實驗目標:
R1和R2在同一個vlan,R1只能通過telnet訪問R2
命令行配置
首先配置號
R1和R2的2接口地址,然後創建vlan,接着把防火牆的接口地址設置成透明交換機接口並加入vlan
Trust1-R1:
sys
un in en
sysname Trust1-R1
int e0/0/0
ip address 192.168.7.17 24
dis this
quit
Trust2-R2:
sys
un in en
sysname Trust2-R2
int e0/0/0
ip address 192.168.7.77 24
dis this
quit
FW:
sys
un in en
sysname FW
vlan 10
dis this
quit
dis port vlan
int g1/0/0
portswitch
port link-type access
port default vlan 10
dis port vlan
quit
int g1/0/1
portswitch
port link-type access
port default vlan 10
dis port vlan
quit
創建兩個新的區域
Trust1和Trust2將接口地址分別劃分到這兩個區域中,然後防火牆設置策略
PS: 新一代防火牆對設置優先級無所謂,所以這裏set priority設置的值隨便設置,不要和原來的幾個區域的值重複就是了
FW:
sys
firewall zone name trust1
add int g1/0/0
set priority 75
dis this
quit
firewall zone name trust2
add int g1/0/1
see priority 80
dis this
quit
security-policy
rule name trust1_to_trust2
source-zone trust1
destination-zone trust2
service telnet
action permit
dis this
quit
然後再
R2上設置一下telnet登錄的驗證即可,這裏就不設置登錄驗證密碼之類的了,直接沒有密碼登錄
Trust2-R2:
sys
user-int vty 0 4
authentication-mode none
dis this
quit
驗證結果:
防火牆web端配置
