1、路由器配置
1)基础配置
int g0/0/1
ip address 10.1.1.2 24
2)配置感应兴趣流
acl number 2000
rule 5 permit source any
3)nat地址转换
int g0/0/1
nat outbound 2000
4)缺省路由
ip route-static 0.0.0.0 0 10.1.1.1//配置缺省路由
5)配置内网ip
int g0/0/0
ip add 192.168.1.1 255.255.255.0
6)配置内网路由
ip route-static 192.168.3 .0 255.255.255.0 192.168.1.2
ip route-static 192.168.2.0 255.255.255.0 192.168.1.2
ip route-static 192.168.3.0 255.255.255.0 192.168.1.2
2、防火墙配置
1)接口基础配置
int g0/0/0
ip address 192.168.3.1 24
int g1/0/0
ip address 192.168.1.2 24
2)划分区域
firewall zone trust
add int g0/0/0
firewall zone untrust
add int g1/0/0
3)配置安全策略
security-policy
rule name intoout
source-zone trust
destination-zone untrust
server http ssh icmp https telnet
action permit
rule name outtoin
source-zone untrust
destination-zone trust
server http ssh icmp https telnet
action permit
4)配置路由
对外
ip route-static 0.0.0.0 0 192.168.1.1
5)对内
ip route-static 192.168.1.0 24 192.168.3.2
ip route-static 192.1682.0 24 192.168.3.2
3、交换机配置
1)创建vlan
vlan batch 10 20 30
2)配置vlanif基础配置信息
int vlanif10
ip add 192.1681.1 24
int vlanif 20
ip address 192.168.2.0 24
int vlanif 30
ip address 192.168.3.0
3)配置接口类型
port link-type access
port default vlan 10
