Username:admin<\/p>\n
Password:*****<\/p>\n
The password needs to be changed. Change now? [Y\/N]: y<\/p>\n
Please enter old password: Admin@123<\/p>\n
Please enter new password: LyShark@163<\/p>\n
Please confirm new password: LyShark@163<\/p>\n
<FW1> system-view \/\/ \u8fdb\u5165\u7cfb\u7edf\u89c6\u56fe<\/p>\n
[FW1] sysname FW1 \/\/ \u7ed9\u9632\u706b\u5899\u547d\u540d<\/p>\n
[FW1] undo info-center enable \/\/ \u5173\u95ed\u65e5\u5fd7\u5f39\u51fa\u529f\u80fd<\/p>\n
[FW1] quit<\/p>\n
<FW1> language-mode Chinese \/\/ \u5c06\u63d0\u793a\u4fee\u6539\u4e3a\u4e2d\u6587<\/p>\n
Change language mode, confirm? [Y\/N] y<\/p>\n
\u63d0\u793a\uff1a\u6539\u53d8\u8bed\u8a00\u6a21\u5f0f\u6210\u529f.<\/p>\n
\u5f00\u542fWeb\u7ba1\u7406\u754c\u9762:<\/strong>\u00a0\u9ed8\u8ba4\u9632\u706b\u5899console\u63a5\u53e3IP\u5730\u5740\u662f192.168.0.1.<\/p>\n <FW1> system-view<\/p>\n [FW1] web-manager enable \/\/ \u5f00\u542f\u56fe\u5f62\u7ba1\u7406\u754c\u9762<\/p>\n [FW1] interface GigabitEthernet 0\/0\/0<\/p>\n [FW1-GigabitEthernet0\/0\/0] ip address 192.168.0.1 24 \/\/ \u7ed9\u63a5\u53e3\u914d\u7f6eIP\u5730\u5740<\/p>\n [FW1-GigabitEthernet0\/0\/0] service-manage all permit \/\/ \u653e\u884c\u8be5\u7aef\u53e3\u7684\u8bf7\u6c42<\/p>\n [FW1-GigabitEthernet0\/0\/0] display this<\/p>\n \u914d\u7f6eConsole\u53e3\u767b\u9646:<\/strong><\/p>\n <FW1> system-view \/\/ \u8fdb\u5165\u7cfb\u7edf\u89c6\u56fe<\/p>\n [FW1] user-interface console 0 \/\/ \u8fdb\u5165console0\u7684\u7528\u6237\u914d\u7f6e\u63a5\u53e3<\/p>\n [FW1-ui-console0] authentication-mode password \/\/ \u4f7f\u7528\u5bc6\u7801\u9a8c\u8bc1\u6a21\u5f0f<\/p>\n [FW1-ui-console0] set authentication password cipher Admin1234 \/\/ \u8bbe\u7f6e\u5bc6\u7801\u4e3aAdmin1234<\/p>\n [FW1-ui-console0] quit \/\/ \u9000\u51fa\u7528\u6237\u914d\u7f6e\u63a5\u53e3<\/p>\n \u914d\u7f6etelnet\u5bc6\u7801\u8ba4\u8bc1:<\/strong>\u00a0\u914d\u7f6e\u5bc6\u7801\u8ba4\u8bc1\u6a21\u5f0f,\u6b64\u5904\u914d\u7f6e\u5bc6\u7801\u4e3aAdmin@123.<\/p>\n <FW1> system-view<\/p>\n [FW1] telnet server enable \/\/ \u5f00\u542fTelnet\u652f\u6301<\/p>\n [FW1] interface GigabitEthernet 0\/0\/0 \/\/ \u9009\u62e9\u914d\u7f6e\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet0\/0\/0] service-manage telnet permit \/\/ \u5141\u8bb8telnet<\/p>\n [FW1-GigabitEthernet0\/0\/0] quit<\/p>\n [FW1] user-interface vty 0 4 \/\/ \u5f00\u542f\u865a\u62df\u7ec8\u7aef<\/p>\n [FW1-ui-vty0-4] protocol inbound telnet \/\/ \u5141\u8bb8telnet<\/p>\n [FW1-ui-vty0-4] authentication-mode password \/\/ \u8bbe\u7f6e\u4e3a\u5bc6\u7801\u8ba4\u8bc1\u6a21\u5f0f<\/p>\n [FW1-ui-vty0-4] set authentication password cipher Admin@123 \/\/ \u8bbe\u7f6e\u7528\u6237\u5bc6\u7801<\/p>\n [USG6000V1] firewall zone trust \/\/ \u9009\u62e9\u5b89\u5168\u533a\u57df<\/p>\n [USG6000V1-zone-trust] add interface GE0\/0\/0 \/\/ \u6dfb\u52a0\u5230\u5b89\u5168\u533a\u57df<\/p>\n \u914d\u7f6etelnet\u7528\u6237\u540d\u5bc6\u7801\u8ba4\u8bc1:<\/strong><\/p>\n <FW1> system-view \/\/ \u8fdb\u5165\u7cfb\u7edf\u89c6\u56fe<\/p>\n [FW1] interface GigabitEthernet 0\/0\/0 \/\/ \u8fdb\u5165\u63a5\u53e3\u914d\u7f6e<\/p>\n [FW1-GigabitEthernet0\/0\/0] ip address 192.168.0.1 24 \/\/ \u914d\u7f6e\u63a5\u53e3IP<\/p>\n [FW1-GigabitEthernet0\/0\/0] service-manage telnet permit \/\/ \u5141\u8bb8telnet<\/p>\n [FW1-GigabitEthernet0\/0\/0] service-manage ping permit \/\/ \u5141\u8bb8ping<\/p>\n [FW1-GigabitEthernet0\/0\/0] quit \/\/\u9000\u51fa<\/p>\n [FW1] firewall zone trust \/\/ \u8fdb\u5165trust\u5b89\u5168\u57df\u914d\u7f6e<\/p>\n [FW1-zone-trust] add interface GigabitEthernet 0\/0\/0 \/\/ \u628aGE0\/0\/0\u52a0\u5165\u5230trust\u5b89\u5168\u57df<\/p>\n [FW1-zone-trust] quit<\/p>\n [FW1] telnet server enable \/\/ \u542f\u7528telnet\u670d\u52a1<\/p>\n [FW1] user-interface vty 0 4 \/\/ \u8fdb\u5165vty0-4\u7684\u7528\u6237\u914d\u7f6e\u63a5\u53e3<\/p>\n [FW1-ui-vty0-4] authentication-mode aaa \/\/ \u4f7f\u7528AAA\u9a8c\u8bc1\u6a21\u5f0f<\/p>\n [FW1-ui-vty0-4] user privilege level 3 \/\/ \u914d\u7f6e\u7528\u6237\u8bbf\u95ee\u7684\u547d\u4ee4\u7ea7\u522b\u4e3a3<\/p>\n [FW1-ui-vty0-4] protocol inbound telnet \/\/ \u914d\u7f6etelnet<\/p>\n [FW1-ui-vty0-4] quit \/\/ \u9000\u51fa\u7528\u6237\u914d\u7f6e\u63a5\u53e3<\/p>\n [FW1] aaa \/\/ \u8fdb\u5165AAA\u914d\u7f6e\u89c6\u56fe<\/p>\n [FW1-aaa] manager-user lyshark \/\/ \u521b\u5efa\u7528\u6237vtyadmin<\/p>\n [FW1-aaa-manager-user-lyshark] password cipher admin@123 \/\/ \u914d\u7f6e\u7528\u6237\u5bc6\u7801<\/p>\n [FW1-aaa-manager-user-lyshark] service-type telnet \/\/ \u914d\u7f6e\u670d\u52a1\u7c7b\u578b<\/p>\n [FW1-aaa-manager-user-lyshark] quit \/\/ \u9000\u51fa<\/p>\n [FW1-aaa] bind manager-user lyshark role system-admin \/\/ \u7ed1\u5b9a\u7ba1\u7406\u5458\u89d2\u8272<\/p>\n [FW1-aaa] quit \/\/ \u9000\u51faAAA\u89c6\u56fe<\/p>\n \u5e38\u7528\u67e5\u8be2\u547d\u4ee4:<\/strong>\u00a0\u67e5\u8be2\u9632\u706b\u5899\u7684\u5176\u4ed6\u914d\u7f6e,\u5e38\u7528\u7684\u51e0\u4e2a\u547d\u4ee4\u5982\u4e0b.<\/p>\n [FW1] display ip interface brief \/\/ \u67e5\u9ed8\u8ba4\u63a5\u53e3\u4fe1\u606f<\/p>\n [FW1] display ip routing-table \/\/ \u663e\u793a\u8def\u7531\u8868<\/p>\n [FW1] display zone \/\/ \u663e\u793a\u9632\u706b\u5899\u533a\u57df<\/p>\n [FW1] display firewall session table \/\/ \u663e\u793a\u5f53\u524d\u4f1a\u8bdd<\/p>\n [FW1] display security-policy rule all \/\/ \u663e\u793a\u5b89\u5168\u7b56\u7565<\/p>\n \u914d\u7f6e\u5230\u8fd9\u91cc,\u6211\u4eec\u5c31\u53ef\u4ee5\u5728\u6d4f\u89c8\u5668\u4e2d\u8bbf\u95ee\u4e86,\u5176\u8bbf\u95ee\u5730\u5740\u662fhttp:\/\/192.168.0.1<\/p>\n <\/p>\n \u521d\u59cb\u5316\u9632\u706b\u5899:<\/strong>\u00a0\u521d\u59cb\u5316\u914d\u7f6e,\u5e76\u8bbe\u7f6e\u597d\u9632\u706b\u5899\u5bc6\u7801,\u6b64\u5904\u7528\u6237\u540dadmin\u5bc6\u7801\u662fLyshark@123.<\/p>\n Username:admin<\/p>\n Password:*****<\/p>\n The password needs to be changed. Change now? [Y\/N]: y<\/p>\n Please enter old password: Admin@123<\/p>\n Please enter new password: Lyshark@163<\/p>\n Please confirm new password: Lyshark@163<\/p>\n <USG6000V1> system-view \/\/ \u8fdb\u5165\u7cfb\u7edf\u89c6\u56fe<\/p>\n [USG6000V1] sysname FW1 \/\/ \u7ed9\u9632\u706b\u5899\u547d\u540d<\/p>\n [FW1] undo info-center enable \/\/ \u5173\u95ed\u65e5\u5fd7\u5f39\u51fa\u529f\u80fd<\/p>\n [FW1] quit<\/p>\n <FW1> language-mode Chinese \/\/ \u5c06\u63d0\u793a\u4fee\u6539\u4e3a\u4e2d\u6587<\/p>\n [FW1] web-manager enable \/\/ \u5f00\u542f\u56fe\u5f62\u7ba1\u7406\u754c\u9762<\/p>\n [FW1] interface GigabitEthernet 0\/0\/0<\/p>\n [FW1-GigabitEthernet0\/0\/0] service-manage all permit \/\/ \u653e\u884c\u8be5\u7aef\u53e3\u7684\u8bf7\u6c42<\/p>\n \u914d\u7f6e\u5185\u7f51\u63a5\u53e3:<\/strong>\u00a0\u914d\u7f6e\u5185\u7f51\u7684\u63a5\u53e3\u4fe1\u606f,\u8fd9\u91cc\u5305\u62ec\u4e2aGE 1\/0\/0 and GE 1\/0\/1\u8fd9\u4e24\u4e2a\u5185\u7f51\u5730\u5740.<\/p>\n <FW1> system-view<\/p>\n [FW1] interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-GigabitEthernet1\/0\/0] ip address 192.168.1.1 255.255.255.0<\/p>\n [FW1-GigabitEthernet1\/0\/0] undo shutdown<\/p>\n [FW1-GigabitEthernet1\/0\/0] quit<\/p>\n [FW1] interface GigabitEthernet 1\/0\/1<\/p>\n [FW1-GigabitEthernet1\/0\/1] ip address 192.168.2.1 255.255.255.0<\/p>\n [FW1-GigabitEthernet1\/0\/1] undo shutdown<\/p>\n [FW1-GigabitEthernet1\/0\/1] quit<\/p>\n # ——————————————————-<\/p>\n [FW1] firewall zone trust \/\/ \u5c06\u524d\u4e24\u4e2a\u63a5\u53e3\u52a0\u5165trust\u533a\u57df<\/p>\n [FW1-zone-trust] add interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-zone-trust] add interface GigabitEthernet 1\/0\/1<\/p>\n \u914d\u7f6e\u5916\u7f51\u63a5\u53e3:<\/strong>\u00a0\u914d\u7f6e\u5916\u7f51\u63a5\u53e3GE 1\/0\/2\u63a5\u53e3\u7684IP\u5730\u5740,\u5e76\u5c06\u5176\u52a0\u5165\u5230untrust\u533a\u57df\u4e2d.