-list 121 10 permit any host 192.168.100.201 192.168.100.0 0.0.0.255 access-list 121 20 deny any any any access-list 122 10 permit any host 192.168.100.202 192.168.100.0 0.0.0.255 access-list 122 20 deny any any any access-list 130 10 deny any 192.168.100.0 0.0.0.255 host 192.168.100.200 ! vlan database vlan 10 name VLAN0010 vlan 21 name VLAN0021 vlan 22 name VLAN0022 vlan 30 name VLAN0030 private-vlan 10 primary private-vlan 21 community private-vlan 22 community private-vlan 30 isolated private-vlan 10 association add 21,22,30 ! interface port1.1 switchport switchport mode access switchport access vlan 21 switchport mode private-vlan host switchport private-vlan host-association 10 add 21 no shutdown ! interface port1.2 switchport switchport mode access switchport access vlan 21 switchport mode private-vlan host switchport private-vlan host-association 10 add 21 access-group 121 in no shutdown ! interface port1.3 switchport switchport mode access switchport access vlan 22 switchport mode private-vlan host switchport private-vlan host-association 10 add 22 no shutdown ! interface port1.4 switchport switchport mode access switchport access vlan 22 switchport mode private-vlan host switchport private-vlan host-association 10 add 22 access-group 122 in no shutdown ! interface port1.5 switchport switchport mode access switchport access vlan 30 switchport mode private-vlan host switchport private-vlan host-association 10 add 30 access-group 130 in no shutdown ! interface port1.6 switchport switchport mode access switchport access vlan 30 switchport mode private-vlan host switchport private-vlan host-association 10 add 30 access-group 130 in no shutdown ! interface port1.7 switchport switchport mode access switchport access vlan 10 switchport mode private-vlan promiscuous switchport private-vlan mapping 10 add 21,22,30 access-group 100 in no shutdown ! interface port1.8 switchport switchport mode access switchport access vlan 10 switchport mode private-vlan promiscuous switchport private-vlan mapping 10 add 21,22,30 no shutdown ! interface port1.9 switchport switchport mode access no shutdown ! interface port1.10 switchport switchport mode access no shutdown ! interface port1.11 switchport switchport mode access no shutdown ! interface port1.12 switchport switchport mode access no shutdown ! interface port1.13 switchport switchport mode access no shutdown ! interface port1.14 switchport switchport mode access no shutdown ! interface port1.15 switchport switchport mode access no shutdown ! interface port1.16 switchport switchport mode access no shutdown ! interface port1.17 switchport switchport mode access no shutdown ! interface port1.18 switchport switchport mode access no shutdown ! interface port1.19 switchport switchport mode access no shutdown ! interface port1.20 switchport switchport mode access no shutdown ! interface port1.21 switchport switchport mode access no shutdown ! interface port1.22 switchport switchport mode access no shutdown ! interface port1.23 switchport switchport mode access no shutdown ! interface port1.24 switchport switchport mode access no shutdown ! interface port1.25 switchport switchport mode access no shutdown ! interface port1.26 switchport switchport mode access no shutdown ! interface port1.27 switchport switchport mode access no shutdown ! interface port1.28 switchport switchport mode access no shutdown ! interface vlan1 no switchport auto-ip enable ip address 192.168.100.240/24 no shutdown ! interface vlan10 no switchport no shutdown ! interface vlan21 no switchport no shutdown ! interface vlan22 no switchport no shutdown ! interface vlan30 no switchport no shutdown ! clock timezone JST ! http-server enable http-proxy enable ! telnet-server enable ! line con 0 line vty 0 7 ! end