User Tools

Site Tools


hpe:switch:5700:configuration:configuration_example_script_4
  #
 version 7.1.045, Release 2432P05
  #
 sys  name switch
  #
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
 irf member 1 priority 1
 irf mode normal
  #
igmp-snooping
  #
 dhcp enable
  #
 dhcp snooping enable
  #
 lldp global enable
  #
 system-working-mode StandardBridge
 fan prefer-direction slot 1   port-to-power
 password-recovery enable
  #
  vlan 1
  igmp-snooping enable 
  #
  vlan 2
  igmp-snooping enable 
  #
  vlan 5
  igmp-snooping enable 
  #
  vlan 7
igmp-snooping enable 
  #
  vlan 8
  igmp-snooping enable 
  #
  vlan 9
  igmp-snooping enable 
  #
  vlan 10
  igmp-snooping enable 
  #
  vlan 12
  igmp-snooping enable 
  #
  vlan 18
  igmp-snooping enable 
  #
  vlan 20
  igmp-snooping enable 
  #
  vlan 21
  igmp-snooping enable 
  #
  vlan 30
  igmp-snooping enable 	
  #
vlan 31
  igmp-snooping enable 
#
vlan 32
  igmp-snooping enable 
  #
  vlan 50
  igmp-snooping enable 
  #
  vlan 51
  igmp-snooping enable 
  #
  vlan 52
  igmp-snooping enable 
  #
  vlan 53
  igmp-snooping enable 
  #
  vlan 54
  igmp-snooping enable 
  #
  vlan 55
  igmp-snooping enable 
  #
  vlan 56
  igmp-snooping enable 
  #
  vlan 70
  igmp-snooping enable 
  #
  vlan 100
  igmp-snooping enable 
  #
  vlan 101
  igmp-snooping enable 	
  #
  vlan 110
  igmp-snooping enable 
  #
  vlan 120
  igmp-snooping enable 
  #
  vlan 130
  igmp-snooping enable 
  #
  vlan 140
  igmp-snooping enable 
  #
  vlan 141
  igmp-snooping enable 
  #
  vlan 150
  igmp-snooping enable 
  #
  vlan 151
  igmp-snooping enable 
  #
  vlan 200
  igmp-snooping enable 
  #
  vlan 250
  igmp-snooping enable 
  #
  qos policy default
  #
  stp mode pvst
  stp global enable
  #
  dhcp server ip-pool demo1
  gateway-list 172.16.5.253
  network 172.16.5.0 mask 255.255.255.0
  address range 172.16.5.60 172.16.5.200
  dns-list 172.16.10.89 172.16.10.99
  #
  dhcp server ip-pool demo2
  gateway-list 192.168.200.253
  network 192.168.200.0 mask 255.255.255.0
  address range 192.168.200.60 192.168.203.200
  dns-list 172.16.10.89 172.16.10.99
  #
  interface Bridge-Aggregation1
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation2
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation3
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation4
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation5
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation6
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface Bridge-Aggregation7
  port link-type trunk
  port trunk permit   vlan all
  link-aggregation mode dynamic
  #
  interface NULL0
  #
  interface   vlan-  interface1
  ip address 178.16.2.8 255.255.0.0
  packet-filter   name   acl_  vlan_1 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface2
  ip address 172.16.2.253 255.255.255.0
#
  interface   vlan-  interface5
  ip address 172.16.5.253 255.255.255.0
  #
  interface   vlan-  interface7
  ip address 172.16.7.253 255.255.255.0
  packet-filter   name   acl_  vlan_7 inbound
  #
  interface   vlan-  interface8
  ip address 172.16.8.253 255.255.255.0
  #
  interface   vlan-  interface9
  ip address 172.16.9.253 255.255.255.0
  packet-filter   name   acl_  vlan_9 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface12
  ip address 172.16.12.253 255.255.255.0
  packet-filter   name acldemo1 inbound
  #
  interface   vlan-  interface18
  ip address 172.18.100.253 255.255.255.0
  packet-filter   name   acl_  vlan_18 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface20
  ip address 172.16.20.253 255.255.255.0
  #
  interface   vlan-  interface21
  ip address 172.16.21.253 255.255.255.0
  packet-filter   name   acl_  vlan_21 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface30
  ip address 192.168.30.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface31
  ip address 192.168.91.253 255.255.254.0
  packet-filter   name acldemo2 inbound
  dhcp server apply ip-pool pacientes
  #
  interface   vlan-  interface50
  ip address 172.16.50.253 255.255.255.0
  #
  interface   vlan-  interface51
  ip address 192.168.100.253 255.255.252.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface52
  ip address 192.168.52.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface53
  ip address 192.168.53.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface54
  ip address 192.168.54.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface55
  ip address 192.168.55.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface56
  ip address 192.168.56.253 255.255.255.0