<\/p>\n [FW1] interface GigabitEthernet 1\/0\/2 \/\/ \u9009\u62e9\u5916\u7f51\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet1\/0\/2] undo shutdown \/\/ \u5f00\u542f\u5916\u7f51\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet1\/0\/2] ip address 10.10.10.10 255.255.255.0 \/\/ \u914d\u7f6eIP\u5730\u5740<\/p>\n [FW1-GigabitEthernet1\/0\/2] gateway 10.10.10.20 \/\/ \u914d\u7f6e\u7f51\u5173<\/p>\n [FW1-GigabitEthernet1\/0\/2] undo service-manage enable<\/p>\n [FW1-GigabitEthernet1\/0\/2] quit<\/p>\n # ——————————————————-<\/p>\n [FW1] firewall zone untrust \/\/ \u9009\u62e9\u5916\u7f51\u533a\u57df<\/p>\n [FW1-zone-untrust] add interface GigabitEthernet 1\/0\/2 \/\/ \u5c06\u63a5\u53e3\u52a0\u5165\u5230\u6b64\u533a\u57df<\/p>\n \u914d\u7f6e\u5b89\u5168\u7b56\u7565:<\/strong>\u00a0\u914d\u7f6e\u9632\u706b\u5899\u5b89\u5168\u7b56\u7565,\u653e\u884ctrust(\u5185\u7f51)–>untrust(\u5916\u7f51)\u7684\u6570\u636e\u5305.<\/p>\n [FW1] security-policy \/\/ \u914d\u7f6e\u5b89\u5168\u7b56\u7565<\/p>\n [FW1-policy-security] rule name lyshark \/\/ \u89c4\u5219\u540d\u79f0<\/p>\n [FW1-policy-security-rule-lyshark] source-zone trust \/\/ \u539f\u5b89\u5168\u533a\u57df(\u5185\u90e8)<\/p>\n [FW1-policy-security-rule-lyshark] destination-zone untrust \/\/ \u76ee\u6807\u5b89\u5168\u533a\u57df(\u5916\u90e8)<\/p>\n [FW1-policy-security-rule-lyshark] source-address any \/\/ \u539f\u5730\u5740\u533a\u57df<\/p>\n [FW1-policy-security-rule-lyshark] destination-address any \/\/ \u76ee\u6807\u5730\u5740\u533a\u57df<\/p>\n [FW1-policy-security-rule-lyshark] service any \/\/ \u653e\u884c\u6240\u6709\u670d\u52a1<\/p>\n [FW1-policy-security-rule-lyshark] action permit \/\/ \u653e\u884c\u914d\u7f6e<\/p>\n [FW1-policy-security-rule-lyshark] quit<\/p>\n \u914d\u7f6e\u6e90NAT:<\/strong>\u00a0\u914d\u7f6e\u539fNAT\u5730\u5740\u8f6c\u6362,\u4ec5\u914d\u7f6e\u6e90\u5730\u5740\u8bbf\u95ee\u5185\u7f51 –> \u516c\u7f51\u7684\u8f6c\u6362.<\/p>\n [FW1] nat-policy \/\/ \u914d\u7f6eNAT\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat] rule name lyshark \/\/ \u6307\u5b9a\u7b56\u7565\u540d\u79f0<\/p>\n [FW1-policy-nat-rule-lyshark] egress-interface GigabitEthernet 1\/0\/2 \/\/ \u5916\u7f51\u63a5\u53e3IP<\/p>\n [FW1-policy-nat-rule-lyshark] action source-nat easy-ip \/\/ \u6e90\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat-rule-lyshark] display this<\/p>\n \u914d\u7f6e\u76ee\u6807NAT:<\/strong>\u00a0\u5916\u7f51\u8bbf\u95ee10.10.10.10\u81ea\u52a8\u6620\u5c04\u5230\u5185\u7f51\u7684192.168.2.1\u8fd9\u53f0\u4e3b\u673a\u4e0a.<\/p>\n [FW1] firewall zone untrust \/\/ \u9009\u62e9\u5916\u7f51\u533a\u57df<\/p>\n [FW1-zone-untrust] add interface GigabitEthernet 1\/0\/2 \/\/ \u5c06\u63a5\u53e3\u52a0\u5165\u5230\u6b64\u533a\u57df<\/p>\n # —-NAT\u89c4\u5219—————————————————<\/p>\n # \u5916\u7f51\u4e3b\u673a\u8bbf\u95ee10.10.10.10\u4e3b\u673a\u81ea\u52a8\u6620\u5c04\u5230\u5185\u90e8\u7684192.168.2.2<\/p>\n [FW1] firewall detect ftp<\/p>\n [FW1] nat server lyshark global 10.10.10.10 inside 192.168.2.2 no-reverse<\/p>\n # —-\u653e\u884c\u89c4\u5219—————————————————<\/p>\n [FW1] security-policy \/\/ \u914d\u7f6e\u5b89\u5168\u7b56\u7565<\/p>\n [FW1-policy-security] rule name untrs-trs \/\/ \u89c4\u5219\u540d\u79f0<\/p>\n [FW1-policy-security-rule-lyshark] source-zone