[H3C]interzone policy default by-priority 这是区域间安全策略的问题,默认按优先级大小来比较访问权限
内网
[H3C]int g0/510 单臂路由
[H3C-GigabitEthernet0/510]ip address 1721610254 24 单臂路由器设置子接口,这个子接口作为vlan 10 的默认网关
[H3C-GigabitEthernet0/510]vlan-type dot1q vid 10
[H3C-GigabitEthernet0/510]qu
[H3C]int g0/520
[H3C-GigabitEthernet0/520]ip address 1721620254 24
[H3C-GigabitEthernet0/520]vlan-type dot1q vid 20 单臂路由器设置子接口,这个子接口作为vlan 20 的默认网关
[H3C-GigabitEthernet0/520]qu
[H3C]int g0/530
[H3C-GigabitEthernet0/530]ip address 1721630254 24
[H3C-GigabitEthernet0/530]vlan-type dot1q vid 30 单臂路由器设置子接口,这个子接口作为vlan 30 的默认网关
[H3C-GigabitEthernet0/530]qu
[H3C]dhcp enable 开启dhcp服务
[H3C]dhcp server ip-pool pool10 分配10地址池
[H3C-dhcp-pool-pool1]network 17216100 mask 2552552550
[H3C-dhcp-pool-pool1]gateway-list 1721610254 网关列表
[H3C-dhcp-pool-pool1]dns-list 10112 20210117235 DNS列表
[H3C-dhcp-pool-pool1]qu
[H3C]dhcp server ip-pool pool20 分配20地址池
[H3C-dhcp-pool-pool2]network 17216200 mask 2552552550
[H3C-dhcp-pool-pool2]gateway-list 1721620254
[H3C-dhcp-pool-pool2]dns-list 10112 20210117235
[H3C-dhcp-pool-pool2]qu
[H3C]dhcp server ip-pool pool30 分配30地址池
[H3C-dhcp-pool-pool3]network 17216300 mask 2552552550
[H3C-dhcp-pool-pool3]gateway-list 1721630254
[H3C-dhcp-pool-pool3]dns-list 10112 20210117235
[H3C-dhcp-pool-pool3]qu
[H3C]zone name Trust id 2
[H3C-zone-Trust]import interface g0/5 导入接口G0 / 5
[H3C-zone-Trust]import interface g0/510
[H3C-zone-Trust]import interface g0/520
[H3C-zone-Trust]import interface g0/530
[H3C-zone-Trust]qu
DMZ区域
[H3C]int g0/3
[H3C-GigabitEthernet0/3]ip add 1011254 24
[H3C-GigabitEthernet0/3]qu
[H3C]zone name DMZ id 3 区域名称DMZ ID 设为3
[H3C-zone-DMZ]import interface g0/3
[H3C-zone-DMZ]qu
连接外网
[H3C]acl number 2000 指定ACL的序号为2000,属于基本IPv4 ACL
[H3C-acl-basic-2000]rule 0 permit 允许ip包通过
[H3C]nat address-group 1 1065110 1065120 level 1
[H3C]int g0/4
[H3C-GigabitEthernet0/4]nat outbound 2000 将ACL 2000匹配的流量转换成该接口的IP地址作为源地址
[H3C-GigabitEthernet0/4]ip add dhcp-alloc
[H3C-GigabitEthernet0/4]qu
[H3C]zone name Untrust id 4 区域名称不信任ID 4
[H3C-zone-Untrust]import interface g0/4
[H3C-zone-Untrust]qu
[H3C]ip route-static 0000 0 GigabitEthernet 0/4 1065254
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode password
[H3C-ui-vty0-4]set authentication password simple huawei
[H3C-ui-vty0-4]user privilege level 3
[H3C-ui-vty0-4]qu
[H3C]sa
不用做服务器
必打
[H3C]interzone policy default by-priority 这是区域间安全策略的问题,默认按优先级大小来比较访问权限
内网
[H3C]int g0/510 单臂路由
[H3C-GigabitEthernet0/510]ip address 1721610254 24 单臂路由器设置子接口,这个子接口作为vlan 10 的默认网关
[H3C-GigabitEthernet0/510]vlan-type dot1q vid 10
[H3C-GigabitEthernet0/510]qu
[H3C]int g0/520
[H3C-GigabitEthernet0/520]ip address 1721620254 24
[H3C-GigabitEthernet0/520]vlan-type dot1q vid 20 单臂路由器设置子接口,这个子接口作为vlan 20 的默认网关
[H3C-GigabitEthernet0/520]qu
[H3C]int g0/530
[H3C-GigabitEthernet0/530]ip address 1721630254 24
[H3C-GigabitEthernet0/530]vlan-type dot1q vid 30 单臂路由器设置子接口,这个子接口作为vlan 30 的默认网关
[H3C-GigabitEthernet0/530]qu
[H3C]dhcp enable 开启dhcp服务
[H3C]dhcp server ip-pool pool10 分配10地址池
[H3C-dhcp-pool-pool1]network 17216100 mask 2552552550
[H3C-dhcp-pool-pool1]gateway-list 1721610254 网关列表
[H3C-dhcp-pool-pool1]dns-list 20210117235 DNS列表
[H3C-dhcp-pool-pool1]qu
[H3C]dhcp server ip-pool pool20 分配20地址池
[H3C-dhcp-pool-pool2]network 17216200 mask 2552552550
