收藏
下载资源下载资源 加入VIP,免费下载

网络实践之交换机7506与防火墙配置.docx

上传人:b****0 文档编号:12767260 上传时间:2023-04-22 格式:DOCX 页数:19 大小:17.21KB
下载 相关 举报
网络实践之交换机7506与防火墙配置.docx_第1页
第1页 / 共19页
网络实践之交换机7506与防火墙配置.docx_第2页
第2页 / 共19页
网络实践之交换机7506与防火墙配置.docx_第3页
第3页 / 共19页
网络实践之交换机7506与防火墙配置.docx_第4页
第4页 / 共19页
网络实践之交换机7506与防火墙配置.docx_第5页
第5页 / 共19页
点击查看更多>>
下载资源
资源描述

网络实践之交换机7506与防火墙配置.docx

《网络实践之交换机7506与防火墙配置.docx》由会员分享,可在线阅读,更多相关《网络实践之交换机7506与防火墙配置.docx(19页珍藏版)》请在冰豆网上搜索。

网络实践之交换机7506与防火墙配置.docx

网络实践之交换机7506与防火墙配置

中心机房核心交换机与防火墙的配置

核心交换机

在中心机房安装的核心交换机选用了H3C公司的S7503全模块化多业务核心交换机。

该核心交换机配置为:

双冗余电源引擎,3个业务插槽,1个主控插槽;该核心交换机背板带宽:

1000Gbps,包转发速率:

274Mpps,FLASH内存:

64MB,DRAM内存:

512MB,网络标准:

IEEE802.1d,IEEE802.1x,IEEE802.3,IEEE802.3u,IEEE802.3x,IEEE802.3z,IEEE802.1Q,IEEE802.1p,传输速率:

10/100/1000/10000Mbps,1个Console接口,1个10/100BASE-TX管理接口,48个千兆以太网电口。

其对应的指示灯含义如下:

指示灯灭:

表示链路没有连通;指示灯常亮:

表示链路已经连通。

指示灯闪烁:

表示有数据收发。

 

防火墙

在中心机房安装的防火墙选用了H3C公司的SecPathF1000-S企业级高端防火墙。

该防火墙配置为:

双冗余电源引擎,1个CON配置口,1个备份口(AUX),2个10/100/1000M以太网口(支持光口或者电口),2个10/100/1000M以太网口(支持电口),2个MIM插槽,CPU主频:

600MHz,FLASH内存:

16MB,DDR RAM:

512MB。

其对应的指示灯含义如下:

指示灯灭:

表示链路没有连通;指示灯常亮:

表示链路已经连通。

指示灯闪烁:

表示有数据收发。

 

核心交换机配置如下:

Loginauthentication

Username:

admin

Password:

<7503>discurr

#

version5.20,Release6605P06

#

sysname7503

#

domaindefaultenablesystem

#

telnetserverenable

#

mirroring-group1local

#

switch-modestandard

#

time-rangeweb12:

00to13:

00daily

#

aclnumber3000

rule0denyipsource172.16.6.1000destination172.16.3.1030time-rangeweb

rule1denyipsource172.16.6.1000destination172.16.3.1040time-rangeweb

rule2denyipsource172.16.6.1000destination172.16.3.1050time-rangeweb

aclnumber3001

rule0denyip

#

vlan1

descriptionDefault

#

vlan2

descriptionF1000-S

#

vlan3

descriptionSERVER

#

vlan4

descriptionSERVER_MANAGER

#

vlan5

descriptionDAPING

#

vlan6

descriptionWEB

#

vlan10

descriptionVPN_Line

#

domainsystem

access-limitdisable

stateactive

idle-cutdisable

self-service-urldisable

#

trafficclassifierweb2operatorand

if-matchacl3001

trafficclassifierweboperatorand

if-matchacl3000

#

trafficbehaviorweb2

filterdeny

trafficbehaviorweb

filterpermit

#

qospolicyweb

classifierwebbehaviorweb

classifierweb2behaviorweb2

#

user-groupsystem

#

local-useradmin

passwordsimpleCenter!

@#

authorization-attributelevel3

service-typetelnetterminal

local-usercenter

passwordcipher$.T)1&WJ`>-%`DJL.:

OE)Q!

