2022.12.13--0.37
传统局域网上层管理地址互通
1、网络结构
设备:
AR2200路由器;USG6000V防火墙;CE6800交换机
步骤:
1、配置路由器地址;
2、配置防火墙地址,与路由器对接口需指定pvid vlan101,否则不能通信
3、配置防火墙接口区域,配置防火墙域间互访策略;
4、配置核心交换机地址;
5、配置静态路由互访;
《1、配置路由器地址》
1 system 2 system name AR_OUT 3 interface g 0/0/1 4 ip address 192.168.101.1 24 5 quit 6 intface lookback 0 7 ip address 10.10.10.10
《2、配置防火墙地址,与路由器对接口需指定pvid vlan101,否则不能通信》
1 system 2 system name USG_SW 3 vlan 100 4 vlan 101 5 interface vlanif 101 6 ip address 192.168.101.2 24 7 quit 8 interface g 1/0/0 9 portswich 10 port link-type trunk 11 port trunk pvid vlan 101 12 port trunk allow-pass vlan all 13 quit 14 interface vlanif 100 15 ip address 192.168.100.1 24 16 quit 17 interface g 1/0/1 18 portswich 19 port link-type trunk 20 port trunk allow-pass vlan all 21 quit 22 quit 23 save
《3、配置防火墙接口区域,配置防火墙域间互访策略》
1 firewall zone untrust 2 add interface vlanif 101 3 add interface g 1/0/0 4 quit 5 firewall zone trust 6 add interface vlanif 100 7 add interface g 1/0/1 8 quit 9 security-policy 10 rule name trust_to_untrust 11 source-zone trust 12 source-zone local 13 source-zone dmz 14 destination-zone untrust 15 action permit 16 quit 17 rule name untrust_to_trust 18 source-zone untrust 19 destination-zone trust 20 destination-zone local 21 destination-zone dmz 22 action permit 23 quit
《4、配置核心交换机地址》
1 system 2 system SW_CORE 3 vlan 100 4 interface vlanif 100 5 ip address 192.168.100.2 24 6 quit 7 interface g 1/0/0 8 port link-type trunk 9 port trunk allow-pass vlan all
《路由器静态地址》
1 ip route-static 192.168.100.0 24 192.168.101.2
《防火墙静态地址》 2 ip route-static 0.0.0.0 0 192.168.101.1
《核心交换机静态地址》 3 ip route-static 0.0.0.0 0 192.168.100.1
有问题探讨联系:[email protected]
标签:quit,zone,ip,互通,局域网,地址,192.168,interface,上层 From: https://www.cnblogs.com/gaoshuai010107/p/16977546.html