手機(jī)站首頁散文詩歌雜文隨筆日記小小說

散文網(wǎng) » 生活 »日常 » HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室

2023-04-06 18:09 作者:WOLFLAB網(wǎng)絡(luò)技術(shù)實驗室 0人讀過 | 我要投稿

關(guān)注【W(wǎng)OLFLAB網(wǎng)絡(luò)技術(shù)實驗室】華為認(rèn)證HCIE Datacom培訓(xùn)階段提供1v1技術(shù)輔導(dǎo)，考試資訊聯(lián)系WOLFLAB！

虛擬防火墻：就是防火墻的vpn-instance

實驗：

需求一：

①兩個部門都可以經(jīng)過FW訪問internet

②部門之間不能互相訪問

[SW1]dis current-configuration?

#

sysname SW1

#

vlan batch 10 20 200 to 204

#

ip vpn-instance caiwu

?ipv4-family

route-distinguisher 1:1

#

ip vpn-instance renshi

?ipv4-family

? route-distinguisher 1:2

#

interface Vlanif10

?ip binding vpn-instance caiwu

?ip address 192.168.10.254 255.255.255.0

#

interface Vlanif20

?ip binding vpn-instance renshi

?ip address 192.168.20.254 255.255.255.0

#

interface Vlanif200

?ip address 1.1.20.1 255.255.255.0

#

interface Vlanif201

?ip address 1.1.21.1 255.255.255.0

#

interface Vlanif202

?ip address 1.1.22.1 255.255.255.0

#

interface Vlanif203

?ip binding vpn-instance caiwu

?ip address 1.1.23.1 255.255.255.0

#

interface Vlanif204

?ip binding vpn-instance renshi

?ip address 1.1.24.1 255.255.255.0

#

interface Eth-Trunk1

?port link-type trunk

?port trunk allow-pass vlan 201 to 204

?mode lacp-static

#

interface GigabitEthernet0/0/1

?port link-type access

?port default vlan 10

#

interface GigabitEthernet0/0/2

?port link-type access

?port default vlan 20

#

interface GigabitEthernet0/0/3

?eth-trunk 1

#

interface GigabitEthernet0/0/4

?eth-trunk 1

#

interface GigabitEthernet0/0/5

?port link-type access

?port default vlan 200

#

ip route-static 0.0.0.0 0.0.0.0 1.1.20.2

ip route-static 192.168.10.0 255.255.255.0 1.1.21.2

ip route-static 192.168.20.0 255.255.255.0 1.1.22.2

ip route-static vpn-instance caiwu 0.0.0.0 0.0.0.0 1.1.23.2

ip route-static vpn-instance renshi 0.0.0.0 0.0.0.0 1.1.24.2

[USG6000V1]?

#

sysname USG6000V1

#

vlan batch 201 to 204

#

?vsys enable? ? ? ? ? ? ? ? ? ? ? ? ? ? ? //開啟虛擬防火墻的功能

#

vsys name caiwu 1? ? ? ? ? ? ? ? ? ? ? ?//創(chuàng)建虛擬防火墻財務(wù)

?assign vlan 201? ? ? ? ? ? ? ? ? ? ? ? ?//將接口vlan201劃入到該虛墻?