[H3C-dhcp-pool-pool2]gateway-list 1721620254
[H3C-dhcp-pool-pool2]dns-list 20210117235
[H3C-dhcp-pool-pool2]qu
[H3C]dhcp server ip-pool pool30 分配30地址池
[H3C-dhcp-pool-pool3]network 17216300 mask 2552552550
[H3C-dhcp-pool-pool3]gateway-list 1721630254
[H3C-dhcp-pool-pool3]dns-list 20210117235
[H3C-dhcp-pool-pool3]qu
[H3C]zone name Trust id 2
[H3C-zone-Trust]import interface g0/5 导入接口G0 / 5
[H3C-zone-Trust]import interface g0/510
[H3C-zone-Trust]import interface g0/520
[H3C-zone-Trust]import interface g0/530
[H3C-zone-Trust]qu
DMZ区域
[H3C]int g0/3
[H3C-GigabitEthernet0/3]ip add 1011254 24
[H3C-GigabitEthernet0/3]qu
[H3C]zone name DMZ id 3 区域名称DMZ ID 设为3
[H3C-zone-DMZ]import interface g0/3
[H3C-zone-DMZ]qu
连接外网
[H3C]acl number 2000 指定ACL的序号为2000,属于基本IPv4 ACL
[H3C-acl-basic-2000]rule 0 permit 允许ip包通过
[H3C]nat address-group 1 1065110 1065120 level 1
[H3C]int g0/4
[H3C-GigabitEthernet0/4]nat outbound 2000 将ACL 2000匹配的流量转换成该接口的IP地址作为源地址
[H3C-GigabitEthernet0/4]ip add dhcp-alloc
[H3C-GigabitEthernet0/4]qu
[H3C]zone name Untrust id 4 区域名称不信任ID 4
[H3C-zone-Untrust]import interface g0/4
[H3C-zone-Untrust]qu
[H3C]ip route-static 0000 0 GigabitEthernet 0/4 1065254
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode password
[H3C-ui-vty0-4]set authentication password simple huawei
[H3C-ui-vty0-4]user privilege level 3
[H3C-ui-vty0-4]qu
[H3C]sa
交换机
<H3C>sys
[H3C]vlan 10
[H3C-vlan10]qu
[H3C]vlan 20
[H3C-vlan20]qu
[H3C]vlan 30
[H3C-vlan30]qu
[H3C]int range e1/0/1 to e1/0/5
[H3C-if-range]port access vlan 10 划分至vlan10
[H3C-if-range]qu
[H3C]int range e1/0/6 to e1/0/10
[H3C-if-range]port access vlan 20 划分至vlan20
[H3C-if-range]qu
[H3C]int range e1/0/11 to e1/0/15
[H3C-if-range]port access vlan 30 划分至vlan30
[H3C-if-range]qu
[H3C]int g1/0/18
[H3C-GigabitEthernet1/0/18]port link-type trunk
[H3C-GigabitEthernet1/0/18]port trunk permit vlan all 将trunk所有开启
[H3C-GigabitEthernet1/0/18]qu
[H3C]user-interface vty 0 4
[H3C-ui-vty0-4]authentication-mode password
[H3C-ui-vty0-4]set authentication password simple huawei
[H3C-ui-vty0-4]user privilege level 3
[H3C-ui-vty0-4]qu
[H3C]sa
1交换机 18口(交叉线内网) 2-1(用来ping 7号机)接到1口 2-2插到电脑上
2防火墙 5口(交叉线内网) 蓝色(2-A)4口(外网) 2-2(用来虚拟机 12号机)接到3口
reset sav /y
reboot n/y
光驱挂载connect搭钩
外面:10111
ping不上去再改DNS为10112
里面:10112
2552552550
1011254
DNS:10112
桥接网络
用来ping的要开dhcp
先做DNS:管理工具-管理你的服务器-添加或删除服务器-下一步-自定义配置-下一步-选中DNS服务器-下一步-下一步-安装-下一步-下一步-下一步-aaacom-下一步-next-地址
20210117235 -完成-关掉 开始-管理工具-DNS-双击JF-正向查找区域-删除aaacom-右键新建区域-下一步-下一步-aaacom-下一步-下一步-next-完成-右键aaacom-新建主机-名称>HP ProLiant 180G6
可以满足你的需要
两颗英特尔® 至强® 处理器 E5520(226 GHz,8MB 三级缓存,80W,DDR3-1066,HT,Turbo 1/1/2/2);Intel 5520芯片组;8GB(4x2GB)PC3-10600E(UDIMM),12个内存插槽,最多支持96GB;HP Smart Array P410 /256MB 控制器(RAID 0/1/1+0/5/5+0),8块热插拔 1TB SATA 硬盘,可升级到14块LFF热插拔硬盘或25块 SFF热插拔硬盘;3 个可用 PCI-Express 插槽(1个x16 半长/半高;2 x8 全高/全长);集成NC362i 双端口千兆网络适配器;2个460W 通用热插拔电源,可选1+1 冗余;4个非热插拔风扇;机架式(2U),免工具固定导轨;1 根6“IEC-IEC(PDU)电源线
这个的价格大概是4W4K多,主要是硬盘贵了(可以自己买WD或希捷的企业级硬盘+HP的热插拔托架,可以降低不少成本。但硬盘保修HP就不管了)
硬墙现在有很多,不知道你们的公司的接入带宽和详细的需求,只能推荐几款常见主流的型号给你参考
Juniper netscreen SSG140 1W8K左右
Cisco ASA 5510 1W6K左右
H3C F100-A 2W2K左右
ZyWALL USG 300 1W5K左右win7搭建web服务器步骤: 1、首先打开开始菜单中的控制面板选择,在控制面板中选择并打开“程序”,找到并双击“打开或关闭Windows功能”,在d出的窗口中选择“Internet信息服务”下面所有选项,点击确定,然后就会开始更新服务,等待一会; 2、等待
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)