Print

【MVS】华为防火墙路由模式典型组网配置案例-ISIS

韦家宁
2024-09-13 发表

组网及说明

组网说明:

本案例采用ENSP模拟器的防火墙来部署路由模式的典型配置,安全域在网络拓扑图中已经有了明确的标识,全网通过ISIS路由协议实现PC之间的互通。

 

配置思路:

1、按照网络拓扑图配置IP地址和ISIS

2、配置防火墙的安全域和安全策略。

配置步骤

R1

<Huawei>u t m

Info: Current terminal monitor is off.

<Huawei>u t d

Info: Current terminal debugging is off.

<Huawei>system

Enter system view, return user view with Ctrl+Z.

[Huawei]sysname R1

[R1]int gi 0/0/2

[R1-GigabitEthernet0/0/2]ip address 192.168.10.1 24

[R1-GigabitEthernet0/0/2]quit

[R1]int gi 0/0/1

[R1-GigabitEthernet0/0/1]ip address 10.0.0.1 30

[R1-GigabitEthernet0/0/1]quit

 

[R1]isis 1

[R1-isis-1]network 10.0000.0000.0001.00

[R1-isis-1]is-level level-2

Info: IS Level Changed, Resetting ISIS...

[R1-isis-1]quit

 

[R1]int gi 0/0/2

[R1-GigabitEthernet0/0/2]isis enable 1

[R1-GigabitEthernet0/0/2]quit

[R1]int gi 0/0/1

[R1-GigabitEthernet0/0/1]isis enable 1

[R1-GigabitEthernet0/0/1]quit

 

FW1

<USG6000V1>u t m

Info: Current terminal monitor is off.

<USG6000V1>u t d

Info: Current terminal debugging is off.

<USG6000V1>system

Enter system view, return user view with Ctrl+Z.

[USG6000V1]sysname FW1

[FW1]int gi 1/0/1

[FW1-GigabitEthernet1/0/1]ip address 10.0.0.2 30

[FW1-GigabitEthernet1/0/1]quit

[FW1]int gi 1/0/2

[FW1-GigabitEthernet1/0/2]ip address 192.168.20.1 24

[FW1-GigabitEthernet1/0/2]quit

 

[FW1]isis 1

[FW1-isis-1]network 10.0000.0000.0002.00

[FW1-isis-1]quit

[FW1]int gi 1/0/2

[FW1-GigabitEthernet1/0/2]isis enable 1

[FW1-GigabitEthernet1/0/2]quit

[FW1]int gi 1/0/1

[FW1-GigabitEthernet1/0/1]isis enable 1

[FW1-GigabitEthernet1/0/1]quit

 

[FW1]firewall zone trust

[FW1-zone-trust]add int gi 1/0/2

[FW1-zone-trust]quit

[FW1]firewall zone untrust

[FW1-zone-untrust]add int gi 1/0/1

[FW1-zone-untrust]quit

[FW1]security-policy

[FW1-policy-security]default action permit

Warning:Setting the default packet filtering to permit poses security risks. You

 are advised to configure the security policy based on the actual data flows. Ar

e you sure you want to continue?[Y/N]y

[FW1-policy-security]quit

 

使用dis isis peer命令分别查看FW1R1isis邻居关系建立的情况,已完成建立!

使用dis ip routing-table命令查看FW1R1的路由表,均能学习到对端传递过来的路由。

PC分别填写IP地址,且能相互PING通。

 

至此,华为防火墙路由模式典型组网配置案例(ISIS)已完成!