古董华为3026交换机端口隔离抵御ARP的办法

         校园网内存在一批2005年前后生产的华为交换机，由于近期网络升级采取了DHCP方式下发IP地址，无奈电脑太多，ARP、广播风暴太严重。同一个办公室的电脑只要1人中毒，全办公室都影响。翻阅了百度寻得一法：端口隔离。无奈，交换机太老了居然不支持这些命令。

版本号见下表

<Quidway>dir
Directory of flash:/

-rwxrwxrwx   1 noone    nogroup   2897728  Jun 22 2005 16:14:38   S3026CGSSI-VRP310-r0020-203.app
-rwxrwxrwx   1 noone    nogroup    442799  Jun 22 2005 16:14:38   wnm2.2.2-0004.zip
-rwxrwxrwx   1 noone    nogroup         8  Apr 02 2000 07:55:22   snmpboots
-rwxrwxrwx   1 noone    nogroup      3685  Apr 02 2000 21:37:05   vrpcfg.txt

7282688 bytes total (3804160 bytes free)


<Quidway>

百度上寻到的：port isolate、acl 5000 这些命令，这个老交换机都不支持。

无奈下通过实验，用以下办法效果不错。

简易拓扑图如上。

S3026配置命令见下面

# sysname Quidway#radius scheme system server-type huawei primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 user-name-format without-domaindomain system radius-scheme system access-limit disable state active vlan-assignment-mode integer idle-cut disable self-service-url disable messenger time disable domain default enable system# local-server nas-ip 127.0.0.1 key huawei#vlan 1#                                         vlan 11#vlan 12#vlan 13#vlan 14#vlan 15#vlan 16#vlan 17#vlan 18#vlan 19#vlan 20#vlan 21#vlan 22                                   #vlan 23#vlan 24#vlan 25#vlan 26#vlan 27#vlan 28#vlan 29#vlan 30#vlan 31#vlan 32#vlan 33#                                         vlan 34#vlan 100#vlan 105#vlan 1000#vlan 2000#interface Vlan-interface2000 ip address 192.168.99.2 255.255.255.0#interface Aux0/0#interface Ethernet0/1 port link-type hybrid port hybrid vlan 11 1000 untagged port hybrid pvid vlan 11#interface Ethernet0/2 port link-type hybrid port hybrid vlan 12 1000 untagged         port hybrid pvid vlan 12#interface Ethernet0/3 port link-type hybrid port hybrid vlan 13 1000 untagged port hybrid pvid vlan 13#interface Ethernet0/4 port link-type hybrid port hybrid vlan 14 1000 untagged port hybrid pvid vlan 14#interface Ethernet0/5 port link-type hybrid port hybrid vlan 15 1000 untagged port hybrid pvid vlan 15#interface Ethernet0/6 port link-type hybrid port hybrid vlan 16 1000 untagged port hybrid pvid vlan 16#interface Ethernet0/7                      port link-type hybrid port hybrid vlan 17 1000 untagged port hybrid pvid vlan 17#interface Ethernet0/8 port link-type hybrid port hybrid vlan 18 1000 untagged port hybrid pvid vlan 18#interface Ethernet0/9 port link-type hybrid port hybrid vlan 19 1000 untagged port hybrid pvid vlan 19#interface Ethernet0/10 port link-type hybrid port hybrid vlan 20 1000 untagged port hybrid pvid vlan 20#interface Ethernet0/11 port link-type hybrid port hybrid vlan 21 1000 untagged         port hybrid pvid vlan 21#interface Ethernet0/12 port link-type hybrid port hybrid vlan 22 1000 untagged port hybrid pvid vlan 22#interface Ethernet0/13 port link-type hybrid port hybrid vlan 23 1000 untagged port hybrid pvid vlan 23#interface Ethernet0/14 port link-type hybrid port hybrid vlan 24 1000 untagged port hybrid pvid vlan 24#interface Ethernet0/15 port link-type hybrid port hybrid vlan 25 1000 untagged port hybrid pvid vlan 25#interface Ethernet0/16                     port link-type hybrid port hybrid vlan 26 1000 untagged port hybrid pvid vlan 26#interface Ethernet0/17 port link-type hybrid port hybrid vlan 27 1000 untagged port hybrid pvid vlan 27#interface Ethernet0/18 port link-type hybrid port hybrid vlan 28 1000 untagged port hybrid pvid vlan 28#interface Ethernet0/19 port link-type hybrid port hybrid vlan 29 1000 untagged port hybrid pvid vlan 29#interface Ethernet0/20 port link-type hybrid port hybrid vlan 30 1000 untagged         port hybrid pvid vlan 30#interface Ethernet0/21 port link-type hybrid port hybrid vlan 31 1000 untagged port hybrid pvid vlan 31#interface Ethernet0/22 port link-type hybrid port hybrid vlan 32 105 1000 untagged port hybrid pvid vlan 32#interface Ethernet0/23 port link-type hybrid port hybrid vlan 11 to 31 1000 untagged port hybrid pvid vlan 1000#interface Ethernet0/24 port access vlan 2000#interface GigabitEthernet1/1#interface NULL0                           #user-interface aux 0user-interface vty 0 4#return[Quidway]