《华为安全认证HCIE》学习笔记 | 接口初始化
Posted COCOgsta
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了《华为安全认证HCIE》学习笔记 | 接口初始化相关的知识,希望对你有一定的参考价值。
学习视频来源:华为安全认证HCIE
个人在学习的同时,也验证了视频中的实验部分,现将授课笔记和实验笔记整理下来。
网络拓扑
示意图
实际拓扑
各设备关键配置
Outside
interface Ethernet0/0/0
ip address 202.100.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 202.100.1.10Inside
interface Ethernet0/0/0
ip address 10.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.1.1.10DMZ
interface Ethernet0/0/0
ip address 192.168.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.1.10SW
vlan batch 2 to 4
vlan 2
description Outside
vlan 3
description Inside
vlan 4
description DMZ
interface GigabitEthernet0/0/1
port link-type access
port default vlan 3
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 4
interface GigabitEthernet0/0/3
port link-type access
port default vlan 2
interface GigabitEthernet0/0/4
port link-type access
port default vlan 3
interface GigabitEthernet0/0/5
port link-type access
port default vlan 4OKLABFW
interface GigabitEthernet0/0/0
alias GE0/MGMT
ip address 10.1.1.10 255.255.255.0
interface GigabitEthernet0/0/1.2
vlan-type dot1q 2
alias GigabitEthernet0/0/1.2
ip address 202.100.1.10 255.255.255.0
interface GigabitEthernet0/0/1.4
vlan-type dot1q 4
alias GigabitEthernet0/0/1.4
ip address 192.168.1.10 255.255.255.0
firewall zone trust
add interface GigabitEthernet0/0/0
add interface GigabitEthernet0/0/1.2
add interface GigabitEthernet0/0/1.4测试验证
在Inside上ping OKALABFW地址,确认可以ping通
<Inside>ping 10.1.1.10
PING 10.1.1.10: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.10: bytes=56 Sequence=1 ttl=255 time=70 ms
Reply from 10.1.1.10: bytes=56 Sequence=2 ttl=255 time=310 ms
Reply from 10.1.1.10: bytes=56 Sequence=3 ttl=255 time=100 ms
Reply from 10.1.1.10: bytes=56 Sequence=4 ttl=255 time=130 ms
Reply from 10.1.1.10: bytes=56 Sequence=5 ttl=255 time=60 ms
--- 10.1.1.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 60/134/310 ms
<Inside>在OKALBFW上ping Outside和DMZ地址,确认可以ping通
[OKLAB-FW-zone-trust]ping 202.100.1.1
11:05:10 2021/06/24
PING 202.100.1.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 202.100.1.1: bytes=56 Sequence=2 ttl=255 time=370 ms
Reply from 202.100.1.1: bytes=56 Sequence=3 ttl=255 time=60 ms
Reply from 202.100.1.1: bytes=56 Sequence=4 ttl=255 time=60 ms
Reply from 202.100.1.1: bytes=56 Sequence=5 ttl=255 time=110 ms
--- 202.100.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 60/150/370 ms
[OKLAB-FW-zone-trust]ping 192.168.1.1
11:05:25 2021/06/24
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=330 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=290 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=290 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=80 ms
--- 192.168.1.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 80/247/330 ms以上是关于《华为安全认证HCIE》学习笔记 | 接口初始化的主要内容,如果未能解决你的问题,请参考以下文章