三层交换机和防火墙对接上网
如图所示,三层交换机和防火墙对接,使用户PC1和PC2可以实现上网功能。交换机是三层交换机,可以完成跨网段数据转发。要求:
交换机作为网关,实现三层转发。同时作为DHCP服务器,为用户分配IP地址。
防火墙通过NAT转换,实现内网访问外网。
一、交换机的配置 1、配置连接用户的接口和VLANif的接口。 Huaweisystem-view [Huawei]vlan batch 2 3 100 [Huawei]interface g0/0/2 [Huawei-GigabitEthernet0/0/2]port link-type access [Huawei-GigabitEthernet0/0/2]port default vlan 2 [Huawei-GigabitEthernet0/0/2]quit [Huawei]interface g0/0/3 [Huawei-GigabitEthernet0/0/3]port link-type access [Huawei-GigabitEthernet0/0/3]port default vlan 3 [Huawei-GigabitEthernet0/0/3]quit [Huawei]interface vlanif 2 [Huawei-Vlanif2]ip address 192.168.2.1 24 [Huawei-Vlanif2]quit [Huawei]interface vlanif 3 [Huawei-Vlanif3]ip address 192.168.3.1 24 [Huawei-Vlanif3]quit
2、配置防火墙对应的接口和VLanif接口。 3、配置静态路由 [Huawei]interface g0/0/1 [Huawei-GigabitEthernet0/0/1]port link-type trunk [Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 100 [Huawei-GigabitEthernet0/0/1]quit [Huawei]interface vlanif 100 [Huawei-Vlanif100]ip address 192.168.100.2 24 [Huawei-Vlanif100]quit [Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
4、配置DHCP服务器。 [Huawei]dhcp enable [Huawei]interface vlanif 2 [Huawei-Vlanif2]dhcp select interface [Huawei-Vlanif2]dhcp server dns-list 114.114.114.114 [Huawei-Vlanif2]quit [Huawei]interface vlanif 3 [Huawei-Vlanif3]dhcp select interface [Huawei-Vlanif3]dhcp server dns-list 114.114.114.114 [Huawei-Vlanif3]quit
二、防火墙的配置 1、配置连接交换机的端口和对应的IP地址 Huaweisystem-view [SRG]interface g0/0/1 [SRG-GigabitEthernet0/0/1]ip address 192.168.100.1 24 [SRG-GigabitEthernet0/0/1]quit
2、配置公网的连接口和IP地址。 3、配置缺省路由和回程路由。 SRGsys [SRG]interface g0/0/2 18:13:57 2017/06/15 [SRG-GigabitEthernet0/0/2]ip address 200.0.0.2 24 [SRG-GigabitEthernet0/0/2]quit [SRG]ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 [SRG]ip route-static 192.168.2.0 255.255.255.0 192.168.100.2 [SRG]ip route-static 192.168.3.0 255.255.255.0 192.168.100.2
3、配置NAT功能 [SRG]nat address-group 1 200.0.0.2 200.0.0.2 [SRG]nat-policy interzone trust untrust outbound [SRG-nat-policy-interzone-trust-untrust-outbound]policy 1 [SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 192.168.0.0 0.0.255.255 [SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat [SRG-nat-policy-interzone-trust-untrust-outbound-1]address-group 1 [SRG-nat-policy-interzone-trust-untrust-outbound-1]quit [SRG-nat-policy-interzone-trust-untrust-outbound]quit [SRG]
4、配置域并配置域间策略 [SRG]firewall zone trust [SRG-zone-trust]add interface g0/0/1 [SRG-zone-trust]quit [SRG]firewall zone untrust [SRG-zone-untrust]add interface g0/0/2 [SRG-zone-untrust]quit [SRG]firewall packet-filter default permit all
绛旓細闂1锛氳矾鐢卞櫒鍦ㄥ墠锛浜ゆ崲鏈鍦ㄥ悗鎴栬呭彧杩炴帴璺敱鍣ㄣ傝矾鐢卞櫒鏄竴涓缃戠粶鐨勫叡浜嚭鍙o紝鍙互鍗曠嫭浣跨敤銆傛牴鎹綘鐨勮娉曪紝鍙互鐭ラ亾浣犳槸瀹剁敤锛屽亣璁句綘鐗佃繘瀹朵腑鐨勭綉缁滈熺巼鏄100M锛屾湁浜斿彴鐢佃剳闇瑕涓婄綉锛岃繛鎺ヨ矾鐢卞櫒鍚庯紝浜斿彴鐢佃剳鍚屾椂浣跨敤锛屾瘡鍙扮數鑴戠殑涓婄綉閫熺巼浠嶇劧鏄100M銆備氦鎹㈡満鏄叡鍚屾潵鎵挎媴缃戠粶閫熺巼鐨勶紝鏄钩绛夌殑锛屼笉鍙互...
