Allied Telesis Layer 3 Switches Switch User Manual


  Open as PDF
of 31
 
Appendix: Configuration scripts for MAC-forced forwarding example
Create A Secure Network With Allied Telesis Managed Layer 3 Switches 30
Access Router
set system name="Access Router"
# Create a VLAN for accessing the Internet, SIP server and multicast groups
create vlan=CoreNetwork vid=28
# Create the other VLANs
create vlan=Voice vid=100
create vlan=Video vid=200
create vlan=Data vid=300
create vlan=Management vid=400
create vlan=EAN_Management vid=500
add vlan=28 port=20,24
add vlan=500 port=5
add vlan=100 port=1-2 frame=tagged
add vlan=200 port=1-2 frame=tagged
add vlan=300 port=1-2 frame=tagged
add vlan=400 port=1-2 frame=tagged
add vlan=500 port=1-2 frame=tagged
enable stp=default
set stp=default mode=rapid
set stp=default port=3-23 edgeport=yes
enable ip
add ip int=vlan28 ip=172.28.40.60
add ip int=vlan100 ip=172.16.1.254 mask=255.255.255.0
add ip int=vlan200 ip=172.16.2.254 mask=255.255.255.0
add ip int=vlan300 ip=172.16.3.254 mask=255.255.255.0
add ip int=vlan400 ip=172.16.4.254 mask=255.255.255.0
add ip int=vlan500 ip=172.16.5.254 mask=255.255.255.0
add ip rou=0.0.0.0 mask=0.0.0.0 int=vlan28 next=172.28.0.1
disable ip icmp=redirect
# Create classifiers to match traffic in VLANs 100-500
create class=10 ipsa=172.16.0.0/16 ipda=172.16.0.0/16
create class=100 ipsa=172.16.1.0/24 ipda=172.16.1.0/24
create class=401 ipsa=172.16.4.0/24 ipda=172.16.5.250/32
create class=402 ipsa=172.16.5.250/32 ipda=172.16.4.0/24
create class=501 ipsa=172.16.5.0/24 ipda=172.16.5.250/32
create class=502 ipsa=172.16.5.250/32 ipda=172.16.5.0/24
# Create a filter to drop all traffic within and between VLANs 100-500
add switch hwfilter classifier=10 action=discard
# Create filters to allow the exceptions (voice traffic)
add switch hwfilter classifier=100 action=nodrop
add switch hwfilter classifier=401 action=nodrop
add switch hwfilter classifier=402 action=nodrop
add switch hwfilter classifier=501 action=nodrop
add switch hwfilter classifier=502 action=nodrop
# Configure IGMP for multicasting
enable ip igmp
enable ip igmp int=vlan28
enable ip igmp int=vlan200
enable ip igmp int=vlan300
 previous