首页 > 其他分享 >交换机+防火墙+路由器

交换机+防火墙+路由器

时间:2024-09-22 19:21:32浏览次数:3  
标签:admin GigabitEthernet0 防火墙 default 交换机 user 172.16 interface 路由器

1、网络拓扑图

交换机+防火墙+路由器_ci

2、基础网络配置

1)路由nat

2)防火墙策略

3)交换机vlan

3、详细配置

路由器:

<r2>display current-configuration  

[V200R003C00]

#

sysname r2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

acl number 3000  

rule 5 permit ip  

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

nat address-group 1 10.1.1.10 10.1.1.100

#

interface GigabitEthernet0/0/0

ip address 172.16.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 10.1.1.2 255.255.255.0  

nat outbound 3000 address-group 1  

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

ip route-static 172.16.2.0 255.255.255.0 172.16.1.2

ip route-static 172.16.3.0 255.255.255.0 172.16.1.2

ip route-static 172.16.4.0 255.255.255.0 172.16.1.2

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<r2>

防火墙:

[firewall]display current-configuration  

2024-09-22 11:14:30.630  

!Software Version V500R005C10SPC300

#

sysname firewall

#

l2tp domain suffix-separator @

#

ipsec sha2 compatible enable

#

undo telnet server enable

undo telnet ipv6 server enable

#

update schedule location-sdb weekly Sun 06:50

#

firewall defend action discard

#

banner enable

#

user-manage web-authentication security port 8887

undo privacy-statement english

undo privacy-statement chinese

page-setting

user-manage security version tlsv1.1 tlsv1.2

password-policy

level high

user-manage single-sign-on ad

user-manage single-sign-on tsm

user-manage single-sign-on radius

user-manage auto-sync online-user

#

web-manager security version tlsv1.1 tlsv1.2

web-manager enable

web-manager security enable

#

firewall dataplane to manageplane application-apperceive default-action drop

#

undo ips log merge enable

#

decoding uri-cache disable

#

update schedule ips-sdb daily 07:09

update schedule av-sdb daily 07:09

update schedule sa-sdb daily 07:09

update schedule cnc daily 07:09

update schedule file-reputation daily 07:09

#

ip vpn-instance default

ipv4-family

#

time-range worktime

 period-range 08:00:00 to 18:00:00 working-day

#

ike proposal default

encryption-algorithm aes-256 aes-192 aes-128

dh group14

authentication-algorithm sha2-512 sha2-384 sha2-256

authentication-method pre-share

integrity-algorithm hmac-sha2-256

prf hmac-sha2-256

#

aaa

authentication-scheme default

authentication-scheme admin_local

authentication-scheme admin_radius_local

authentication-scheme admin_hwtacacs_local

authentication-scheme admin_ad_local

authentication-scheme admin_ldap_local

authentication-scheme admin_radius

authentication-scheme admin_hwtacacs

authentication-scheme admin_ad

authorization-scheme default

accounting-scheme default

domain default

 service-type internetaccess ssl-vpn l2tp ike

 internet-access mode password

 reference user current-domain

manager-user audit-admin

 password cipher @%@%TKylTsWkVFIx2C,JJMl0"z2[t-ss'\~#u8wIEI;yo-G+z2^"@%@%

 service-type web terminal

 level 15


manager-user api-admin

 password cipher @%@%g]F[T-15z!wW*yFbB]/0fS}S}/D^-&KdtRIU(r3ocT:@S}Vf@%@%

 level 15


manager-user admin

 password cipher @%@%7z;RH*FD'Qc3Ig5,tarFJ>4Hg@CQ=0|]w(n>@)H>]1A$>4KJ@%@%

 service-type web terminal

 level 15


role system-admin

role device-admin

role device-admin(monitor)

role audit-admin

bind manager-user audit-admin role audit-admin

bind manager-user admin role system-admin

#

l2tp-group default-lns

#

interface GigabitEthernet0/0/0

undo shutdown

ip address 172.16.2.1 255.255.255.0

alias GE0/METH

#

interface GigabitEthernet1/0/0

undo shutdown

ip address 172.16.1.2 255.255.255.0

#

interface GigabitEthernet1/0/1

undo shutdown

#

interface GigabitEthernet1/0/2

undo shutdown

#

interface GigabitEthernet1/0/3

undo shutdown

#

interface GigabitEthernet1/0/4

undo shutdown

#

interface GigabitEthernet1/0/5

undo shutdown

#

interface GigabitEthernet1/0/6

undo shutdown

#

interface Virtual-if0

#

interface NULL0

#

firewall zone local

set priority 100

#

firewall zone trust

set priority 85

add interface GigabitEthernet0/0/0

#

firewall zone untrust

set priority 5

add interface GigabitEthernet1/0/0

#

firewall zone dmz

set priority 50

#

ip route-static 0.0.0.0 0.0.0.0 172.16.1.1

ip route-static 172.16.3.0 255.255.255.0 172.16.2.2

ip route-static 172.16.4.0 255.255.255.0 172.16.2.2

#

undo ssh server compatible-ssh1x enable

ssh authentication-type default password

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256 sha1

ssh client cipher aes256_ctr aes128_ctr

ssh client hmac sha2_256 sha1

#

firewall detect ftp

#

user-interface con 0

authentication-mode aaa

idle-timeout 0 0

user-interface vty 0 4

authentication-mode aaa

protocol inbound ssh

user-interface vty 16 20

#

pki realm default

#

sa

#

location

#

multi-linkif

mode proportion-of-weight

#

right-manager server-group

#

device-classification

device-group pc

device-group mobile-terminal

device-group undefined-group

#

user-manage server-sync tsm

#

security-policy

rule name intoout

 source-zone trust

 destination-zone untrust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

rule name outtoin

 source-zone untrust

 destination-zone trust

 service ftp

 service http

 service https

 service icmp

 service ssh

 service telnet

 action permit

#

auth-policy

#

traffic-policy

#

policy-based-route

#

nat-policy

#

quota-policy

#

pcp-policy

#

dns-transparent-policy

#

rightm-policy

#

return

[firewall]