绛旓細(2) 鏍″洯缃戜腑鍚勭粓绔棿鍏锋湁蹇熶氦鎹㈠姛鑳姐(3) 涓績绯荤粺浜ゆ崲鏈閲囩敤铏氭嫙缃戞妧鏈缃戠粶鐢ㄦ埛鍏锋湁鍒嗙被鎺у埗鍔熻兘銆(4) 瀵圭綉缁滆祫婧愮殑璁块棶鎻愪緵瀹屽杽鐨勬潈闄愭帶鍒躲(5) 缃戠粶鍏锋湁闃叉鍙婁究浜庢崟鏉鐥呮瘨鍔熻兘,淇濊瘉缃戠粶浣跨敤瀹夊叏銆(6) 鏍″洯缃戜笌Internet缃戠浉杩炲悗鍏锋湁鈥闃茬伀澧鈥濊繃婊ゅ姛鑳,浠ラ槻姝㈢綉缁滈粦瀹㈠叆渚电綉缁滅郴缁熴(7) 鍙互瀵规帴鍏nternet...
绛旓細涓夊眰浜ゆ崲鏈锛熷鍒嗘敮鐞嗚涓婂奖鍝嶄笉澶э紝闂鏄繖閲岄潰濡傛灉鏈変汉涓嬭浇鍜岀湅鐢靛奖锛岃湕鐗涢兘姣斿畠蹇紒涔颁釜鏈夐檺閫熷姛鑳藉ソ鐐圭殑璺敱鍣瀵规帴璺敱鍣ㄥ拰鏈楂樼骇浜ゆ崲鏈烘潵浣滈檺閫燂紝淇濊瘉姣忎汉涓嶄綆浜1M锛屾渶楂2M銆 鐢辫矾鐢卞櫒鍑烘潵--闄愰熻矾鐢--浜ゆ崲鏈烘ā寮忥紒[闄愰熻矾鐢辫冭檻鑹炬嘲HiPER2000 VPN璺敱鍣ㄣ俔闄愭祦鏄矾鐢卞櫒鍐冲畾鐨勶紝浣嗘槸鏅氬緢澶...
绛旓細鏄殑锛鏍稿績浜ゆ崲鏈閫氬父闇瑕侀厤鍚闃茬伀澧璁剧疆锛屼互鎻愪緵澶氱淮涓浣撳寲瀹夊叏闃叉姢銆傞槻鐏鍙互浠庣敤鎴枫佸簲鐢ㄣ佹椂闂淬佷簲鍏冪粍绛夊涓淮搴︼紝瀵规祦閲忓睍寮IPS銆丄V銆丏LP绛変竴浣撳寲瀹夊叏璁块棶鎺у埗锛岃兘澶熸湁鏁堝湴淇濊瘉缃戠粶鐨勫畨鍏ㄣ傛牳蹇冧氦鎹㈡満鏀寔澶氱VPN涓氬姟锛屽L2TP VPN銆丟RE VPN 銆両PSec VPN鍜孲SL VPN绛夛紝鍙互涓庢櫤鑳界粓绔瀵规帴瀹炵幇绉诲姩鍔炲叕...
绛旓細缃戣矾浜掕仈瑁呯疆:浜ゆ崲鏈,璺敱鍣,闃茬伀澧銆 鐗圭偣:浜ゆ崲鏈(Switch)鎰忎负鈥滃紑鍏斥濇槸涓绉嶇敤浜庣數(鍏)璁彿杞彂鐨勭綉璺缃傚畠鍙互涓烘帴鍏ヤ氦鎹㈡満鐨勪换鎰忎袱涓綉璺妭鐐规彁渚涚嫭浜殑鐢佃鍙烽氳矾銆傛渶甯歌鐨勪氦鎹㈡満鏄箼澶綉浜ゆ崲鏈恒傚叾浠栧父瑙佺殑杩樻湁鐢佃瘽璇煶浜ゆ崲鏈恒佸厜绾や氦鎹㈡満绛夈 璺敱鍣(Router)鍙堢О闂搁亾鍣ㄨ缃(Gateway)鏄敤浜庤繛绾垮涓昏緫...
