Quidway S3528+Cisco PIX525配置.docx
- 文档编号:1620395
- 上传时间:2023-05-01
- 格式:DOCX
- 页数:32
- 大小:37.59KB
Quidway S3528+Cisco PIX525配置.docx
《Quidway S3528+Cisco PIX525配置.docx》由会员分享,可在线阅读,更多相关《Quidway S3528+Cisco PIX525配置.docx(32页珍藏版)》请在冰点文库上搜索。
QuidwayS3528+CiscoPIX525配置
情况描述:
S3528P作为核心交换机,划分VLAN隔离广播
PIX525作为防火墙及NAT转换
在这个网里有一个WWW服务器是公网IP
要求:
LAN的用户隔离广播风暴,可以上INTERNET并且可以用域名访问WWW服务器
当然WWW服务器也可以让公网用户访问到,WWW服务器是用主机头+IP+端口号访问的
拓扑:
配置:
1.S3528
discu
#
sysnameHUAWEI_S3528P
#
radiusschemesystem
server-typehuawei
primaryauthentication127.0.0.11645
primaryaccounting127.0.0.11646
user-name-formatwithout-domain
domainsystem
radius-schemesystem
access-limitdisable
stateactive
idle-cutdisable
self-service-urldisable
messengertimedisable
domaindefaultenablesystem
#
local-servernas-ip127.0.0.1keyhuawei
#
temperature-limit02080
#
dhcpserverip-poolchedui
network192.168.70.0mask255.255.255.0
gateway-list192.168.70.1
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-poolfulian
network192.168.30.0mask255.255.255.0
gateway-list192.168.30.1
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-poolgov
network192.168.50.0mask255.255.255.0
gateway-list192.168.50.254
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-pooljiwei
network192.168.20.0mask255.255.255.0
gateway-list192.168.20.1
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-poolshiwei
network192.168.10.0mask255.255.255.0
gateway-list192.168.10.1
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-poolxinfang
network192.168.40.0mask255.255.255.0
gateway-list192.168.40.1
dns-list202.99.224.8202.99.224.68
#
dhcpserverip-poolxxzx
network192.168.60.0mask255.255.255.0
gateway-list192.168.60.1
dns-list202.99.224.8202.99.224.68
#
aclnumber2000
rule0permitsource192.168.0.00.0.255.255
#
aclnumber3000match-orderauto
rule0denyudpsource-porteqtftpdestination-porteqtftp
rule1denytcpsource-porteq135destination-porteq135
rule2denyudpsource-porteq135destination-porteq135
rule3denyudpsource-porteqnetbios-nsdestination-porteqnetbios-ns
rule4denyudpsource-porteqnetbios-dgmdestination-porteqnetbios-dgm
rule5denyudpsource-porteqnetbios-ssndestination-porteqnetbios-ssn
rule6denytcpsource-porteq139destination-porteq139
rule7denytcpsource-porteq445destination-porteq445
rule8denytcpsource-porteq593destination-porteq593
rule9denytcpsource-porteq4444destination-porteq5444
rule11denytcpdestination-porteq5554
rule12denytcpdestination-porteq9995
rule13denytcpdestination-porteq9996
rule14denytcpdestination-porteq3127
rule15denytcpdestination-porteq1025
rule16denytcpdestination-porteq137
rule17denytcpdestination-porteq138
rule18denytcpdestination-porteq5800
rule19denytcpdestination-porteq5900
rule20denytcpdestination-porteq8998
#
vlan1
#
vlan100
descriptionto-CNC
#
vlan200
descriptionto-WAN
#
vlan300
descriptionto-PIX_NAT
#
vlan500
descriptionto-shiwei
#
vlan600
descriptionto-GOV
#
vlan700
descriptionto-jiwei
#
vlan800
descriptionto-fulian
#
vlan900
descriptionto-xinfang
#
vlan1000
descriptionto-xxzx
#
vlan1100
descriptionto-chedu
#
interfaceVlan-interface100
descriptiontoCNC
ipaddress61.138.127.133255.255.255.128
#
interfaceVlan-interface200
descriptiontoWAN
ipaddress202.99.241.9255.255.255.248
#
interfaceVlan-interface300
descriptiontopix_nat
ipaddress192.168.0.2255.255.255.248
#
interfaceVlan-interface500
descriptiontoshiwei
ipaddress192.168.10.1255.255.255.0
#
interfaceVlan-interface600
descriptiontoshiwei
ipaddress192.168.50.254255.255.255.0
#
interfaceVlan-interface700
descriptiontojiwei
ipaddress192.168.20.1255.255.255.0
#
interfaceVlan-interface800
descriptiontofulian
ipaddress192.168.30.1255.255.255.0
#
interfaceVlan-interface900
descriptiontoxinfang
ipaddress192.168.40.1255.255.255.0
#
interfaceVlan-interface1000
descriptiontoxxzx
ipaddress192.168.60.1255.255.255.0
#
interfaceVlan-interface1100
descriptiontochedui
ipaddress192.168.70.1255.255.255.0
#
interfaceAux0/0
#
interfaceEthernet0/1
portaccessvlan100
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
packet-filterinboundip-group3000rule16
packet-filterinboundip-group3000rule17
packet-filterinboundip-group3000rule18
packet-filterinboundip-group3000rule19
packet-filterinboundip-group3000rule20
#
interfaceEthernet0/2
portaccessvlan200
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
packet-filterinboundip-group3000rule16
packet-filterinboundip-group3000rule17
packet-filterinboundip-group3000rule18
packet-filterinboundip-group3000rule19
packet-filterinboundip-group3000rule20
#
interfaceEthernet0/3
portaccessvlan200
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
packet-filterinboundip-group3000rule16
packet-filterinboundip-group3000rule17
packet-filterinboundip-group3000rule18
packet-filterinboundip-group3000rule19
packet-filterinboundip-group3000rule20
#
interfaceEthernet0/4
portaccessvlan200
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
packet-filterinboundip-group3000rule16
packet-filterinboundip-group3000rule17
packet-filterinboundip-group3000rule18
packet-filterinboundip-group3000rule19
packet-filterinboundip-group3000rule20
#
interfaceEthernet0/5
portaccessvlan200
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
packet-filterinboundip-group3000rule16
packet-filterinboundip-group3000rule17
packet-filterinboundip-group3000rule18
packet-filterinboundip-group3000rule19
packet-filterinboundip-group3000rule20
#
interfaceEthernet0/6
portaccessvlan200
packet-filterinboundip-group3000rule0
packet-filterinboundip-group3000rule1
packet-filterinboundip-group3000rule2
packet-filterinboundip-group3000rule3
packet-filterinboundip-group3000rule4
packet-filterinboundip-group3000rule5
packet-filterinboundip-group3000rule6
packet-filterinboundip-group3000rule7
packet-filterinboundip-group3000rule8
packet-filterinboundip-group3000rule9
packet-filterinboundip-group3000rule11
packet-filterinboundip-group3000rule12
packet-filterinboundip-group3000rule13
packet-filterinboundip-group3000rule14
packet-filterinboundip-group3000rule15
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Quidway S3528+Cisco PIX525配置 S3528 Cisco PIX525 配置