实验目标:
R1和R2在同一个vlan,R1只能通过telnet访问R2命令行配置
首先配置号
R1和R2的2接口地址,然后创建vlan,接着把防火墙的接口地址设置成透明交换机接口并加入vlan
Trust1-R1:
sys
un in en
sysname Trust1-R1
int e0/0/0
ip address 192.168.7.17 24
dis this
quitTrust2-R2:
sys
un in en
sysname Trust2-R2
int e0/0/0
ip address 192.168.7.77 24
dis this
quitFW:
sys
un in en
sysname FW
vlan 10
dis this
quit
dis port vlan
int g1/0/0
portswitch
port link-type access
port default vlan 10
dis port vlan
quit
int g1/0/1
portswitch
port link-type access
port default vlan 10
dis port vlan
quit创建两个新的区域
Trust1和Trust2将接口地址分别划分到这两个区域中,然后防火墙设置策略
PS: 新一代防火墙对设置优先级无所谓,所以这里set priority设置的值随便设置,不要和原来的几个区域的值重复就是了
FW:
sys
firewall zone name trust1
add int g1/0/0
set priority 75
dis this
quit
firewall zone name trust2
add int g1/0/1
see priority 80
dis this
quit
security-policy
rule name trust1_to_trust2
source-zone trust1
destination-zone trust2
service telnet
action permit
dis this
quit然后再
R2上设置一下telnet登录的验证即可,这里就不设置登录验证密码之类的了,直接没有密码登录
Trust2-R2:
sys
user-int vty 0 4
authentication-mode none
dis this
quit验证结果:
防火墙web端配置