?assign vlan 203

#

vsys name renshi 2

?assign vlan 202

?assign vlan 204

#

interface Vlanif201

?ip binding vpn-instance caiwu

?ip address 1.1.21.2 255.255.255.0

#

interface Vlanif202

?ip binding vpn-instance renshi

?ip address 1.1.22.2 255.255.255.0

#

interface Vlanif203

?ip binding vpn-instance caiwu

?ip address 1.1.23.2 255.255.255.0

#

interface Vlanif204

?ip binding vpn-instance renshi

?ip address 1.1.24.2 255.255.255.0

#

interface Eth-Trunk1

?portswitch

?port link-type trunk

?port trunk allow-pass vlan 201 to 204

?mode lacp-static

#

interface GigabitEthernet1/0/0

?undo shutdown

?eth-trunk 1

#

interface GigabitEthernet1/0/1

?undo shutdown

?eth-trunk 1

#

interface Virtual-if0? ? ?//虛擬接口是自動生成的，public是0，按照創(chuàng)建虛墻的順序依次是1、2

#

interface Virtual-if1

#

interface Virtual-if2

#

switch vsys caiwu? ? ? ?//進(jìn)入到虛墻caiwu下

#

interface Vlanif201

?ip binding vpn-instance caiwu

?ip address 1.1.21.2 255.255.255.0

#

interface Vlanif203

?ip binding vpn-instance caiwu

?ip address 1.1.23.2 255.255.255.0

#

interface Virtual-if1

#

firewall zone trust? ? ? ? ? ? ? ? ? //將接口劃入到虛墻的安全區(qū)域

?set priority 85

?add interface Vlanif203

#

firewall zone untrust

?set priority 5

?add interface Vlanif201

#

security-policy? ? ? ? ? ? ? ? ? ? ? ?//創(chuàng)建安全策略

?rule name caiwu_to_internet

? source-zone trust

? destination-zone untrust

? source-address 192.168.10.0 mask 255.255.255.0

? action permit

#

ip route-static 0.0.0.0 0.0.0.0 1.1.21.1

ip route-static 192.168.10.0 255.255.255.0 1.1.23.1

#

return

#

switch vsys renshi?

#

interface Vlanif202

?ip binding vpn-instance renshi

?ip address 1.1.22.2 255.255.255.0

#

interface Vlanif204

?ip binding vpn-instance renshi

?ip address 1.1.24.2 255.255.255.0

#

interface Virtual-if2

#

firewall zone trust

?set priority 85

?add interface Vlanif204

#

firewall zone untrust

?set priority 5

?add interface Vlanif202

#

security-policy

?rule name renshi_to_internet

? source-zone trust

? destination-zone untrust

? source-address 192.168.20.0 mask 255.255.255.0

? action permit

#

ip route-static 0.0.0.0 0.0.0.0 1.1.22.1

ip route-static 192.168.20.0 255.255.255.0 1.1.24.1

#

return??

HCIE Datacom培訓(xùn)實戰(zhàn)練習(xí)需求二：

①兩個部門都可以經(jīng)過訪問internet

②部門之間可以互相訪問但是要經(jīng)過FW

[SW1]ip route-static vpn-instance caiwu 192.168.20.0 24 1.1.23.2

[SW1]ip route-static vpn-instance renshi 192.168.10.0 24 1.1.24.2

[USG6000V1-caiwu-zone-trust]dis this?

2022-12-07 09:08:59.260?

#

firewall zone trust

?set priority 85

?add interface Virtual-if1

[USG6000V1-renshi-zone-trust]dis this?

2022-12-07 09:09:24.790?

#

firewall zone trust

?set priority 85

?add interface Virtual-if2

?add interface Vlanif204

[USG6000V1]ip route-static vpn-instance caiwu 192.168.20.0 24 vpn-instance renshi

[USG6000V1]ip route-static vpn-instance renshi 192.168.10.0 24 vpn-instance caiwu

HCIE Datacom咨詢聯(lián)系WOLFLAB網(wǎng)絡(luò)技術(shù)實驗室

歡迎關(guān)注WOLFLAB（沃爾夫）網(wǎng)絡(luò)實驗室，華為認(rèn)證HCIE認(rèn)證講師：崔志鵬

標(biāo)簽：華為認(rèn)證 HCIE

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室的評論 (共條)

愛情散文傷感散文哲理散文優(yōu)美生活隨筆親情唯美句子傷感的句子現(xiàn)代詩歌空間日志經(jīng)典語句愛情句子作文大全

最美情侣中文字幕电影,在线麻豆精品传媒,在线网站高清黄,久久黄色视频

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室的評論 (共條)

你可能也喜歡這些文章

最新發(fā)布的文章

最美情侣中文字幕电影,在线麻豆精品传媒,在线网站高清黄,久久黄色视频

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室

本文作者的其他文章

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室的評論 (共 條)

你可能也喜歡這些文章

最新發(fā)布的文章

HCIE Datacom培訓(xùn)快速學(xué)習(xí)考試?yán)碚摷夹g(shù)-虛擬防火墻-WOLFLAB實驗室的評論 (共條)