!
! ネットカフェで個人ブースからの通信を制限(アイソレートVLAN) + 不正端末の接続禁止(アクセスリスト) : コマンド設定
!

!
! SWX2310P / SWX2310  Configのサンプル
!

!
qos enable
!
dns-client enable
!
access-list 1 10 permit any 192.168.100.0 0.0.0.255 any
!
access-list 2001 10 permit host (管理室PC1のMACアドレス) any
access-list 2001 20 permit host (管理室PC2のMACアドレス) any
access-list 2001 30 permit host (個人ブース1に接続するPCのMACアドレス) any
access-list 2001 40 permit host (個人ブース2に接続するPCのMACアドレス) any
access-list 2001 50 deny any any
!
class-map cmap1
 match access-list 1
!
policy-map pmap1
 class cmap1
  police single-rate 10000 62 11 yellow-action drop red-action drop
!
vlan database
 vlan 10 name VLAN0010
 vlan 20 name VLAN0020
 vlan 21 name VLAN0021
 private-vlan 10 primary
 private-vlan 20 community
 private-vlan 21 isolated
 private-vlan 10 association add 20,21
!
interface port1.1
 switchport
 switchport mode access
 switchport access vlan 10
 switchport mode private-vlan promiscuous
 switchport private-vlan mapping 10 add 20,21
 no shutdown
!
interface port1.2
 switchport
 switchport mode access
 switchport access vlan 20
 switchport mode private-vlan host
 switchport private-vlan host-association 10 add 20
 access-group 2001 in
 no shutdown
!
interface port1.3
 switchport
 switchport mode access
 switchport access vlan 20
 switchport mode private-vlan host
 switchport private-vlan host-association 10 add 20
 access-group 2001 in
 no shutdown
!
interface port1.4
 switchport
 switchport mode access
 switchport access vlan 21
 switchport mode private-vlan host
 switchport private-vlan host-association 10 add 21
 access-group 2001 in
 service-policy input pmap1
 no shutdown
!
interface port1.5
 switchport
 switchport mode access
 switchport access vlan 21
 switchport mode private-vlan host
 switchport private-vlan host-association 10 add 21
 access-group 2001 in
 service-policy input pmap1
 no shutdown
!
interface port1.6
 switchport
 switchport mode access
 no shutdown
!
interface port1.7
 switchport
 switchport mode access
 no shutdown
!
interface port1.8
 switchport
 switchport mode access
 no shutdown
!
interface port1.9
 switchport
 switchport mode access
 no shutdown
!
interface port1.10
 switchport
 switchport mode access
 no shutdown
!
interface vlan1
 no switchport
 auto-ip enable
 ip address 192.168.100.240/24
 no shutdown
!
interface vlan10
 no switchport
 no shutdown
!
interface vlan20
 no switchport
 no shutdown
!
interface vlan21
 no switchport
 no shutdown
!
!
clock timezone JST
!
http-server enable
http-proxy enable
!
telnet-server enable
!
line con 0
line vty 0 7
!
end