untrust \/\/ \u539f\u5b89\u5168\u533a\u57df(\u5916\u90e8)<\/p>\n [FW1-policy-security-rule-lyshark] destination-zone trust \/\/ \u76ee\u6807\u5b89\u5168\u533a\u57df(\u5185\u90e8)<\/p>\n [FW1-policy-security-rule-lyshark] action permit \/\/ \u653e\u884c\u914d\u7f6e<\/p>\n [FW1-policy-security-rule-lyshark] quit<\/p>\n <\/p>\n \u914d\u7f6e\u5185\u7f51\u533a\u57df:<\/strong>\u00a0\u5206\u522b\u914d\u7f6e\u9632\u706b\u5899\u5185\u7f51\u63a5\u53e3GE1\/0\/0 and GE1\/0\/1\u8bbe\u7f6eIP\u5730\u5740,\u5e76\u52a0\u5165\u6307\u5b9a\u533a\u57df\u5185.<\/p>\n <FW1>system-view<\/p>\n [FW1]undo info-center enable<\/p>\n # —-\u914d\u7f6eIP\u5730\u5740———————————————–<\/p>\n [FW1] interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-GigabitEthernet1\/0\/0] ip address 192.168.1.1 24<\/p>\n [FW1-GigabitEthernet1\/0\/0] quit<\/p>\n [FW1] interface GigabitEthernet 1\/0\/1<\/p>\n [FW1-GigabitEthernet1\/0\/1] ip address 192.168.2.1 24<\/p>\n [FW1-GigabitEthernet1\/0\/1] quit<\/p>\n # —-\u52a0\u5165\u5230\u6307\u5b9a\u533a\u57df——————————————–<\/p>\n [FW1] firewall zone trust<\/p>\n [FW1-zone-trust] add interface GigabitEthernet 1\/0\/0<\/p>\n [FW1] firewall zone dmz<\/p>\n [FW1-zone-dmz] add interface GigabitEthernet 1\/0\/1<\/p>\n \u914d\u7f6e\u5916\u7f51\u533a\u57df:<\/strong>\u00a0\u7136\u540e\u914d\u7f6e\u5916\u7f51\u5730\u5740,\u5c06Gig 1\/0\/2\u52a0\u5165\u5230untrust\u533a\u57df\u5185.<\/p>\n [FW1] interface GigabitEthernet 1\/0\/2<\/p>\n [FW1-GigabitEthernet1\/0\/2] ip address 10.10.10.10 8<\/p>\n [FW1] firewall zone untrust<\/p>\n [FW1-zone-dmz] add interface GigabitEthernet 1\/0\/2<\/p>\n \u914d\u7f6e\u6e90NAT:<\/strong>\u00a0\u914d\u7f6e\u539fNAT\u5730\u5740\u8f6c\u6362,\u4ec5\u914d\u7f6e\u6e90\u5730\u5740\u8bbf\u95ee\u5185\u7f51 –> \u516c\u7f51\u7684\u8f6c\u6362.<\/p>\n # —-\u914d\u7f6e\u6e90NAT\u8f6c\u6362———————————————<\/p>\n [FW1] nat-policy \/\/ \u914d\u7f6eNAT\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat] rule name lyshark \/\/ \u6307\u5b9a\u7b56\u7565\u540d\u79f0<\/p>\n [FW1-policy-nat-rule-lyshark] egress-interface GigabitEthernet 1\/0\/2 \/\/ \u5916\u7f51\u63a5\u53e3IP<\/p>\n [FW1-policy-nat-rule-lyshark] action source-nat easy-ip \/\/ \u6e90\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat-rule-lyshark] display this<\/p>\n # —-\u653e\u884c\u76f8\u5173\u5b89\u5168\u7b56\u7565——————————————<\/p>\n [FW1] security-policy<\/p>\n [FW1-policy-security] rule name trust_untrust<\/p>\n [FW1-policy-security-rule] source-zone trust<\/p>\n [FW1-policy-security-rule] destination-zone untrust<\/p>\n [FW1-policy-security-rule] action permit<\/p>\n \u914d\u7f6e\u76ee\u6807NAT:<\/strong>\u00a0\u5916\u7f51\u8bbf\u95ee10.10.10.10\u81ea\u52a8\u6620\u5c04\u5230\u5185\u7f51\u7684192.168.2.2\u8fd9\u53f0\u4e3b\u673a\u4e0a.<\/p>\n # —-NAT\u89c4\u5219—————————————————<\/p>\n # \u5916\u7f51\u4e3b\u673a\u8bbf\u95ee10.10.10.10\u4e3b\u673a\u81ea\u52a8\u6620\u5c04\u5230\u5185\u90e8\u7684192.168.2.2<\/p>\n [FW1] firewall detect ftp<\/p>\n [FW1]nat server lyshark global 10.10.10.10 inside 192.168.2.2 no-reverse<\/p>\n # —-\u653e\u884c\u89c4\u5219—————————————————<\/p>\n [FW1] security-policy \/\/ \u914d\u7f6e\u5b89\u5168\u7b56\u7565<\/p>\n [FW1-policy-security] rule name untrs-DMZ \/\/ \u89c4\u5219\u540d\u79f0<\/p>\n [FW1-policy-security-rule-untrs-DMZ] source-zone untrust \/\/ \u539f\u5b89\u5168\u533a\u57df(\u5916\u90e8)<\/p>\n [FW1-policy-security-rule-untrs-DMZ] destination-zone trust \/\/ \u76ee\u6807\u5b89\u5168\u533a\u57df(\u5185\u90e8)<\/p>\n [FW1-policy-security-rule-untrs-DMZ] destination-address 192.168.2.2 24<\/p>\n [FW1-policy-security-rule-untrs-DMZ] service any<\/p>\n [FW1-policy-security-rule-untrs-DMZ] action permit \/\/ \u653e\u884c\u914d\u7f6e<\/p>\n [FW1-policy-security-rule-untrs-DMZ] quit<\/p>\n <\/p>\n \u914d\u7f6e\u4e24\u53f0\u4ea4\u6362\u673a:<\/strong>\u00a0\u5206\u522b\u914d\u7f6e\u4e24\u53f0\u4ea4\u6362\u673a,\u5e76\u5212\u5206\u5230\u76f8\u5e94\u7684VLAN\u533a\u57df\u5185.