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface70
  ip address 172.16.70.253 255.255.255.0
  #
  interface   vlan-  interface100
  ip address 172.16.100.253 255.255.255.0
  packet-filter   name   acl_  vlan_100 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface101
  ip address 172.16.101.253 255.255.255.0
  packet-filter   name   acl_  vlan_101 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface110
  ip address 172.16.110.253 255.255.255.0
  packet-filter   name   acl_  vlan_110 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface120
  ip address 172.16.120.253 255.255.255.0
  packet-filter   name   acl_  vlan_120 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface130
  ip address 172.16.130.253 255.255.255.0
  packet-filter   name   acl_  vlan_130 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface140
  ip address 172.16.140.253 255.255.255.0
  packet-filter   name   acl_  vlan_140 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface141
  ip address 172.16.141.253 255.255.255.0
  packet-filter   name   acl_  vlan_141 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface150
  ip address 172.16.150.253 255.255.255.0
  packet-filter   name   acl_  vlan_150 inbound
  dhcp select relay
  dhcp relay server-address 172.16.10.89
  dhcp relay server-address 172.16.10.99
  #
  interface   vlan-  interface151
  ip address 172.16.151.253 255.255.255.0
  #
  interface   vlan-  interface200
  ip address 192.168.200.253 255.255.252.0
  #
  interface   vlan-  interface250
  ip address 192.168.10.1 255.255.255.248
  #
  interface FortyGigE1/0/41
  shutdown
  #
  interface FortyGigE1/0/42
  shutdown
  #
  interface M-GigabitEthernet0/0/0
  #
  interface Ten-GigabitEthernet1/0/1
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 6
  #
  interface Ten-GigabitEthernet1/0/2
  port access   vlan 110
  #
  interface Ten-GigabitEthernet1/0/3
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/4
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/5
  description sniffer
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/6
  #
  interface Ten-GigabitEthernet1/0/7
  #
  interface Ten-GigabitEthernet1/0/8
  #
  interface Ten-GigabitEthernet1/0/9
  #
  interface Ten-GigabitEthernet1/0/10
  #
  interface Ten-GigabitEthernet1/0/11
  #
  interface Ten-GigabitEthernet1/0/12
  #
  interface Ten-GigabitEthernet1/0/13
  #
  interface Ten-GigabitEthernet1/0/14
  #
  interface Ten-GigabitEthernet1/0/15
  #
  interface Ten-GigabitEthernet1/0/16
  #
  interface Ten-GigabitEthernet1/0/17
  #
  interface Ten-GigabitEthernet1/0/18
  #
  interface Ten-GigabitEthernet1/0/19
  #
  interface Ten-GigabitEthernet1/0/20
  #
  interface Ten-GigabitEthernet1/0/21
  #
  interface Ten-GigabitEthernet1/0/22
  #
  interface Ten-GigabitEthernet1/0/23
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 7
  #
  interface Ten-GigabitEthernet1/0/24
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 7
  #
  interface Ten-GigabitEthernet1/0/25
  port link-type trunk
  port trunk permit   vlan all
  undo jumboframe enable
  port link-aggregation group 1
  #
  interface Ten-GigabitEthernet1/0/26
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 1
  #
  interface Ten-GigabitEthernet1/0/27
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 2
  #
  interface Ten-GigabitEthernet1/0/28
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 2
  #
  interface Ten-GigabitEthernet1/0/29
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 3
  #
  interface Ten-GigabitEthernet1/0/30
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 3
  #
  interface Ten-GigabitEthernet1/0/31
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 4
  #
  interface Ten-GigabitEthernet1/0/32
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 4
  #
  interface Ten-GigabitEthernet1/0/33
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/34
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/35
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/36
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/37
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/38
  port link-type trunk
  port trunk permit   vlan all
  #
  interface Ten-GigabitEthernet1/0/39
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 5
  #
  interface Ten-GigabitEthernet1/0/40
  port link-type trunk
  port trunk permit   vlan all
  port link-aggregation group 5
  #
  scheduler logfile size 16
  #
  line class aux
  user-role network-admin
  #
  line class vty
  user-role network-operator
  #
  line aux 0
  authentication-mode scheme
  user-role network-admin
  #
  line vty 0 4
