帮助文档
专业提供香港服务器、香港云服务器、香港高防服务器租用、香港云主机、台湾服务器、美国服务器、美国云服务器vps租用、韩国高防服务器租用、新加坡服务器、日本服务器租用 一站式全球网络解决方案提供商!专业运营维护IDC数据中心,提供高质量的服务器托管,服务器机房租用,服务器机柜租用,IDC机房机柜租用等服务,稳定、安全、高性能的云端计算服务,实时满足您的多样性业务需求。 香港大带宽稳定可靠,高级工程师提供基于服务器硬件、操作系统、网络、应用环境、安全的免费技术支持。
服务器资讯 / 香港服务器租用 / 香港VPS租用 / 香港云服务器 / 美国服务器租用 / 台湾服务器租用 / 日本服务器租用 / 官方公告 / 帮助文档
华为防火墙与三层交换机对接配置VLAN上网设置
发布时间:2024-02-28 19:03:47   分类:帮助文档
华为防火墙与三层交换机对接配置VLAN上网设置 拓扑图 一、交换机设置  1、创建VLAN sys [Huawei]sys SW1 [SW1]un in en [SW1]vlan batch 10 20 100 [SW1]int g0/0/1 [SW1-GigabitEthernet0/0/1]p l a [SW1-GigabitEthernet0/0/1]p d v 10 [SW1-GigabitEthernet0/0/1]int g0/0/2 [SW1-GigabitEthernet0/0/2]p l a [SW1-GigabitEthernet0/0/2]p d v 20 [SW1-GigabitEthernet0/0/2]int g0/0/3 [SW1-GigabitEthernet0/0/3]p l a [SW1-GigabitEthernet0/0/3]p d v 100 [SW1-GigabitEthernet0/0/3]quit 2、VLANIF配置DHCP # 开启DHCP [SW1]dhcp enable [SW1]int vlanif 10 [SW1-Vlanif10]ip addr 192.168.10.1 24 [SW1-Vlanif10]dhcp select int [SW1-Vlanif10]dhcp server dns-list 114.114.114.114 [SW1-Vlanif10]int vlanif 20 [SW1-Vlanif20]ip addr 192.168.20.1 24 [SW1-Vlanif20]dhcp select int [SW1-Vlanif20]dhcp server dns-list 114.114.114.114 [SW1-Vlanif20]quit # 配置连接防火墙接口的IP [SW1]int vlanif 100 [SW1-Vlanif100]ip addr 192.168.100.2 24 [SW1-Vlanif100]quit  3、配置默认路由 [SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1 二、防火墙设置 1、配置连接交换机的接口与公网接口 sys [USG6000V1]sys FW1 [FW1]un in en # 配置公网IP [FW1]int g1/0/0 [FW1-GigabitEthernet1/0/0]ip addr 192.168.137.10 24 [FW1-GigabitEthernet1/0/0]service-manage all permit # 配置与交换机连接的接口IP [FW1-GigabitEthernet1/0/0]int g1/0/1 [FW1-GigabitEthernet1/0/1]ip addr 192.168.100.1 24 [FW1-GigabitEthernet1/0/1]service-manage ping permit [FW1-GigabitEthernet1/0/1]quit 2、配置安全区域 [FW1]firewall zone trust [FW1-zone-trust]add int g1/0/1 [FW1-zone-trust]firewall zone untrust [FW1-zone-untrust]add int g1/0/0 [FW1-zone-untrust]quit 3、创建地址列表 [FW1]ip address-set 192.168.10.0/24 type object [FW1-object-address-set-192.168.10.0/24]address 0 192.168.10.0 mask 24 [FW1-object-address-set-192.168.10.0/24]ip address-set 192.168.20.0/24 type object [FW1-object-address-set-192.168.20.0/24]address 0 192.168.20.0 mask 24 [FW1-object-address-set-192.168.20.0/24]quit 4、配置安全策略 [FW1]security-policy [FW1-policy-security]rule name "untrust to local" [FW1-policy-security-rule-untrust to local]source-zone untrust [FW1-policy-security-rule-untrust to local]destination-zone local [FW1-policy-security-rule-untrust to local]action permit [FW1-policy-security-rule-untrust to local]rule name "local to untrust" [FW1-policy-security-rule-local to untrust]source-zone local [FW1-policy-security-rule-local to untrust]destination-zone untrust [FW1-policy-security-rule-local to untrust]action permit [FW1-policy-security-rule-local to untrust]rule name "trust to untrust" [FW1-policy-security-rule-trust to untrust]source-zone trust [FW1-policy-security-rule-trust to untrust]destination-zone untrust [FW1-policy-security-rule-trust to untrust]source-address address-set 192.168.10.0/24 [FW1-policy-security-rule-trust to untrust]source-address address-set 192.168.20.0/24 [FW1-policy-security-rule-trust to untrust]action permit [FW1-policy-security-rule-trust to untrust]quit 5、配置NAT策略 # 配置源地址转换,内网用户可以上网 [FW1]nat-policy [FW1-policy-nat]rule name snat [FW1-policy-nat-rule-snat]source-zone trust [FW1-policy-nat-rule-snat]destination-zone untrust [FW1-policy-nat-rule-snat]source-address address-set 192.168.10.0/24 [FW1-policy-nat-rule-snat]source-address address-set 192.168.20.0/24 [FW1-policy-nat-rule-snat]action source-nat easy-ip [FW1-policy-nat-rule-snat]quit [FW1-policy-nat]quit 6、配置默认路由 [FW1]ip route-static 0.0.0.0 0.0.0.0 192.168.137.1 [FW1]ip route-static 192.168.0.0 255.255.0.0 192.168.100.2 7、配置DNS [FW1]dns resolve [FW1]dns server 114.114.114.114 三、测试验证 1、查看PC1 PC2 获取IP PC1>ipconfig Link local IPv6 address...........: fe80::5689:98ff:fe90:25d3 IPv6 address......................: :: / 128 IPv6 gateway......................: :: IPv4 address......................: 192.168.10.254 Subnet mask.......................: 255.255.255.0 Gateway...........................: 192.168.10.1 Physical address..................: 54-89-98-90-25-D3 DNS server........................: 114.114.114.114 PC2>ipconfig Link local IPv6 address...........: fe80::5689:98ff:fee7:3d77 IPv6 address......................: :: / 128 IPv6 gateway......................: :: IPv4 address......................: 192.168.20.254 Subnet mask.......................: 255.255.255.0 Gateway...........................: 192.168.20.1 Physical address..................: 54-89-98-E7-3D-77 DNS server........................: 114.114.114.114 2、验证 PC1 PC2互通 PC1>ping 192.168.20.254 Ping 192.168.20.254: 32 data bytes, Press Ctrl_C to break From 192.168.20.254: bytes=32 seq=1 ttl=127 time=63 ms From 192.168.20.254: bytes=32 seq=2 ttl=127 time=46 ms From 192.168.20.254: bytes=32 seq=3 ttl=127 time=32 ms From 192.168.20.254: bytes=32 seq=4 ttl=127 time=32 ms From 192.168.20.254: bytes=32 seq=5 ttl=127 time=46 ms --- 192.168.20.254 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 32/43/63 ms
香港云服务器租用推荐
服务器租用资讯
·广东云服务有限公司怎么样
·广东云服务器怎么样
·广东锐讯网络有限公司怎么样
·广东佛山的蜗牛怎么那么大
·广东单位电话主机号怎么填写
·管家婆 花生壳怎么用
·官网域名过期要怎么办
·官网邮箱一般怎么命名
·官网网站被篡改怎么办
服务器租用推荐
·美国服务器租用
·台湾服务器租用
·香港云服务器租用
·香港裸金属服务器
·香港高防服务器租用
·香港服务器租用特价