H3C F1060开启WEB管理页面及二层透传配置

拓扑图如上所示，Host_1是回环地址192.168.56.1/24，防火墙G0/1口做为管理口，IP改为192.168.56.2/24。

PC2和PC3配置好IP地址，分别是192.168.0.1和192.168.0.2。两台PC所在VLAN划分为10。

F1060配置过程如下 ：

sys
System View: return to User View with Ctrl+Z.

[H3C]vlan 10

[H3C-vlan10]quit

[H3C]int g1/0/1
[H3C-GigabitEthernet1/0/1]ip addr 192.168.56.2 24
[H3C-GigabitEthernet1/0/1]quit

[H3C]int g1/0/0
[H3C-GigabitEthernet1/0/0]port link-mode bridge 

[H3C-GigabitEthernet1/0/0]port link-type access 

[H3C-GigabitEthernet1/0/0]port access vlan 10

[H3C-GigabitEthernet1/0/0]int g1/0/2

[H3C-GigabitEthernet1/0/2]port link-mode bridge

[H3C-GigabitEthernet1/0/2]port link-type access
[H3C-GigabitEthernet1/0/2]port access vlan 10
[H3C-GigabitEthernet1/0/2]quit

[H3C]security-zone name trust
[H3C-security-zone-Trust]import int g1/0/0 vlan 10
[H3C-security-zone-Trust]import int g1/0/1
[H3C-security-zone-Trust]quit
[H3C]security-zone name untrust
[H3C-security-zone-Untrust]import int g1/0/2 vlan 10
[H3C-security-zone-Untrust]quit

[H3C]object-group ip address trust_g

[H3C-obj-grp-ip-trust_g]0 network host address 192.168.0.1
[H3C-obj-grp-ip-trust_g]quit

[H3C]object-group ip address untrust_g
[H3C-obj-grp-ip-untrust_g]0 network host address 192.168.0.2
[H3C-obj-grp-ip-untrust_g]quit

[H3C]security-policy ip

[H3C-security-policy-ip]rule name trust_untrust
[H3C-security-policy-ip-0-trust_untrust]logging enable
[H3C-security-policy-ip-0-trust_untrust]counting enable
[H3C-security-policy-ip-0-trust_untrust]source-zone trust
[H3C-security-policy-ip-0-trust_untrust]source-ip trust_g
[H3C-security-policy-ip-0-trust_untrust]destination-zone untrust
[H3C-security-policy-ip-0-trust_untrust]destination-ip untrust_g
[H3C-security-policy-ip-0-trust_untrust]action pass
[H3C-security-policy-ip-0-trust_untrust]quit

[H3C-security-policy-ip]rule name untrust_trust
[H3C-security-policy-ip-1-untrust_trust]source-zone untrust
[H3C-security-policy-ip-1-untrust_trust]source-ip untrust_g
[H3C-security-policy-ip-1-untrust_trust]destination-zone trust
[H3C-security-policy-ip-1-untrust_trust]destination-ip trust_g
[H3C-security-policy-ip-1-untrust_trust]action pass
[H3C-security-policy-ip-1-untrust_trust]quit

[H3C-security-policy-ip]rule name trust_local
[H3C-security-policy-ip-2-trust_local]source-zone trust
[H3C-security-policy-ip-2-trust_local]destination-zone local
[H3C-security-policy-ip-2-trust_local]action pass

到此，配置完成！

验证一下：

PC1 ping PC2

ping -a 192.168.0.1 192.168.0.2
Ping 192.168.0.2 (192.168.0.2) from 192.168.0.1: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.2: icmp_seq=0 ttl=255 time=2.000 ms
56 bytes from 192.168.0.2: icmp_seq=1 ttl=255 time=3.000 ms
56 bytes from 192.168.0.2: icmp_seq=2 ttl=255 time=3.000 ms
56 bytes from 192.168.0.2: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 192.168.0.2: icmp_seq=4 ttl=255 time=2.000 ms

PC2 ping PC1

ping -a 192.168.0.2 192.168.0.1
Ping 192.168.0.1 (192.168.0.1) from 192.168.0.2: 56 data bytes, press CTRL_C to break
56 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=2.000 ms
56 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=2.000 ms
56 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=3.000 ms
56 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=1.000 ms
56 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=3.000 ms

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！