  authentication-mode scheme
  user-role network-operator
  #
  line vty 5 63
  user-role network-operator
  #
  ip route-static 0.0.0.0 0 192.168.10.2
  snmp-agent
  snmp-agent local-engineid 8000002B001CC5C249806877
  snmp-agent community read testr
  snmp-agent community write testw
  snmp-agent community write private
  snmp-agent community read public
  snmp-agent sys-info contact testw
  snmp-agent sys-info location demo
  snmp-agent sys-info version all
  snmp-agent target-host trap address udp-domain 178.16.100.19 params security  name testw
  #
  ssh server enable
  #
  acl number 3000   name acldemo1
  rule 0 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.2.0 0.0.0.255
  rule 1 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
  rule 2 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.7.0 0.0.0.255
  rule 3 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.8.0 0.0.0.255
  rule 4 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.9.0 0.0.0.255
  rule 5 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
  rule 6 deny ip source 172.16.12.0 0.0.0.255 destination 172.18.100.0 0.0.0.255
  rule 7 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
  rule 8 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.100.0 0.0.0.255
  rule 9 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.101.0 0.0.0.255
  rule 10 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.110.0 0.0.0.255
  rule 11 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.120.0 0.0.0.255
  rule 12 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.130.0 0.0.0.255
  rule 13 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.140.0 0.0.0.255
  rule 14 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.141.0 0.0.0.255
  rule 15 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.150.0 0.0.0.255
  rule 16 deny ip source 172.16.12.0 0.0.0.255 destination 178.16.0.0 0.0.255.255
  rule 17 deny ip source 172.16.12.0 0.0.0.255 destination 172.16.20.0 0.0.0.255
  rule 18 permit ip
#
 acl number 3001   name acldemo2
 rule 0 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.2.0 0.0.0.255
 rule 1 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.5.0 0.0.0.255
 rule 2 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.7.0 0.0.0.255
 rule 3 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.8.0 0.0.0.255
 rule 4 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.9.0 0.0.0.255
 rule 5 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.10.0 0.0.0.255
 rule 6 deny ip source 192.168.0.0 0.0.255.255 destination 172.18.100.0 0.0.0.255
 rule 7 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.21.0 0.0.0.255
 rule 8 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.100.0 0.0.0.255
 rule 9 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.101.0 0.0.0.255
 rule 10 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.110.0 0.0.0.255
 rule 11 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.120.0 0.0.0.255
 rule 12 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.130.0 0.0.0.255
 rule 13 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.140.0 0.0.0.255
 rule 14 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.141.0 0.0.0.255
 rule 15 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.150.0 0.0.0.255
 rule 16 deny ip source 192.168.0.0 0.0.255.255 destination 178.16.0.0 0.0.255.255
 rule 18 permit ip source 192.168.0.0 0.0.255.255 destination 172.16.20.76 0
 rule 19 permit ip source 192.168.0.0 0.0.255.255 destination 172.16.20.77 0
 rule 20 permit tcp destination-  port eq 9090
 rule 21 deny ip source 192.168.0.0 0.0.255.255 destination 172.16.20.0 0.0.0.255
#
 acl number 3002   name acldemo3
 rule 0 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.2.0 0.0.0.255
 rule 1 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.5.0 0.0.0.255
 rule 2 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.7.0 0.0.0.255
 rule 3 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.8.0 0.0.0.255
 rule 4 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.9.0 0.0.0.255
 rule 5 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.10.0 0.0.0.255
 rule 6 deny ip source 192.175.0.0 0.0.255.255 destination 172.18.100.0 0.0.0.255
 rule 7 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.21.0 0.0.0.255
 rule 8 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.100.0 0.0.0.255
 rule 9 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.101.0 0.0.0.255
 rule 10 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.110.0 0.0.0.255
 rule 11 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.120.0 0.0.0.255