绛旓細浣犺繖閭f湁浠涔坅锛宐锛熻繖灏辨槸鏈绠鍗曠殑灏忓瀷缃戠粶锛岄槻鐏鎶婇毀閬撳仛閫氬氨琛屼簡锛屽垝涓涓媀LAN锛屾渶澶氬崐涓皬鏃剁殑浜嬫儏锛堝寘鎷袱绔闃茬伀澧欏鎺鐨勬椂闂达級鍏朵粬鐨浜ゆ崲鏈鍒蜂笅閰嶇疆锛1鍒嗛挓瑙e喅鐨勪簨鎯呫
绛旓細AC鎺у埗鍣ㄦ槸涓涓紑鏀剧郴缁燂紝鍩轰簬寮婧愬钩鍙拌璁★紝鍖楀悜鏀寔涓庝笟鐣屼富娴丱penstack浜戝钩鍙板鎺ワ紝鍗楀悜鏀寔鍜寁switch銆佺墿鐞浜ゆ崲鏈浠ュ強闃茬伀澧欏鎺锛屾帶鍒跺櫒鑳藉灏嗗寳鍚戠殑缃戠粶涓氬姟鎺ュ彛杞崲涓哄崡鍚戠殑鍏蜂綋璁惧閰嶇疆鍛戒护锛屽疄鐜扮綉缁滆嚜鍔ㄥ寲銆傚湪娌℃湁浜戝钩鍙版儏涓嬶紝AC鎺у埗鍣ㄨ繕鑳藉鎻愪緵鍗曠嫭鐨勪笟鍔″彂鏀剧晫闈紝鏀寔涓庤绠楄祫婧愮鐞嗙郴缁熸瘮濡...
绛旓細鍏蜂綋鏂规硶濡備笅锛1銆佷竴鑸彲缃戠浜ゆ崲鏈閮芥湁涓涓怌ONSOLE銆戝彛锛屾湁涓浜涙槸涓插彛锛岀幇鍦ㄥぇ閮ㄥ垎閮芥槸RJ45鐨缃戠粶鎺ュ彛锛屼互鍚庤呬负渚嬶紝棣栧厛瑕佸涓鏉′覆鍙i厤缃嚎锛 RJ45--涓插彛锛堟瘝澶达級锛屼竴鑸拱鐨勪氦鎹㈡満閮戒細閰嶄竴鏉¤繖绉嶇嚎 2銆侀厤缃嚎鐨凴J45鏄帴浜ゆ崲鏈虹殑console鍙g殑锛屼覆鍙g褰撶劧鏄帴鐢佃剳浜嗭紝浣犵數鑴戝鏃х殑璇濓紝閭e氨鍙互...
绛旓細鍦ㄩ忔槑妯″紡涓嬶紝闃茬伀澧浠ユ棤IP鍦板潃鐨勬柟寮忚繍琛岋紝鏃犻渶鐢ㄦ埛杩涜澶嶆潅鐨缃戠粶閰嶇疆鎴栦慨鏀硅矾鐢憋紝鍙互鐩存帴铻嶅叆鍒扮幇鏈夌殑缃戠粶缁撴瀯涓紝灏卞儚浜ゆ崲鏈涓鏍锋棤缂瀵规帴锛屾棤闇涓哄叾鍒嗛厤鐙珛鐨処P鍦板潃銆傝繖绉嶆ā寮忕畝鍖栦簡閮ㄧ讲娴佺▼锛岄檷浣庝簡瀹炴柦闅惧害锛屼娇寰楅槻鐏鐨勫畨瑁呭拰浣跨敤鏇村姞鐩磋鍜岄珮鏁堛傞噰鐢ㄩ忔槑妯″紡鐨勯槻鐏锛岀敤鎴锋棤闇鎷呭績鍏跺缃戠粶鐜鐨...
绛旓細涓嶅涔颁釜璺敱锛屽叡浜涓婄綉灏卞ソ浜嗗晩