<\/p>\n # —-\u914d\u7f6eLSW1\u4ea4\u6362\u673a——————————————–<\/p>\n <Huawei> system-view<\/p>\n [LSW1] vlan 10 \/\/ \u521b\u5efaVLAN10<\/p>\n [LSW1] quit<\/p>\n [LSW1] interface Ethernet 0\/0\/1 \/\/ \u5c06\u8be5\u63a5\u53e3\u914d\u7f6e\u4e3atrunk<\/p>\n [LSW1-Ethernet0\/0\/1] port link-type trunk<\/p>\n [LSW1-Ethernet0\/0\/1] port trunk allow-pass vlan 10 \/\/ \u52a0\u5165\u5230vlan 10<\/p>\n [LSW1-Ethernet0\/0\/1] quit<\/p>\n [LSW1] port-group group-member Eth0\/0\/2 to Eth0\/0\/3<\/p>\n [LSW1-port-group] port link-type access<\/p>\n [LSW1-port-group] port default vlan 10<\/p>\n [LSW1-port-group] quit<\/p>\n # —-\u914d\u7f6eLSW2\u4ea4\u6362\u673a——————————————–<\/p>\n <Huawei> system-view<\/p>\n [LSW2] vlan 20<\/p>\n [LSW1] quit<\/p>\n [LSW2] interface Ethernet 0\/0\/1<\/p>\n [LSW2-Ethernet0\/0\/1] port link-type trunk<\/p>\n [LSW2-Ethernet0\/0\/1] port trunk allow-pass vlan 20<\/p>\n [LSW2-Ethernet0\/0\/1] quit<\/p>\n [LSW2] port-group group-member Eth0\/0\/2 to Eth0\/0\/3<\/p>\n [LSW2-port-group] port link-type access<\/p>\n [LSW2-port-group] port default vlan 20<\/p>\n [LSW2-port-group] quit<\/p>\n \u914d\u7f6e\u9632\u706b\u5899:<\/strong>\u00a0\u914d\u7f6eGig1\/0\/0\u548cGig1\/0\/1\u63a5\u53e3\u4e3atrunk\u6a21\u5f0f,\u5e76\u5206\u522b\u914d\u7f6e\u597d\u7f51\u5173\u5730\u5740.<\/p>\n [FW1] vlan 10<\/p>\n [FW1-vlan10] quit<\/p>\n [FW1] vlan 20<\/p>\n [FW1-vlan20] quit<\/p>\n # —-\u914d\u7f6e\u9632\u706b\u5899\u63a5\u53e3\u5730\u5740—————————————–<\/p>\n [FW1] interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-GigabitEthernet1\/0\/0] portswitch<\/p>\n [FW1-GigabitEthernet1\/0\/0] port link-type trunk<\/p>\n [FW1-GigabitEthernet1\/0\/0] port trunk allow-pass vlan 10<\/p>\n [FW1] interface GigabitEthernet 1\/0\/1<\/p>\n [FW1-GigabitEthernet1\/0\/1] portswitch<\/p>\n [FW1-GigabitEthernet1\/0\/1] port link-type trunk<\/p>\n [FW1-GigabitEthernet1\/0\/1] port trunk allow-pass vlan 20<\/p>\n # —-\u5206\u522b\u7ed9VLAN\u914d\u7f6eIP\u5730\u5740—————————————<\/p>\n [FW1]interface Vlanif 10<\/p>\n [FW1-Vlanif10]<\/p>\n [FW1-Vlanif10]ip address 192.168.10.1 255.255.255.0<\/p>\n [FW1-Vlanif10]alias vlan 10<\/p>\n [FW1-Vlanif10]service-manage ping permit<\/p>\n [FW1] interface Vlanif 20<\/p>\n [FW1-Vlanif20]<\/p>\n [FW1-Vlanif20] ip address 192.168.20.1 255.255.255.0<\/p>\n [FW1-Vlanif20] alias vlan 20<\/p>\n [FW1-Vlanif20] service-manage ping permit<\/p>\n \u6dfb\u52a0\u9632\u706b\u5899\u533a\u57df:<\/strong>\u00a0\u5c06vlan10\u548cvlan20\u6dfb\u52a0\u5230trust\u533a\u57df\u5185.<\/p>\n [FW1]firewall zone trust<\/p>\n [FW1-zone-trust] add interface Vlanif 10<\/p>\n [FW1-zone-trust] add interface Vlanif 20<\/p>\n <\/p>\n \u653e\u884c\u6240\u6709\u6570\u636e\u5305(\u4e24\u53f0\u5899):<\/strong>\u00a0\u4e3a\u4e86\u6f14\u793a\u5b9e\u9a8c,\u9700\u8981\u624b\u52a8\u653e\u884c\u6570\u636e\u5305<\/p>\n # ————————————————————<\/p>\n # \u5c06\u9ed8\u8ba4\u9632\u706b\u5899\u89c4\u5219,\u8bbe\u7f6e\u4e3a\u5141\u8bb8\u6240\u6709<\/p>\n [FW1] security-policy<\/p>\n [FW1-policy-security] rule name anyall \/\/ \u6307\u5b9a\u89c4\u5219\u540d\u79f0<\/p>\n [FW1-policy-security-rule-anyall] source-zone any \/\/ \u6e90\u5730\u5740\u5141\u8bb8\u6240\u6709<\/p>\n [FW1-policy-security-rule-anyall] destination-zone any \/\/ \u76ee\u6807\u5730\u5740\u5141\u8bb8\u6240\u6709<\/p>\n [FW1-policy-security-rule-anyall] action