 rule 12 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.130.0 0.0.0.255
 rule 13 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.140.0 0.0.0.255
 rule 14 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.141.0 0.0.0.255
 rule 15 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.150.0 0.0.0.255
 rule 16 deny ip source 192.175.0.0 0.0.255.255 destination 178.16.0.0 0.0.255.255
 rule 17 permit ip source 192.175.0.0 0.0.255.255 destination 172.16.20.76 0
 rule 18 permit ip source 192.175.0.0 0.0.255.255 destination 172.16.20.77 0
 rule 19 deny ip source 192.175.0.0 0.0.255.255 destination 172.16.20.0 0.0.0.255
#
 acl number 3003   name   acl_  vlan_1
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 178.16.0.0 0.0.255.255 source-  port eq bootps
 rule 27 permit ip source 178.16.0.0 0.0.255.255 destination 172.16.10.77 0
 rule 28 permit ip source 178.16.0.0 0.0.255.255 destination 178.16.100.4 0
 rule 29 permit ip source 178.16.0.0 0.0.255.255 destination 178.16.100.15 0
 rule 30 permit ip source 178.16.0.0 0.0.255.255 destination 178.16.2.8 0
 rule 31 permit ip source 178.16.0.0 0.0.255.255 destination 10.70.1.1 0
 rule 32 permit ip source 178.16.0.0 0.0.255.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 178.16.0.0 0.0.255.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 178.16.0.0 0.0.255.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 178.16.0.0 0.0.255.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 178.16.0.0 0.0.255.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 178.16.100.4 0 destination 172.0.0.0 0.255.255.255
 rule 38 permit ip source 178.16.100.15 0 destination 172.0.0.0 0.255.255.255
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port range snmp 163
 rule 86 permit udp destination-  port gt 1023
 rule 87 permit udp destination-  port eq 6167
 rule 90 deny ip
#
 acl number 3004   name   acl_  vlan_2
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 27 permit ip source 172.16.2.0 0.0.0.255 destination 178.16.130.11 0
 rule 28 permit ip source 172.16.2.0 0.0.0.255 destination 178.16.100.4 0
 rule 29 permit ip source 172.16.2.0 0.0.0.255 destination 178.16.100.15 0
 rule 30 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.2.253 0
 rule 31 permit ip source 172.16.2.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.2.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.2.0 0.0.0.255
 rule 38 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.100.141 0
 rule 39 permit ip source 172.16.2.0 0.0.0.255 destination 172.16.100.41 0
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port gt 1023
 rule 90 deny ip
#
 acl number 3005   name   acl_  vlan_7
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 23 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.110.118 0
 rule 24 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.110.156 0
 rule 25 permit ip source 172.16.7.0 0.0.0.255 destination 172.18.100.59 0
 rule 26 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.110.96 0
 rule 27 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.110.98 0
 rule 28 permit ip source 172.16.7.0 0.0.0.255 destination 178.16.100.4 0
 rule 29 permit ip source 172.16.7.0 0.0.0.255 destination 178.16.100.15 0
 rule 30 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.7.253 0
 rule 31 permit ip source 172.16.7.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.7.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.7.0 0.0.0.255
 rule 38 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.110.20 0
 rule 39 permit ip source 172.16.7.0 0.0.0.255 destination 172.16.120.0 0.0.0.255
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port gt 1023
 rule 90 deny ip
#
 acl number 3006   name   acl_  vlan_8
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 25 permit ip source 172.16.8.250 0 destination 172.18.100.87 0
 rule 26 permit ip source 172.16.8.13 0 destination 172.16.101.4 0
 rule 28 permit ip source 172.16.8.0 0.0.0.255 destination 178.16.100.4 0
 rule 29 permit ip source 172.16.8.0 0.0.0.255 destination 178.16.100.15 0
 rule 30 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.8.253 0
 rule 31 permit ip source 172.16.8.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.8.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.8.0 0.0.0.255 destination 172.16.8.0 0.0.0.255
 rule 50 permit tcp destination-  port eq 9090
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port eq 50010
 rule 86 permit tcp destination-  port eq 50010
 rule 87 permit udp destination-  port gt 1023
 rule 88 permit tcp destination-  port eq 213
