组网及说明
组网说明:
本案例采用H3C HCL模拟器的F1060防火墙来模拟防火墙路由模式的典型部署。为了实现PC之间能够相互通信,因此需要分别在R1、R2、FW1采用三层互联,同时FW1采用路由模式,最终实现PC之间能够相互PING通。
配置步骤
1、按照网络拓扑图正确配置IP地址
2、R1、FW1、R2之间采用三层互联
3、R1、FW1、R2之间采用静态路由协议实现互通。
配置关键点
R1:
sys
System View: return to User View with Ctrl+Z.
[H3C]sysname R1
[R1]int gi 0/0
[R1-GigabitEthernet0/0]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0]quit
[R1]int gi 0/1
[R1-GigabitEthernet0/1]des
[R1-GigabitEthernet0/1]ip address 10.0.0.1 30
[R1-GigabitEthernet0/1]quit
[R1]int loopback 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]ip route-static 0.0.0.0 0.0.0.0 10.0.0.2
R2:
sys
System View: return to User View with Ctrl+Z.
[H3C]sysname R2
[R2]int gi 0/0
[R2-GigabitEthernet0/0]ip address 172.16.1.1 24
[R2-GigabitEthernet0/0]quit
[R2]int gi 0/1
[R2-GigabitEthernet0/1]des
[R2-GigabitEthernet0/1]ip address 10.0.0.5 30
[R2-GigabitEthernet0/1]quit
[R2]int loopback 0
[R2-LoopBack0]ip address 3.3.3.3 32
[R2-LoopBack0]quit
[R2]ip route-static 0.0.0.0 0.0.0.0 10.0.0.6
FW1:
sys
System View: return to User View with Ctrl+Z.
[H3C]sysname FW1
[FW1]acl basic 2002
[FW1-acl-ipv4-basic-2002]rule 0 permit source any
[FW1-acl-ipv4-basic-2002]quit
[FW1]
[FW1]zone-pair security source trust destination untrust
[FW1-zone-pair-security-Trust-Untrust]packet-filter 2002
[FW1-zone-pair-security-Trust-Untrust]quit
[FW1]
[FW1]zone-pair security source untrust destination trust
[FW1-zone-pair-security-Untrust-Trust]packet-filter 2002
[FW1-zone-pair-security-Untrust-Trust]quit
[FW1]
[FW1]zone-pair security source trust destination local
[FW1-zone-pair-security-Trust-Local]packet-filter 2002
[FW1-zone-pair-security-Trust-Local]quit
[FW1]
[FW1]zone-pair security source local destination trust
[FW1-zone-pair-security-Local-Trust]packet-filter 2002
[FW1-zone-pair-security-Local-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination local
[FW1-zone-pair-security-Untrust-Local]packet-filter 2002
[FW1-zone-pair-security-Untrust-Local]quit
[FW1]
[FW1]zone-pair security source local destination untrust
[FW1-zone-pair-security-Local-Untrust]packet-filter 2002
[FW1-zone-pair-security-Local-Untrust]quit
[FW1]
[FW1]zone-pair security source trust destination trust
[FW1-zone-pair-security-Trust-Trust]packet-filter 2002
[FW1-zone-pair-security-Trust-Trust]quit
[FW1]
[FW1]zone-pair security source untrust destination untrust
[FW1-zone-pair-security-Untrust-Untrust]packet-filter 2002
[FW1-zone-pair-security-Untrust-Untrust]quit
[FW1]int loopback 0
[FW1-LoopBack0]ip address 2.2.2.2 32
[FW1-LoopBack0]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]des
[FW1-GigabitEthernet1/0/2]ip address 10.0.0.2 30
[FW1-GigabitEthernet1/0/2]quit
[FW1]int gi 1/0/3
[FW1-GigabitEthernet1/0/3]des
[FW1-GigabitEthernet1/0/3]ip address 10.0.0.6 30
[FW1-GigabitEthernet1/0/3]quit
[FW1]security-zone name Trust
[FW1-security-zone-Trust]import interface GigabitEthernet 1/0/2
[FW1-security-zone-Trust]import interface loopback 0
[FW1-security-zone-Trust]quit
[FW1]security-zone name Untrust
[FW1-security-zone-Untrust]import interface GigabitEthernet 1/0/3
[FW1-security-zone-Untrust]quit
[FW1]ip route-static 192.168.1.0 255.255.255.0 10.0.0.1
[FW1]ip route-static 172.16.1.0 255.255.255.0 10.0.0.5
测试:
PC都填写IP地址:
PC之间可以相互PING通:
分别查看R1、R2、FW1的路由表:
至此,F1060路由模式典型组网配置案例(静态路由)已完成!
技
术
是
用
来
学
的
,
不
是
用
来
收
藏
的
!
瑞哥建了一个微信群,不在群的朋友,可以加瑞哥微信(备注单位+姓名)
进群前先转发本图文至朋友圈,添加后截图给瑞哥,立即拉群!
一个有态度的优质教程集聚地
帮助过上万位网友解决教程需求问题
教程仅用于学习交流,禁止用于商业交易©
猜您喜欢往期精选▼
实战 | F1060路由模式典型组网配置案例(RIP)
努力学习,勤奋工作,让青春更加光彩
再长的路,一步步也能走完,再短的路,不迈开双脚也无法到达
京公网安备 11010802041100号