permit \/\/ \u653e\u884c<\/p>\n [FW1-policy-security-rule-anyall] quit<\/p>\n [FW1-policy-security] quit<\/p>\n # ————————————————————<\/p>\n # \u5c06\u6307\u5b9a\u7684\u63a5\u53e3\u52a0\u5165\u5230\u6307\u5b9a\u7684\u533a\u57df\u5185<\/p>\n [FW1] firewall zone trust \/\/ \u9009\u62e9trust\u533a\u57df<\/p>\n [FW1-zone-trust] add interface GigabitEthernet 1\/0\/0 \/\/ \u6dfb\u52a0\u5185\u90e8\u7684\u7aef\u53e3<\/p>\n [FW1-zone-trust] quit<\/p>\n [FW1] firewall zone untrust \/\/ \u6dfb\u52a0untru\u533a\u57df<\/p>\n [FW1-zone-untrust] add interface GigabitEthernet 1\/0\/1 \/\/ \u6dfb\u52a0\u5916\u90e8\u63a5\u53e3<\/p>\n [FW1-zone-trust] quit<\/p>\n \u914d\u7f6eIP\u5730\u5740(\u4e24\u53f0)<\/strong>\u00a0\u7ed9\u9632\u706b\u5899\u7684\u4e24\u4e2a\u63a5\u53e3\u914d\u7f6e\u597dIP\u5730\u5740.<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW1<\/p>\n [FW1] interface GigabitEthernet 1\/0\/0 \/\/ \u9009\u62e9\u5185\u90e8\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet1\/0\/0] ip address 192.168.1.253 24 \/\/ \u914d\u7f6e\u9632\u706b\u5899IP<\/p>\n [FW1-GigabitEthernet1\/0\/0] service-manage ping permit \/\/ \u5f00\u542f\u63a5\u53e3ping<\/p>\n [FW1-GigabitEthernet1\/0\/0] quit<\/p>\n [FW1] interface GigabitEthernet1\/0\/1<\/p>\n [FW1-GigabitEthernet1\/0\/1] ip address 10.10.10.20 8<\/p>\n [FW1-GigabitEthernet1\/0\/1] service-manage ping permit<\/p>\n [FW1-GigabitEthernet1\/0\/1] quit<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW2<\/p>\n [FW2] interface GigabitEthernet 1\/0\/0 \/\/ \u9009\u62e9\u5185\u90e8\u63a5\u53e3<\/p>\n [FW2-GigabitEthernet1\/0\/0] ip address 192.168.1.254 24 \/\/ \u914d\u7f6e\u9632\u706b\u5899IP<\/p>\n [FW2-GigabitEthernet1\/0\/0] service-manage ping permit \/\/ \u5f00\u542f\u63a5\u53e3ping<\/p>\n [FW2-GigabitEthernet1\/0\/0] quit<\/p>\n [FW2-GigabitEthernet1\/0\/0] quit<\/p>\n [FW2] interface GigabitEthernet1\/0\/1<\/p>\n [FW2-GigabitEthernet1\/0\/1] ip address 10.10.10.30 8<\/p>\n [FW2-GigabitEthernet1\/0\/1] service-manage ping permit<\/p>\n [FW2-GigabitEthernet1\/0\/1] quit<\/p>\n \u5f00\u542f\u6e90NAT\u5730\u5740<\/strong>:\u5c06\u5185\u7f51\u6570\u636e\u6620\u5c04\u5230\u5916\u7f51.<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW1<\/p>\n [FW1] nat-policy \/\/ \u914d\u7f6eNAT\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat] rule name tru_untr \/\/ \u6307\u5b9a\u7b56\u7565\u540d\u79f0<\/p>\n [FW1-policy-nat-rule-tru_untr] egress-interface GigabitEthernet 1\/0\/1 \/\/ \u5916\u7f51\u63a5\u53e3IP<\/p>\n [FW1-policy-nat-rule-tru_untr] action source-nat easy-ip \/\/ \u6e90\u5730\u5740\u8f6c\u6362<\/p>\n [FW1-policy-nat-rule-tru_untr] display this<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW2<\/p>\n [FW2] nat-policy \/\/ \u914d\u7f6eNAT\u5730\u5740\u8f6c\u6362<\/p>\n [FW2-policy-nat] rule name tru_untr \/\/ \u6307\u5b9a\u7b56\u7565\u540d\u79f0<\/p>\n [FW2-policy-nat-rule-tru_untr] egress-interface GigabitEthernet 1\/0\/1 \/\/ \u5916\u7f51\u63a5\u53e3IP<\/p>\n [FW2-policy-nat-rule-tru_untr] action source-nat easy-ip \/\/ \u6e90\u5730\u5740\u8f6c\u6362<\/p>\n [FW2-policy-nat-rule-tru_untr] display this<\/p>\n \u5f00\u542fVRRP\u652f\u6301(\u4e24\u53f0)<\/strong><\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW1<\/p>\n [FW1] interface GigabitEthernet 1\/0\/0 \/\/ \u9009\u62e9\u5185\u90e8\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet1\/0\/0] vrrp vrid 1 virtual-ip 192.168.1.1 active \/\/ \u914d\u7f6e\u865a\u62df\u63a5\u53e3\u4e3a\u4e3b<\/p>\n [FW1-GigabitEthernet1\/0\/0] quit<\/p>\n [FW1] interface GigabitEthernet 1\/0\/1 \/\/ \u9009\u62e9\u5916\u90e8\u63a5\u53e3<\/p>\n [FW1-GigabitEthernet1\/0\/1] vrrp vrid 2 virtual-ip 10.10.10.10 