 rule 89 permit tcp destination-  port eq 28060
 rule 90 deny ip
#
 acl number 3007   name   acl_  vlan_9
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.9.0 0.0.0.255 source-  port eq bootps
 rule 30 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.9.253 0
 rule 31 permit ip source 172.16.9.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.9.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.9.0 0.0.0.255
 rule 38 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.100.41 0
 rule 39 permit ip source 172.16.9.0 0.0.0.255 destination 172.16.100.141 0
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port gt 1023
 rule 90 deny ip
#
 acl number 3008   name   acl_  vlan_18
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 14 deny ip destination 239.255.255.250 0
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 16 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.150.130 0
 rule 17 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.20.0 0.0.0.255
 rule 18 permit ip source 172.18.100.59 0 destination 172.16.150.142 0
 rule 19 permit ip source 172.18.100.59 0 destination 172.16.7.92 0
 rule 20 permit ip source 172.18.100.59 0 destination 172.16.7.91 0
 rule 21 permit ip source 172.18.100.59 0 destination 172.16.7.90 0
 rule 22 permit ip source 172.18.100.187 0 destination 172.16.150.181 0
 rule 23 permit ip source 172.18.100.87 0 destination 172.16.150.181 0
 rule 24 permit ip source 172.18.100.66 0 destination 172.16.110.235 0
 rule 25 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.150.239 0
 rule 26 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.20.26 0
 rule 27 permit ip source 172.18.100.0 0.0.0.255 destination 178.16.100.4 0
 rule 28 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.150.137 0
 rule 29 permit ip source 172.18.100.79 0 destination 172.16.110.235 0
 rule 30 permit ip source 172.18.100.0 0.0.0.255 destination 172.18.100.253 0
 rule 31 permit ip source 172.18.100.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.18.100.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 39 permit ip source 172.18.100.0 0.0.0.255 destination 172.16.10.30 0
 rule 40 permit ip source 172.18.100.71 0 destination 172.16.120.158 0
 rule 41 permit ip source 172.18.100.50 0 destination 172.16.150.137 0
 rule 42 permit ip source 172.18.100.212 0 destination 172.16.150.17 0
 rule 43 permit ip source 172.18.100.39 0 destination 172.16.120.45 0
 rule 44 permit ip source 172.18.100.215 0 destination 178.16.103.9 0
 rule 45 permit ip source 172.18.100.215 0 destination 178.16.150.137 0
 rule 46 permit ip source 172.18.100.160 0 destination 178.16.150.137 0
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port range 9000 9091
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit tcp destination-  port eq 28080
 rule 86 permit udp destination-  port gt 1023
 rule 87 permit tcp destination-  port eq 28060
 rule 90 deny ip
#
 acl number 3009   name   acl_  vlan_21
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.21.0 0.0.0.255 source-  port eq bootps
 rule 24 permit ip source 172.16.21.0 0.0.0.255 destination 172.19.0.0 0.0.255.255
 rule 25 permit ip source 172.16.21.0 0.0.0.255 destination 172.17.5.0 0.0.0.255
 rule 26 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.0.0 0.0.255.255
 rule 27 permit ip source 172.16.21.0 0.0.0.255 destination 172.17.0.0 0.0.255.255
 rule 28 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 29 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.20.0 0.0.0.255
 rule 30 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.21.253 0
 rule 31 permit ip source 172.16.21.0 0.0.0.255 destination 10.70.1.0 0.0.0.255
 rule 32 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.21.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.21.0 0.0.0.255 destination 178.16.0.0 0.0.255.255
 rule 36 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.2.0 0.0.0.255
 rule 37 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.7.0 0.0.0.255
 rule 38 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.8.0 0.0.0.255
 rule 39 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.9.0 0.0.0.255
 rule 40 permit ip source 172.16.21.0 0.0.0.255 destination 172.18.100.0 0.0.0.255
 rule 41 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.50.0 0.0.0.255
 rule 42 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.100.0 0.0.0.255
 rule 43 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.101.0 0.0.0.255
 rule 44 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.110.0 0.0.0.255
 rule 45 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.120.0 0.0.0.255
