1.防火墙SVI对接
1)SW1配置
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan all
2)FW1配置
vlan batch 10 20 30
interface Vlanif10
ip address 192.168.10.254 255.255.255.0
service-manage all permit
interface Vlanif20
ip address 192.168.20.254 255.255.255.0
service-manage all permit
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
service-manage all permit
firewall zone trust
add interface Vlanif10
add interface Vlanif20
add interface Vlanif30
interface GigabitEthernet1/0/0
Portswitch
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet1/0/1
portswitch
port link-type access
port default vlan 30
2.防火墙子接口对接
1)SW1配置
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan all
2)FW1配置
vlan batch 30
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
service-manage all permit
interface GigabitEthernet1/0/1
portswitch
port link-type access
port default vlan 30
interface GigabitEthernet1/0/0.1
vlan-type dot1q 10
ip address 192.168.10.254 255.255.255.0
service-manage all permit
interface GigabitEthernet1/0/0.2
vlan-type dot1q 20
ip address 192.168.20.254 255.255.255.0
service-manage all permit
firewall zone trust
add interface GigabitEthernet1/0/0.1
add interface GigabitEthernet1/0/0.2
add interface Vlanif30
3.防火墙Access透明模式
1)FW1配置(防火墙使用USG6000V-enspv1.2版本,原有配置不变,使PC3与PC4互通)
interface GigabitEthernet1/0/2
portswitch
port link-type access
port default vlan 30
firewall zone trust
add interface GigabitEthernet1/0/1
add interface GigabitEthernet1/0/2
4.防火墙Trunk透明模式(防火墙使用USG6000V-enspv1.2版本)
1)SW2配置
vlan 30
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan all
2)SW3配置
vlan 30
interface GigabitEthernet0/0/1
port link-type access
port default vlan 30
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan all
3)FW1配置(原有配置同上)
interface GigabitEthernet1/0/3
portswitch
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet1/0/4
portswitch
port link-type trunk
port trunk allow-pass vlan all
firewall zone trust
add interface GigabitEthernet1/0/3
add interface GigabitEthernet1/0/4
5.防火墙Access+Trunk透明模式(防火墙使用USG6000V-enspv1.2版本)
1)FW1配置
vlan batch 30
interface Vlanif30
ip address 192.168.30.254 255.255.255.0
service-manage all permit
interface GigabitEthernet1/0/1
portswitch
port link-type access
port default vlan 30
interface GigabitEthernet1/0/2
portswitch
port link-type access
port default vlan 30
interface GigabitEthernet1/0/3
portswitch
port link-type trunk
port trunk allow-pass vlan all
interface GigabitEthernet1/0/4
portswitch
port link-type trunk
port trunk allow-pass vlan all
firewall zone trust
add interface GigabitEthernet1/0/1
add interface GigabitEthernet1/0/2
add interface GigabitEthernet1/0/3
add interface GigabitEthernet1/0/4
add interface Vlanif30
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容