!

authorization-attributelevel3

service-typetelnetterminal

#

interfaceNULL0

#

interfaceLoopBack10

ipaddress172.16.10.1255.255.255.255

#

interfaceVlan-interface1

descriptionVLAN1

ipaddress172.16.1.254255.255.255.0

#

interfaceVlan-interface2

descriptionconnecttoFirewall

ipaddress172.16.2.254255.255.255.0

#

interfaceVlan-interface3

descriptionSERVER

ipaddress172.16.3.254255.255.255.0

#

interfaceVlan-interface4

descriptionSERVER_MANAGER

ipaddress172.16.4.254255.255.255.0

#

interfaceVlan-interface5

descriptionDAPING

ipaddress192.168.1.254255.255.255.0

#

interfaceVlan-interface6

descriptionWEB

ipaddress172.16.6.254255.255.255.0

#

interfaceVlan-interface10

descriptionconnecttoLocal-VPN-Special-Line

ipaddress172.16.99.1255.255.255.0

#

interfaceGigabitEthernet0/0/1

#

interfaceGigabitEthernet0/0/2

#

interfaceGigabitEthernet0/0/3

#

interfaceGigabitEthernet0/0/4

#

interfaceGigabitEthernet0/0/5

shutdown

#

interfaceGigabitEthernet0/0/6

shutdown

#

interfaceGigabitEthernet0/0/7

shutdown

#

interfaceGigabitEthernet0/0/8

shutdown

#

interfaceGigabitEthernet0/0/9

#

interfaceGigabitEthernet0/0/10

#

interfaceGigabitEthernet0/0/11

#

interfaceGigabitEthernet0/0/12

#

interfaceGigabitEthernet0/0/13

#

interfaceGigabitEthernet0/0/14

#

interfaceGigabitEthernet0/0/15

#

interfaceGigabitEthernet0/0/16

#

interfaceGigabitEthernet0/0/17

#

interfaceGigabitEthernet0/0/18

#

interfaceGigabitEthernet0/0/19

portaccessvlan10

#

interfaceGigabitEthernet0/0/20

portaccessvlan10

#

interfaceGigabitEthernet0/0/21

portaccessvlan10

#

interfaceGigabitEthernet0/0/22

portaccessvlan10

#

interfaceGigabitEthernet0/0/23

portaccessvlan10

#

interfaceGigabitEthernet0/0/24

portaccessvlan10

#

interfaceGigabitEthernet0/0/25

portaccessvlan10

#

interfaceGigabitEthernet0/0/26

portaccessvlan10

#

interfaceGigabitEthernet0/0/27

#

interfaceGigabitEthernet0/0/28

mirroring-group1mirroring-portboth

#

interfaceGigabitEthernet1/0/1

portaccessvlan3

#

interfaceGigabitEthernet1/0/2

portaccessvlan3

#

interfaceGigabitEthernet1/0/3

portaccessvlan3

#

interfaceGigabitEthernet1/0/4

portaccessvlan3

#

interfaceGigabitEthernet1/0/5

portaccessvlan3

#

interfaceGigabitEthernet1/0/6

descriptionConnecttoCenterMonitorPC

portaccessvlan3

#

interfaceGigabitEthernet1/0/7

portaccessvlan3

#

interfaceGigabitEthernet1/0/8

descriptionConnecttoCenterFlagManagePC

portaccessvlan3

#

interfaceGigabitEthernet1/0/9

descriptionconnecttoStorageSystemControllerAPort1

portaccessvlan3

#

interfaceGigabitEthernet1/0/10

portaccessvlan3

#

interfaceGigabitEthernet1/0/11

portaccessvlan4

#

interfaceGigabitEthernet1/0/12

portaccessvlan4

#

interfaceGigabitEthernet1/0/13

portaccessvlan4

#

interfaceGigabitEthernet1/0/14

portaccessvlan4

#

interfaceGigabitEthernet1/0/15

descriptionconnecttoStorageSystemControllerBPort1

portaccessvlan4

#

interfaceGigabitEthernet1/0/16

portaccessvlan4

#

interfaceGigabitEthernet1/0/17

descriptionConnecttoWEB_Manage_Interface

portaccessvlan6

qosapplypolicyweboutbound

#

interfaceGigabitEthernet1/0/18

descriptionConnecttoWEB

portaccessvlan6

qosapplypolicyweboutbound

#

interfaceGigabitEthernet1/0/19

portaccessvlan3

#

interfaceGigabitEthernet1/0/20

portaccessvlan3

#

interfaceGigabitEthernet1/0/21

descriptionConnecttoDAPINGManagePC

portaccessvlan5

#

interfaceGigabitEthernet1/0/22

descriptionConnecttoDAPINGControlHost

portaccessvlan5

#

interfaceGigabitEthernet1/0/23

descriptionConnecttoF1000-S

portaccessvlan2

#

interfaceGigabitEthernet1/0/24

portaccessvlan2

#

interfaceM-Ethernet0/0/0

#

iproute-static0.0.0.00.0.0.0172.16.2.1

iproute-static172.16.21.0255.255.255.0172.16.99.2

iproute-static172.16.22.0255.255.255.0172.16.99.3

iproute-static172.16.23.0255.255.255.0172.16.99.4

iproute-static172.16.24.0255.255.255.0172.16.99.5

iproute-static172.16.25.0255.255.255.0172.16.99.6

iproute-static192.168.0.0255.255.255.0172.16.2.1

#

loadxml-configuration

#

user-interfaceaux0

authentication-modescheme

idle-timeout50

user-interfacevty04

authentication-modescheme

userprivilegelevel3

idle-timeout50

#

return

<7503>

防火墙配置如下:

Loginauthentication

Username:

admin

Password:

discurr

#

sysnameF1000-S

#

l2tpenable

#

ikelocal-namevpn

#

firewallpacket-filterenable

firewallpacket-filterdefaultpermit

#

firewallstatisticsystemenable

#

DNSserver219.150.32.132

#

radiusschemesystem

server-typeextended

#

domainsystem

ippool1172.16.254.1172.16.254.253

#

local-useradmin

passwordcipher$.T)1&WJ`>-%`DJL.:

OE)Q!

!

service-typetelnetterminal

level3

local-userbtvpn

passwordsimple666666

service-typeppp

local-usercenter

passwordcipher$.T)1&WJ`>-%`DJL.:

OE)Q!

!

service-typetelnetterminal

level3

#

ikeproposal1

encryption-algorithm3des-cbc

authentication-algorithmmd5

#

ikepeer1

exchange-modeaggressive

pre-shared-key333333

id-typename

remote-namevpnclient

nattraversal

#

ipsecproposalp1

espauthentication-algorithmsha1

espencryption-algorithm3des

#

ipsecpolicy-templatel2tp1

ike-peer1

proposalp1

#

ipsecpolicyl2tppolicy1isakmptemplatel2tp

#

aclnumber2000

rule0permitsource172.16.3.1060

rule1permitsource172.16.4.2060

rule2permitsource172.16.6.1000

rule3permitsource172.16.6.2000

rule6permitsource172.16.3.1200

rule7permitsource172.16.3.1500

rule8permitsource172.16.3.1300

rule9permitsource172.16.3.1400

rule10permitsource172.16.3.1100

rule11permitsource172.16.24.1300

rule12permitsource172.16.22.1300

rule13permitsource172.16.23.1300

rule14permitsource172.16.21.1300

rule15permitsource172.16.25.1300

#

aclnumber3012

descriptionL2TPVPNaccesscontrol

rule1permiticmp

rule2permittcpdestination172.16.3.00.0.0.255

rule3permitudpdestination172.16.3.1060destination-porteqdns

rule4permittcpdestination172.16.6.1000destination-porteqwww

rule80permitudpdestination192.168.2.2000destination-porteq1701

rule81permitudpdestination192.168.2.2000destination-porteq500

rule82permitudpsource-porteq500

rule83permitudpdestination192.168.2.2000destination-porteq4500

rule84permitudpsource-porteq4500

rule85permit50destination192.168.2.2000

rule86permit51destination192.168.2.2000

rule100denyip

#

interfaceVirtual-Template0

pppauthentication-modepap

pppipcpdns172.16.3.106172.16.4.206

ipaddress172.16.254.254255.255.255.0

remoteaddresspool1

#

interfaceAux0

asyncmodeflow

#

interfaceGigabitEthernet0/0

descriptionconnecttoSwitch_7503E

ipaddress172.16.2.1255.255.255.0

#

interfaceGigabitEthernet0/1

descriptionconnecttoInternet

ipaddress13.65.2.100255.255.255.0

natoutbound2000

#

interfaceGigabitEthernet1/0

#

interfaceGigabitEthernet1/1

descriptionConnecttoHuanBaoJu

ipaddress192.168.2.200255.255.255.0

#

interfaceEncrypt2/0

#

interfaceNULL0

#

interfaceLoopBack10

ipaddress172.16.10.1255.255.255.0

#

firewallzonelocal

setpriority100

#

firewallzonetrust

addinterfaceGigabitEthernet0/0

addinterfaceGigabitEthernet0/1

addinterfaceGigabitEthernet1/1

addinterfaceVirtual-Template0

setpriority85

#

firewallzoneuntrust

setpriority5

#

firewallzoneDMZ

setpriority50

#

firewallinterzonelocaltrust

#

firewallinterzonelocaluntrust

#

fir

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > PPT模板 > 动态背景

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1