三层交换机和防火墙对接上网

1、一、交换机的配置1、配置连接用户的接口和VLANif的接口。<Huawei>system幻腾寂埒-view[Huawei]vlan batch 2 3 100[Huawei]interface g0/0/2[Huawei-GigabitEthernet0/0/2]port link-type access[Huawei-GigabitEthernet0/0/2]port default vlan 2[Huawei-GigabitEthernet0/0/2]quit[Huawei]interface g0/0/3[Huawei-GigabitEthernet0/0/3]port link-type access[Huawei-GigabitEthernet0/0/3]port default vlan 3[Huawei-GigabitEthernet0/0/3]quit[Huawei]interface vlanif 2[Huawei-Vlanif2]ip address 192.168.2.1 24[Huawei-Vlanif2]quit[Huawei]interface vlanif 3[Huawei-Vlanif3]ip address 192.168.3.1 24[Huawei-Vlanif3]quit

2、配醅呓择锗置防火墙对应的接口和VLanif接口。3、配置静态路由[Huawei]interface g0/0/1[Huawei-GigabitEthernet0/0/1]port link-type trunk[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 100[Huawei-GigabitEthernet0/0/1]quit[Huawei]interface vlanif 100[Huawei-Vlanif100]ip address 192.168.100.2 24[Huawei-Vlanif100]quit[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1

4、二、防火墙的配置1、配置连接交换机的端口和对应的IP地址<Huawei>system-view[SRG]interface g0/0/1[SRG-GigabitEthernet0/0/1]ip address 192.168.100.1 24[SRG-GigabitEthernet0/0/1]quit

6、配置鲍伊酷雪NAT功能[SRG]nat address-group 1 200.0.0.2 200.0.0.2[SRG]nat-policy interzone trust untrust outbound[SRG-nat-policy-interzone-trust-untrust-outbound]policy 1[SRG-nat-policy-interzone-trust-untrust-outbound-1]policy source 192.168.0.0 0.0.255.255[SRG-nat-policy-interzone-trust-untrust-outbound-1]action source-nat[SRG-nat-policy-interzone-trust-untrust-outbound-1]address-group 1[SRG-nat-policy-interzone-trust-untrust-outbound-1]quit[SRG-nat-policy-interzone-trust-untrust-outbound]quit[SRG]