active<\/p>\n [FW1-GigabitEthernet1\/0\/1] quit<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW12<\/p>\n [FW2] interface GigabitEthernet 1\/0\/0 \/\/ \u9009\u62e9\u5185\u90e8\u63a5\u53e3<\/p>\n [FW2-GigabitEthernet1\/0\/0] vrrp vrid 1 virtual-ip 192.168.1.1 standby \/\/ \u914d\u7f6e\u865a\u62df\u63a5\u53e3\u4e3a\u5907<\/p>\n [FW2-GigabitEthernet1\/0\/0] quit<\/p>\n [FW2] interface GigabitEthernet 1\/0\/1<\/p>\n [FW2-GigabitEthernet1\/0\/1] vrrp vrid 2 virtual-ip 10.10.10.10 standby<\/p>\n [FW2-GigabitEthernet1\/0\/1] quit<\/p>\n HRP\u914d\u7f6e(\u4e24\u53f0):<\/strong><\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW1<\/p>\n [FW1] hrp enable<\/p>\n HRP_S[FW1] hrp interface GigabitEthernet 0\/0\/0 remote 172.16.1.2 \/\/ \u6307\u5b9a\u63a5\u53e3\u548c\u5bf9\u7aefIP<\/p>\n HRP_M[FW1] interface GigabitEthernet 0\/0\/0 \/\/ \u9009\u62e9\u865a\u62df\u63a5\u53e3<\/p>\n HRP_M[FW1-GigabitEthernet0\/0\/0] ip address 172.16.1.1 24 \/\/ \u914d\u7f6e\u672c\u7aefIP\u5730\u5740<\/p>\n # ————————————————————<\/p>\n # \u914d\u7f6e\u9632\u706b\u5899FW2<\/p>\n [FW2] hrp enable<\/p>\n HRP_S[FW2] hrp standby-device<\/p>\n HRP_S[FW2] hrp interface GigabitEthernet 0\/0\/0 remote 172.16.1.1<\/p>\n HRP_S[FW2] interface GigabitEthernet 0\/0\/0<\/p>\n HRP_S[FW2-GigabitEthernet0\/0\/0] ip address 172.16.1.2 24<\/p>\n \u68c0\u67e5\u914d\u7f6e\uff1a<\/strong><\/p>\n \u6ce8\u610f1\uff1a\u9ed8\u8ba4\u5904\u4e8e standby \u72b6\u6001\u7684\u8bbe\u5907\u4e0d\u5141\u8bb8\u914d\u7f6e\u5b89\u5168\u7b56\u7565\uff0c\u53ea\u5141\u8bb8\u5728\u4e3b\u8bbe \u5f00\u542f\u547d\u4ee4\uff1ahrp standby config enable<\/p>\n HRP_M[FW1] display hrp state<\/p>\n Role: active, peer: standby<\/p>\n Running priority: 45000, peer: 45000<\/p>\n Core state: normal, peer: normal<\/p>\n Backup channel usage: 0.00%<\/p>\n Stable time: 0 days, 0 hours, 0 minutes<\/p>\n Last state change information: 2019-05-06 1:37:41 HRP core state changed, old_s<\/p>\n tate = abnormal(active), new_state = normal, local_priority = 45000, peer_priori<\/p>\n ty = 45000.<\/p>\n HRP_S[FW2] display hrp state<\/p>\n Role: standby, peer: active<\/p>\n Running priority: 45000, peer: 45000<\/p>\n Core state: normal, peer: normal<\/p>\n Backup channel usage: 0.00%<\/p>\n Stable time: 0 days, 0 hours, 1 minutes<\/p>\n Last state change information: 2019-05-06 1:37:42 HRP link changes to up.<\/p>\n <\/p>\n \u914d\u7f6e\u9632\u706b\u5899\u63a5\u53e3:<\/strong><\/p>\n [FW1]interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-GigabitEthernet1\/0\/0]ip address 192.168.1.1 24<\/p>\n [FW1-GigabitEthernet1\/0\/0]service-manage ping permit<\/p>\n [FW1-GigabitEthernet1\/0\/0]service-manage http permit<\/p>\n [FW1-GigabitEthernet1\/0\/0]quit<\/p>\n [FW1]interface GigabitEthernet 1\/0\/1<\/p>\n [FW1-GigabitEthernet1\/0\/1]ip address 10.10.10.10 8<\/p>\n [FW1-GigabitEthernet1\/0\/1]service-manage ping permit<\/p>\n [FW1-GigabitEthernet1\/0\/1]service-manage http permit<\/p>\n [FW1-GigabitEthernet1\/0\/1]quit<\/p>\n \u52a0\u5165\u76f8\u5e94\u7684\u533a\u57df\u5185:<\/strong><\/p>\n [FW1]firewall zone trust<\/p>\n [FW1-zone-trust]add interface GigabitEthernet 1\/0\/0<\/p>\n [FW1-zone-trust]quit<\/p>\n [FW1]firewall zone untrust<\/p>\n [FW1-zone-untrust]add interface GigabitEthernet 1\/0\/1<\/p>\n [FW1-zone-untrust]quit<\/p>\n \u653e\u884c\u6570\u636e\u5305:<\/strong><\/p>\n [FW1]security-policy<\/p>\n [FW1-policy-security]rule name any_trust<\/p>\n [FW1-policy-security-rule-any_trust]source-zone any<\/p>\n [FW1-policy-security-rule-any_trust]destination-zone trust<\/p>\n [FW1-policy-security-rule-any_trust]service http<\/p>\n [FW1-policy-security-rule-any_trust]service icmp<\/p>\n [FW1-policy-security-rule-any_trust]action permit<\/p>\n \u914d\u7f6e\u8d1f\u8f7d\u5747\u8861:<\/strong><\/p>\n [FW1] slb enable \/\/ \u542f\u7528SLB\u670d\u52a1<\/p>\n [FW1] slb \/\/ \u8fdb\u5165SLB\u914d\u7f6e\u89c6\u56fe<\/p>\n [FW1-slb] group 1 WebServer \/\/ \u521b\u5efa\u670d\u52a1\u5668\u7ec4webServer<\/p>\n [FW1-slb-group-1] metric weight-least-connection \/\/ \u4f7f\u7528\u52a0\u6743\u8f6e\u8be2\u7b97\u6cd5<\/p>\n # ——————————————————-<\/p>\n \/\/ \u4ee5\u4e0b\u4e3a\u771f\u5b9e\u670d\u52a1\u8bbe\u7f6e IP\u5730\u5740 \u7aef\u53e3 \u6743\u91cd\u503c \u522b\u540d\/\/<\/p>\n [FW1-slb-group-1] rserver 1 rip 192.168.1.2 port 80 weight 1 description server1<\/p>\n [FW1-slb-group-1] rserver 2 rip 192.168.1.3 port 80 weight 1 description server2<\/p>\n [FW1-slb-group-1] rserver 3 rip 192.168.1.3 port 80 weight 1 description server3<\/p>\n [FW1-slb-group-1]<\/p>\n [FW1-slb-group-1] health-check type icmp tx-interval 5 times 3 \/\/ \u914d\u7f6e\u670d\u52a1\u5065\u5eb7\u68c0\u67e5\u53c2\u6570<\/p>\n [FW1-slb-group-1] persistence type source-ip aging-time 180 \/\/ \u914d\u7f6e\u4f1a\u8bdd\u4fdd\u6301\u65f6\u95f4<\/p>\n [FW1-slb-group-1] quit \/\/ \u8fd4\u56deSLB\u89c6\u56fe<\/p>\n [FW1-slb]<\/p>\n [FW1-slb] vserver 1 WebServer \/\/ \u521b\u5efa\u865a\u62df\u670d\u52a1\u5668WebServer<\/p>\n [FW1-slb-vserver-1] protocol tcp \/\/ \u914d\u7f6e\u865a\u62df\u670d\u52a1\u5668\u7684\u534f\u8bae\u7c7b\u578b<\/p>\n [FW1-slb-vserver-1] vip 1 10.10.10.100 \/\/ \u8bbe\u7f6e\u865a\u62df\u670d\u52a1\u5668IP\u5730\u5740<\/p>\n [FW1-slb-vserver-1] vport 80 \/\/ \u8bbe\u7f6e\u865a\u62df\u670d\u52a1\u5668\u7aef<\/p>\n [FW1-slb-vserver-1] group WebServer \/\/ \u5173\u8054\u771f\u5b9e\u670d\u52a1\u5668\u7ec4<\/p>\n [FW1-slb-vserver-1] quit \/\/ \u8fd4\u56deSLB\u89c6\u56fe<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" \u521d\u59cb\u5316\u9632\u706b\u5899 \u521d\u59cb\u5316\u9632\u706b\u5899:\u00a0\u9ed8\u8ba4\u7528\u6237\u540d\u4e3aadmin,\u9ed8\u8ba4\u7684\u5bc6\u7801Admin@123,\u8fd9\u91cc\u4fee\u6539\u5bc6\u7801\u4e3aLyShar […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[],"class_list":["post-2547","post","type-post","status-publish","format-standard","hentry","category-hw"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/2547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2547"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/2547\/revisions"}],"predecessor-version":[{"id":2553,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/2547\/revisions\/2553"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\u9632\u706b\u5899\u57fa\u672c\u914d\u7f6e<\/h3>\n
![\"Diagram\n\nDescription](\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/10\/diagram-description-automatically-generated-13.jpeg\")
<\/p>\nNAT \u5730\u5740\u8f6c\u6362<\/h3>\n
![\"Diagram\n\nDescription](\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/10\/diagram-description-automatically-generated-14.jpeg\")
<\/p>\n\u914d\u6210\u4ea4\u6362\u673a<\/h3>\n
![\"Diagram\n\nDescription](\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/10\/diagram-description-automatically-generated-15.jpeg\")
<\/p>\n\u4e3b\u5907\u53cc\u673a\u70ed\u5907<\/h3>\n
![\"Diagram\n\nDescription](\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/10\/diagram-description-automatically-generated-16.jpeg\")
<\/p>\n
\n\u5907\u914d\u7f6e\u5b89\u5168\u7b56\u7565\uff0c\u4e14\u5b89\u5168\u7b56\u7565\u4f1a\u81ea\u52a8\u540c\u6b65\u5230\u5907\u8bbe\u5907\u4e0a\u9762\u3002<\/p>\n\u914d\u7f6e\u8d1f\u8f7d\u5747\u8861<\/h3>\n
![\"Diagram\n\nDescription](\"https:\/\/www.xh86.me\/wp-content\/uploads\/2021\/10\/diagram-description-automatically-generated-17.jpeg\")
<\/p>\n