公司有华为S2300，下接了30个用户，每个用户分配一个VLAN 外网网关为192.168.1.1。要加什么设备，怎么配置

[Datong ]dis cur
#
sysname Datong_
super password level 3 cipher R$AI^&S,LW6P-=$HYLC]CA!!
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain

domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable

domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei

local-user huawei
password cipher R$AI^&S,LW7Q=^Q`MAF4<1!!
service-type telnet level 3
#
vlan 1
#
vlan 2
description dishui
#
vlan 3
description guoshui
#
vlan 4
description Zhengwu
#
vlan 139
description DaTongZX
#
vlan 140
description DaTongXX
#
vlan 167
description DaTongJiaoYuBan
#
vlan 213
description JiuZhong
#
vlan 214
description XiaoTunZX
#
vlan 235
description LanCunXX
#
vlan 4000
description for_admin
#
interface Vlan-interface4000
ip address 10.255.255.2 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
description dishui
port access vlan 2
#
interface Ethernet0/2
description guoshui
port access vlan 3
#
interface Ethernet0/3
description Zhengwu
#
interface Ethernet0/4
#
interface Ethernet0/5
description DaTongZX
speed 10
port access vlan 139
#
interface Ethernet0/6
description DaTongXX
speed 10
port access vlan 140
#
interface Ethernet0/7
description DaTongJIaoYuBan
speed 10
port access vlan 167
#
interface Ethernet0/8
description JiuZhong
port access vlan 213
#
interface Ethernet0/9
description XiaoTunZX
speed 10
port access vlan 214
#
interface Ethernet0/10
description LanCunXX
speed 10
port access vlan 235
#
interface Ethernet0/11
#
interface Ethernet0/12
#
interface Ethernet0/13
#
interface Ethernet0/14
#
interface Ethernet0/15
#
interface Ethernet0/16
#
interface Ethernet0/17
#
interface Ethernet0/18
port access vlan 235
#
interface Ethernet0/19
#
interface Ethernet0/20
#
interface Ethernet0/21
#
interface Ethernet0/22
#
interface Ethernet0/23
port link-type trunk
port trunk permit vlan all
#
interface Ethernet0/24
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
snmp-agent
snmp-agent local-engineid 800007DB00E0FC60737C6877
snmp-agent community write huawei
snmp-agent community read public
snmp-agent sys-info location BeiJing China
snmp-agent sys-info version all
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

楼主，你的意思是不是说每个用户之间是隔离的
如果是隔离的意思，各个用户之间是不用画vlan的，只需要在端口下执行命令port-isolate即可
外网网关为192.168.1.1。由于2300是二层设备，故需加一个路由器，设置网关为此地址
交换机上vlan号都不用改
如果有问题在问我

2300是交换机 加路由器了。不用每个用户都一个VLAN的。都在一个VLAN也可以的。把二层隔离打开就可以了。