 rule 46 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.130.0 0.0.0.255
 rule 47 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.140.0 0.0.0.255
 rule 48 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.141.0 0.0.0.255
 rule 49 permit ip source 172.16.21.0 0.0.0.255 destination 172.16.150.0 0.0.0.255
 rule 50 permit tcp source 172.16.21.0 0.0.0.255 destination 172.16.5.0 0.0.0.255 destination-  port eq 5900
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port range 8080 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port range 9000 9091
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 83 permit tcp destination-  port eq 902
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port range 8200 8301
 rule 86 permit udp destination-  port gt 1023
 rule 87 permit udp destination-  port eq 15970
 rule 88 permit udp destination-  port range 1174 1195
 rule 89 permit udp destination-  port eq 447
 rule 90 deny ip
 #
 acl number 3013   name   acl_  vlan_50
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 14 deny ip destination 239.255.255.250 0
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 30 permit ip source 172.16.50.0 0.0.0.255 destination 172.16.50.253 0
 rule 31 permit ip source 172.16.50.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.50.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.50.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.50.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.50.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 90 deny ip
#
 acl number 3014   name   acl_  vlan_100
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.100.0 0.0.0.255 source-  port eq bootps
 rule 28 permit ip source 172.16.100.240 0 destination 172.16.120.152 0
 rule 29 permit ip source 172.16.100.0 0.0.0.255 destination 178.16.100.4 0
 rule 30 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.100.253 0
 rule 31 permit ip source 172.16.100.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.100.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.101.0 0.0.0.255
 rule 38 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.9.20 0
 rule 39 permit ip source 172.16.100.0 0.0.0.255 destination 172.16.2.0 0.0.0.255
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port gt 1023
 rule 86 permit udp destination-  port eq 15970
 rule 87 permit tcp destination-  port eq 65050
 rule 88 permit tcp destination-  port eq 28060
 rule 90 deny ip
 #
 acl number 3015   name   acl_  vlan_101
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.101.0 0.0.0.255 source-  port eq bootps
 rule 28 permit ip source 172.16.101.4 0 destination 172.16.8.13 0
 rule 29 permit ip source 172.16.101.0 0.0.0.255 destination 178.16.100.4 0
 rule 30 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.101.253 0
 rule 31 permit ip source 172.16.101.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.101.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 37 permit ip source 172.16.101.0 0.0.0.255 destination 172.16.100.0 0.0.0.255
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit udp destination-  port gt 1023
 rule 86 permit tcp destination-  port eq 65050
 rule 87 permit tcp destination-  port eq 28060
 rule 90 deny ip
#
 acl number 3016   name   acl_  vlan_110
 rule 9 permit ip source 172.16.110.149 0 destination 172.16.2.48 0
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.2.0 0.0.0.255 source-  port eq bootps
 rule 16 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.7.91 0
 rule 17 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.7.90 0
 rule 18 permit ip source 172.16.110.235 0 destination 172.18.100.66 0
 rule 19 permit ip source 172.16.110.150 0 destination 172.17.0.8 0
 rule 20 permit ip source 172.16.110.0 0.0.0.255 destination 172.19.120.0 0.0.0.255
 rule 21 permit ip source 172.16.110.0 0.0.0.255 destination 178.16.100.65 0
 rule 22 permit ip source 172.16.110.149 0 destination 172.16.2.80 0
 rule 23 permit ip source 172.16.110.235 0 destination 172.18.100.79 0
 rule 25 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.2.40 0
 rule 26 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.2.45 0
 rule 27 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.2.47 0
 rule 28 permit ip source 172.16.110.0 0.0.0.255 destination 178.16.100.4 0
 rule 29 permit ip source 172.16.110.0 0.0.0.255 destination 178.16.100.15 0
 rule 30 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.110.253 0
 rule 31 permit ip source 172.16.110.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 33 permit ip source 172.16.110.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.110.0 0.0.0.255
