华为HCIE安全实验 | 接口初始化

于 2021-06-24 11:19:57 发布
阅读量631 收藏 2
点赞数
分类专栏: 视频学习笔记 文章标签: 爬虫 python pycharm
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/guolianggsta/article/details/118181946
版权

学习视频来源:华为安全认证HCIE

 

个人在学习的同时,也验证了视频中的实验部分,现将授课笔记和实验笔记整理下来。

网络拓扑

示意图

实际拓扑

各设备关键配置

Outside

interface Ethernet0/0/0
 ip address 202.100.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 202.100.1.10

Inside

interface Ethernet0/0/0
 ip address 10.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.1.1.10

DMZ

interface Ethernet0/0/0
 ip address 192.168.1.1 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 192.168.1.10

SW

vlan batch 2 to 4
vlan 2
 description Outside
vlan 3
 description Inside
vlan 4
 description DMZ
interface GigabitEthernet0/0/1
 port link-type access
 port default vlan 3
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 2 4
interface GigabitEthernet0/0/3
 port link-type access
 port default vlan 2
interface GigabitEthernet0/0/4
 port link-type access
 port default vlan 3
interface GigabitEthernet0/0/5
 port link-type access
 port default vlan 4

OKLABFW

interface GigabitEthernet0/0/0
 alias GE0/MGMT
 ip address 10.1.1.10 255.255.255.0
interface GigabitEthernet0/0/1.2
 vlan-type dot1q 2
 alias GigabitEthernet0/0/1.2
 ip address 202.100.1.10 255.255.255.0
interface GigabitEthernet0/0/1.4
 vlan-type dot1q 4
 alias GigabitEthernet0/0/1.4
 ip address 192.168.1.10 255.255.255.0
firewall zone trust
 add interface GigabitEthernet0/0/0
 add interface GigabitEthernet0/0/1.2
 add interface GigabitEthernet0/0/1.4

测试验证

在Inside上ping OKALABFW地址,确认可以ping通

<Inside>ping 10.1.1.10
  PING 10.1.1.10: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.10: bytes=56 Sequence=1 ttl=255 time=70 ms
    Reply from 10.1.1.10: bytes=56 Sequence=2 ttl=255 time=310 ms
    Reply from 10.1.1.10: bytes=56 Sequence=3 ttl=255 time=100 ms
    Reply from 10.1.1.10: bytes=56 Sequence=4 ttl=255 time=130 ms
    Reply from 10.1.1.10: bytes=56 Sequence=5 ttl=255 time=60 ms

  --- 10.1.1.10 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 60/134/310 ms

<Inside>

在OKALBFW上ping Outside和DMZ地址,确认可以ping通

[OKLAB-FW-zone-trust]ping 202.100.1.1
11:05:10  2021/06/24
  PING 202.100.1.1: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 202.100.1.1: bytes=56 Sequence=2 ttl=255 time=370 ms
    Reply from 202.100.1.1: bytes=56 Sequence=3 ttl=255 time=60 ms
    Reply from 202.100.1.1: bytes=56 Sequence=4 ttl=255 time=60 ms
    Reply from 202.100.1.1: bytes=56 Sequence=5 ttl=255 time=110 ms
  --- 202.100.1.1 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 60/150/370 ms
[OKLAB-FW-zone-trust]ping 192.168.1.1
11:05:25  2021/06/24
  PING 192.168.1.1: 56  data bytes, press CTRL_C to break
    Request time out
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=330 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=290 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=290 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=80 ms
  --- 192.168.1.1 ping statistics ---
    5 packet(s) transmitted
    4 packet(s) received
    20.00% packet loss
    round-trip min/avg/max = 80/247/330 ms

热爱编程的通信人
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值