《华为安全认证HCIE》学习笔记 | 接口初始化(二层部分)

Posted COCOgsta

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了《华为安全认证HCIE》学习笔记 | 接口初始化(二层部分)相关的知识,希望对你有一定的参考价值。

网络拓扑

示意图

实际拓扑

各设备关键配置

FW1

vlan 30
 description Yeslab
interface Vlanif20
 alias Vlanif20
 ip address 20.1.1.10 255.255.255.0
interface Vlanif30
 alias Vlanif30
 ip address 30.1.1.10 255.255.255.0
interface GigabitEthernet0/0/0
 alias GE0/MGMT
 portswitch
 port link-type access
 port access vlan 20
interface GigabitEthernet0/0/1
 portswitch
 port link-type trunk
 port trunk permit vlan 1 30
interface GigabitEthernet0/0/0
 alias GE0/MGMT
 portswitch
 port link-type access
 port access vlan 20
interface GigabitEthernet0/0/1
 portswitch
 port link-type trunk
 port trunk permit vlan 1 30
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/0
 add interface Vlanif20
 add interface Vlanif30

R1

interface Ethernet0/0/0
 ip address 20.1.1.1 255.255.255.0

LSW2

vlan batch 30
interface Vlanif30
 ip address 30.1.1.1 255.255.255.0
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 30

测试验证

确认FW1可以ping通R1的接口地址

[SRG-zone-trust]ping 20.1.1.1
15:51:26  2021/06/24
  PING 20.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=255 time=70 ms
    Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=255 time=90 ms
    Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=255 time=60 ms
    Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=255 time=110 ms
  --- 20.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 50/76/110 ms
[SRG-zone-trust]

确认FW1可以ping通LSW2的接口地址

[SRG-zone-trust]ping 30.1.1.1
15:51:39  2021/06/24
  PING 30.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=255 time=110 ms
    Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=255 time=90 ms
    Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=255 time=80 ms
    Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=255 time=220 ms
    Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=255 time=60 ms
  --- 30.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 60/112/220 ms
[SRG-zone-trust]

以上是关于《华为安全认证HCIE》学习笔记 | 接口初始化(二层部分)的主要内容,如果未能解决你的问题,请参考以下文章

《华为HCIE安全认证》学习笔记 | 防火墙初始化配置

《华为HCIE安全认证》学习笔记 | 双机热备(上)

《华为安全认证HCIE》学习笔记 | 域间转发策略设置

《华为安全认证HCIE》学习笔记 | 配置Local安全策略

《华为安全认证HCIE》学习笔记 | 配置域内安全策略

《华为HCIE安全认证》学习笔记 | 源NAT技术