 rule 37 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 38 permit ip source 172.16.110.153 0 destination 172.17.0.8 0
 rule 39 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.7.92 0
 rule 40 permit ip source 172.16.110.0 0.0.0.255 destination 172.16.2.48 0
 rule 48 permit tcp destination-  port range 8998 8999
 rule 49 permit tcp destination-  port eq 9090
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8020
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 83 permit udp destination-  port eq 1433
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit tcp destination-  port eq ftp
 rule 86 permit tcp destination-  port eq ftp-data
 rule 87 permit tcp destination-  port eq 1433
 rule 88 permit udp destination-  port gt 1023
 rule 89 permit udp destination-  port gt 28060
 rule 90 deny ip
 #
 acl number 3017   name   acl_  vlan_120
 rule 10 permit tcp destination 172.16.10.89 0 destination-  port eq dns
 rule 11 permit tcp destination 172.16.10.99 0 destination-  port eq dns
 rule 15 deny udp source 172.16.120.0 0.0.0.255 source-  port eq bootps
 rule 27 permit ip source 172.16.120.119 0 destination 172.19.0.0 0.0.0.255
 rule 28 permit ip source 172.16.120.119 0 destination 172.17.0.0 0.0.0.255
 rule 29 permit ip source 172.16.120.152 0 destination 172.16.100.240 0
 rule 30 permit ip source 172.16.120.0 0.0.0.255 destination 172.16.120.253 0
 rule 31 permit ip source 172.16.120.0 0.0.0.255 destination 10.70.1.1 0
 rule 32 permit ip source 172.16.120.158 0 destination 172.18.100.71 0
 rule 33 permit ip source 172.16.120.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 34 permit ip source 172.16.120.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
 rule 35 permit ip source 172.16.120.0 0.0.0.255 destination 172.16.5.0 0.0.0.255
 rule 36 permit ip source 172.16.120.125 0 destination 172.16.150.29 0
 rule 37 permit ip source 172.16.120.0 0.0.0.255 destination 178.16.100.4 0
 rule 38 permit ip source 172.16.120.0 0.0.0.255 destination 172.16.70.0 0.0.0.255
 rule 39 permit ip source 172.16.120.45 0 destination 172.18.100.39 0
 rule 40 permit ip source 172.16.120.178 0 destination 172.16.7.0 0.0.0.255
 rule 41 permit ip source 172.16.120.180 0 destination 172.16.7.0 0.0.0.255
 rule 42 permit ip source 172.16.120.104 0 destination 172.16.7.0 0.0.0.255
 rule 43 permit ip source 172.16.120.0 0.0.0.255 destination 172.16.21.0 0.0.0.255
 rule 44 permit ip source 172.16.120.160 0 destination 172.19.11.100 0
 rule 49 permit tcp destination-  port eq 15244
 rule 50 permit tcp destination-  port eq 997
 rule 51 permit tcp destination-  port eq www
 rule 52 permit tcp destination-  port eq 443
 rule 53 permit tcp destination-  port eq 7087
 rule 54 permit tcp destination-  port eq 20446
 rule 55 permit tcp destination-  port eq 7005
 rule 56 permit tcp destination-  port eq 8088
 rule 57 permit tcp destination-  port eq 15970
 rule 58 permit tcp destination-  port eq 8085
 rule 59 permit tcp destination-  port range 8080 8088
 rule 60 permit tcp destination-  port eq 8074
 rule 61 permit tcp destination-  port eq 9000
 rule 62 permit tcp destination-  port eq 8093
 rule 63 permit tcp destination-  port eq 7446
 rule 64 permit tcp destination-  port range 81 86
 rule 65 permit tcp destination-  port eq 15218
 rule 66 permit tcp destination-  port eq 587
 rule 67 permit tcp destination-  port eq 3478
 rule 68 permit tcp destination-  port eq 2048
 rule 69 permit tcp destination-  port eq 2189
 rule 70 permit tcp destination-  port range 18080 18091
 rule 71 permit tcp destination-  port eq 8443
 rule 72 permit tcp destination-  port eq 8000
 rule 73 permit tcp destination-  port eq 8084
 rule 74 permit tcp destination-  port eq 1080
 rule 75 permit tcp destination-  port eq 2112
 rule 76 permit tcp destination-  port eq 2113
 rule 77 permit tcp destination-  port eq 3409
 rule 78 permit tcp destination-  port eq 6060
 rule 79 permit tcp destination-  port eq 9628
 rule 80 permit tcp destination-  port eq 8014
 rule 81 permit tcp destination-  port eq 8069
 rule 82 permit tcp destination-  port eq 882
 rule 84 permit udp destination-  port eq ntp
 rule 85 permit tcp destination-  port gt 39999
 rule 86 permit udp destination-  port gt 1023
 rule 87 permit tcp destination-  port eq 11443
 rule 88 permit tcp destination-  port eq 28060
 rule 89 permit tcp destination-  port eq 334
 rule 90 deny ip
hpe/switch/5700/configuration/configuration_example_script_4.txt · Last modified: 2021/09/09 14:43 by aperez

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki