4.2 防火墙二层部署与三层部署-二层对接

1.防火墙SVI对接

图片[1]-4.2 防火墙二层部署与三层部署-二层对接-大赛人网
1)SW1配置
vlan batch 10 20

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20

interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan all

2)FW1配置
vlan batch 10 20 30

interface Vlanif10
 ip address 192.168.10.254 255.255.255.0
service-manage all permit

interface Vlanif20
 ip address 192.168.20.254 255.255.255.0
service-manage all permit

interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
service-manage all permit

firewall zone trust
 add interface Vlanif10
 add interface Vlanif20
 add interface Vlanif30

interface GigabitEthernet1/0/0
 Portswitch
port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet1/0/1
 portswitch
 port link-type access
 port default vlan 30

2.防火墙子接口对接

1)SW1配置
vlan batch 10 20

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 10

interface GigabitEthernet0/0/2
 port link-type access
 port default vlan 20

interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan all

2)FW1配置
vlan batch 30

interface Vlanif30
 ip address 192.168.30.254 255.255.255.0
service-manage all permit

interface GigabitEthernet1/0/1
 portswitch
 port link-type access
 port default vlan 30

interface GigabitEthernet1/0/0.1
 vlan-type dot1q 10
 ip address 192.168.10.254 255.255.255.0
service-manage all permit

interface GigabitEthernet1/0/0.2
 vlan-type dot1q 20
 ip address 192.168.20.254 255.255.255.0
service-manage all permit

firewall zone trust
 add interface GigabitEthernet1/0/0.1
 add interface GigabitEthernet1/0/0.2
 add interface Vlanif30

3.防火墙Access透明模式

图片[2]-4.2 防火墙二层部署与三层部署-二层对接-大赛人网
1)FW1配置(防火墙使用USG6000V-enspv1.2版本,原有配置不变,使PC3与PC4互通)
interface GigabitEthernet1/0/2
 portswitch
 port link-type access
 port default vlan 30

firewall zone trust
 add interface GigabitEthernet1/0/1
 add interface GigabitEthernet1/0/2

4.防火墙Trunk透明模式(防火墙使用USG6000V-enspv1.2版本)

图片[3]-4.2 防火墙二层部署与三层部署-二层对接-大赛人网
1)SW2配置
vlan 30

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 30

interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan all

2)SW3配置
vlan 30

interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 30

interface GigabitEthernet0/0/24
 port link-type trunk
 port trunk allow-pass vlan all

3)FW1配置(原有配置同上)
interface GigabitEthernet1/0/3
 portswitch
 port link-type trunk
 port trunk allow-pass vlan all

interface GigabitEthernet1/0/4
 portswitch
 port link-type trunk
 port trunk allow-pass vlan all

firewall zone trust
 add interface GigabitEthernet1/0/3
 add interface GigabitEthernet1/0/4

5.防火墙Access+Trunk透明模式(防火墙使用USG6000V-enspv1.2版本)

1)FW1配置
vlan batch 30

interface Vlanif30                        
 ip address 192.168.30.254 255.255.255.0  
 service-manage  all  permit       
 
interface GigabitEthernet1/0/1            
 portswitch              
 port link-type access                    
 port default vlan 30                     

interface GigabitEthernet1/0/2            
 portswitch                              
 port link-type access                    
 port default vlan 30                     
                                        
interface GigabitEthernet1/0/3            
 portswitch                               
 port link-type trunk                     
 port trunk allow-pass vlan all     
                                         
interface GigabitEthernet1/0/4            
 portswitch                               
 port link-type trunk                     
 port trunk allow-pass vlan all

firewall zone trust                       
 add interface GigabitEthernet1/0/1       
 add interface GigabitEthernet1/0/2       
 add interface GigabitEthernet1/0/3       
 add interface GigabitEthernet1/0/4       
 add interface Vlanif30  
© 版权声明
THE END
喜欢就支持一下吧
点赞8 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容