Loading... # 1 配置 # 2 普通二层交换机 ``` enable conf t no spanning-tree vlan 1 int range e0/0 - 3 no shutdown switchport mode access switchport access vlan 1 ``` ## 2.1 R3 ``` enable conf t int e0/1 ip address 111.14.46.65 255.255.255.0 no shutdown ``` ## 2.2 usg1 ``` # 基础配置 system-view icmp ttl-exceeded send # 虚拟路由器配置 vsys enable vsysa name vsysa add interface giga1/0/0 ## for public 根墙 ### 接口 int g1/0/2 ip address 111.14.46.80 24 undo shutdown service-manager all permit int virtual-if 0 ip address 10.0.0.1 24 ### 安全区域 firewall zone untrust add interface giga1/0/2 firewall zone dmz add int virtual-if 0 ### 路由,这个是重点 ip route-static 10.2.11.0 24 vpn-instance vsysa ## 安全策略,简单测试,全通就好 security-policy rule name anypermit action permit ## for vsysa ### 接口 interface giga1/0/0 ip address 10.2.11.254 24 interface virtual-if 1 ip address 10.0.0.2 24 ### 安全区域 firewall zone trust add interface giga1/0/0 firewall zone dmz add interface virtual-if 1 ### 路由 ip route-static 0.0.0.0 0 public ### 安全策略 security-policy rule name anypermit action permit ``` # 3 参考 https://blog.51cto.com/u_13699905/2994506 https://www.jianshu.com/p/4025e5cd7616 最后修改:2023 年 11 月 02 日 © 允许规范转载 赞 如果觉得我的文章对你有用,请随意赞赏