H3C的一个配置问题

具体需求如下图所示：

需要提供的具体的交换机得命令和一些命令的解释
当然这些东西越具体越好

1.接入A交换机配置

vlan 10

vlan 100

int g0/2
port link-type access
port access vlan 10

int g0/3
port link-type access
port access vlan 100

int g0/1
port link-type trunk
port trunk permit vlan all

2.三层交换机A

vlan 100
vlan 10

vlan 30 两台三层交换机互联vlan

int g0/1
port link-type trunk
port trunk permit vlan all

int g0/2

port link-type trunk
port trunk permit vlan all

int vlan 10
ip address 10.100.1.254 255.255.255.0

int vlan 100
ip address 10.100.2.254 255.255.255.0

int vlan 30
ip address 1.1.1.1 30

ospf 100
area 0
network 10.100.1.0 0.0.0.255
network 10.100.2.0 0.0.0.255
network 1.1.1.1 0.0.0.0

3.三层交换机B

vlan 21
vlan 20
vlan 22
vlan 30 两台三层交换机互联vlan

int g0/1
port link-type trunk
port trunk permit vlan all

int g0/2

port link-type trunk
port trunk permit vlan all

int vlan 20
ip address 10.100.3.254 255.255.255.0

int vlan 21
ip address 10.100.4.254 255.255.255.0

int vlan 22
ip address 10.100.5.254 255.255.255.0

int vlan 30
ip address 1.1.1.2 30

ospf 100
area 0
network 10.100.3.0 0.0.0.255
network 10.100.4.0 0.0.0.255
network 10.100.5.0 0.0.0.255
network 1.1.1.2 0.0.0.0

4.接入B交换机配置

vlan 21
vlan 20
vlan 22

int g0/2
port link-type access
port access vlan 20

int g0/3
port link-type access
port access vlan 21

int g0/3
port link-type access
port access vlan 22

int g0/1
port link-type trunk
port trunk permit vlan all

这样全网就可以互通了 PC网关是X.X.X.254

下面是不让PCA访问服务器C

在三层交换机B G0/1口出方向上配置过滤策略

access-list advanced 3000
rule 1 deny ip source 10.100.1.1 de 10.100.5.1

int g0/1
packet-filter 3000 outbound

创建2个vlan 写静态路由 先把2边的网络全打通 在3层交换机A写acl 允许PCA的地址访问服务器A B 拒绝访问其他