交换机:

[sw1]display current-configuration  

#

sysname sw1

#

vlan batch 10 20 30

#

cluster enable

ntdp enable

ndp enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif10

ip address 172.16.3.1 255.255.255.0

#

interface Vlanif20

ip address 172.16.4.1 255.255.255.0

#

interface Vlanif30

ip address 172.16.2.2 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

port link-type access

port default vlan 10

#

interface GigabitEthernet0/0/2

port link-type access

port default vlan 20

#

interface GigabitEthernet0/0/3

port link-type access

port default vlan 30

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

#

interface GigabitEthernet0/0/11

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 172.16.2.1

#

user-interface con 0

user-interface vty 0 4

#

return

[sw1]

标签:admin,GigabitEthernet0,防火墙,default,交换机,user,172.16,interface,路由器
From: https://blog.51cto.com/u_13560030/12081054

相关文章

  • 路由器的工作原理及基本设置详解
    路由器是现代网络架构中的关键设备,负责在不同网络之间转发数据包。理解路由器的工作原理及其基本设置,对于构建和维护高效、安全的网络环境至关重要。本文将详细讲解路由器的基本原理和常见设置步骤。一、路由器的工作原理1.数据包转发路由器的核心功能是转发数据包。当数据......
  • 思科交换机命令大全,网络工程师必收藏!
    基本的命令行界面(CLI)导航思科交换机的CLI界面分为以下几种模式,每种模式提供不同的命令集:用户模式(UserEXECMode):此模式提供有限的查看命令,不能进行配置操作。用户模式的提示符通常以>结尾。例如:Switch>特权模式(PrivilegedEXECMode):此模式提供更多的监控和配置命......
  • 1、防火墙安全策略
    防火墙:具备交换机、路由器二三层转发功能、本质是控制流量、检测流量、阻断流量防火墙的历史:1、第一代防火墙(1989-1994):包过滤,只能基于报文五元组(SIP、DIP、SPORT、DPORT、协议)检测流量无法对应用层载荷做深度检查1.1、需要针对流量部署包过滤策略,来、回都要部署,实际上一组......
  • 《华为三台交换机堆叠的详细命令行配置示例》
    华为三台交换机堆叠的详细命令行配置示例目录目录华为三台交换机堆叠的详细命令行配置示例 在Switch1(作为主交换机)上的配置: 1. 进入系统视图2. 开启堆叠功能并设置堆叠域编号(假设为10)3. 设置堆叠优先级(假设为200,数值越大越优先成为主交换机)4. 配置堆叠端口 ......
  • 华为ENSP、华为eNSP配置防火墙命令的放行实验
    华为ENSP、华为eNSP配置防火墙命令行放行@[TOC](华为ENSP、华为eNSP配置防火墙命令行放行)一、防火墙命令行放行原理1.三种区域:2.学会本次实验需要掌握的知识和即将学到的知识二、实验1.实验要求2.实验拓扑3.实验命令总结一、防火墙命令行放行原理1.三种区域:DM......
  • Python 实现自动配置华为交换机
    Python实现自动配置华为交换机在网络运维中,配置交换机是非常重要的一步。如果我们可以使用Python来实现配置交换机,那么我们的工作效率将会大大提高。在本文中,我们将学习如何使用Python配置华为交换机。背景知识华为交换机是一种常用的网络设备,用于连接和转发数据包。为了配置......
  • vulnhub(9):sickos1.2(深挖靶机的各个细节、文件管道反弹shell详解、base64编码反弹shell
    端口nmap主机发现nmap-sn192.168.148.0/24​Nmapscanreportfor192.168.148.131Hostisup(0.00020slatency).​131是新出现的机器,他就是靶机nmap端口扫描nmap-Pn192.168.148.131-p---min-rate10000-oAnmap/scan扫描开放端口保存到nmap/scan下​......
  • 【内网渗透】ICMP隧道技术,ICMP封装穿透防火墙上线MSF/CS
    前言博客主页:h0ack1r丶羽~从0到1~渗透测试中,如果攻击者使用各类上层隧道(例如:HTTP隧道、DNS隧道、常规正/反向端口转发等)进行的操作都失败了,常常会通过ping命令访问远程计算机,尝试建立ICMP隧道,将TCP/UDP数据封装到ICMP的ping数据包中,本文主要讲解了【靶机能上TCP和不能上TCP的......
  • 华为交换机查看端口相关信息常用命令,排查故障
    一、查看接口状态1、显示接口的运行状态和相关信息displayinterfaceEthernetbrief查看以太网端口的简要信息,物理端口是否连通,端口是否是全双工,带宽是多少,端口的流入流出的流量百分比。可以排查端口的基本信息,比如有的端口用户网速慢,可以查看该端口的接口速率,是否是全双工状态,是......
  • 《华为交换机堆叠配置》
        目录 1. 扩展端口数量:2. 提高可靠性:3. 简化管理:4. 实现负载均衡: 5.华为交换机堆叠通常有两种方式:  6.下面举例介绍一下华为交换机堆叠的详细配置步骤。华为交换机堆叠是一种将多台华为交换机组合在一起,形成一个逻辑上统一的交换机设备的技术。通......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99