2018年华三杯山东省赛决赛实验

server/2024/11/29 18:47:33/

2018年华三杯山东省赛决赛实验

拓扑图

image.png

配置需求

请考生根据以下配置需求在 HCL中的设备上进行相关配置。

网络设备虚拟化

数据中心交换机需要实现虚拟化。支持的虚拟化技术 IRF,所配置的参数要求如下:

  • 链形堆叠,IRF Domain 值为 10;

  • IRF1的 member ID 为 1,IRF2的 member ID 为 2;

  • IRF1为 IRF 中的主设备,优先级值为10;

虚拟局域网 VLAN

为了减少广播,需要规划并配置 VLAN。具体要求如下:

  • 配置合理,链路上不允许不必要的数据流通过。

  • 交换防火墙间的互连物理端口直接使用三层模式互连。

  • S1和 S2间的 G1/0/11 端口为 trunk 链路。

  • IRF(IRF1和IRF2)交换机的第23、24端口与S1和S2互连的23、24端口分别设置聚合。

链路聚合要求如下:

  • IRF、S1、S2聚合接口组分别为 1和2。

  • 链路类型为 Trunk 类型 23,24。

  • 链路上不允许不必要的数据流通过。

根据上述信息及表2-1,在交换机上完成 VLAN配置和端口分配。

表 2-1 VLAN 分配表

设备VLAN 编号VLAN 名称端口划分
IRF 1/IRF 2VLAN 10RD1 至 4
VLAN 20Sales5 至 8
VLAN 30Supply9 至 12
VLAN 40Service13 至 16

IPv4 地址部署

根据表 2-2,为网络设备分配 IPv4 地址。

表2-2. IPv4 地址分配表

设备接口IPv4 地址
S 1VLAN 10192.168.10.252/24
VLAN 20192.168.20.252/24
VLAN 30192.168.30.252/24
VLAN 40192.168.40.252/24
G 1/0/110.0.0.5/30
G 1/0/1010.0.0.1/30
LoopBack 09.9.9.201/32
S 2Vlan 10192.168.10.253/24
Vlan 20192.168.20.253/24
Vlan 30192.168.30.253/24
Vlan 40192.168.40.253/24
G 1/0/110.0.0.9/30
G 1/0/1010.0.0.2/30
FwG 1/0/010.0.0.13/30
G 1/0/110.0.0.6/30
G 1/0/210.0.0.10/30
LoopBack 09.9.9.2/32
LoopBack 100192.16.100.254/24

OSPF 协议部署

总部使用 OSPF协议作为 IGP/内部网关协议以达到互通。具体要求如下:

  • OSPF 进程 10,总部为区域 0, router-id为 loopback0 口地址

  • 要求业务网段中不出现协议报文

  • 修改接口网络类型,加快 OSPF 收敛速度

  • 为了管理方便,需要发布 Loopback地址;

IPv4 BGP 路由部署

总部与分部间使用 BGP 协议。具体要求如下:

  • 分部为 AS200,总部为 AS100;

  • 总部内 FW与 S1、S2 需要以 Lo 1、S2 需要以 LoopBack 0 为源地址使用对等体组 as100 建立 IBGP 连接;

  • 总部与分部用物理接口建立 EBGP连接;

  • 总部与分部用物理接口建立 EBGP 连接

  • 配置BGP 的下一跳(NEXT_HOP)属性,以避免路由黑洞;

  • 总部和分部的所有业务流必须通过 network 命令来发布

  • 通过配置 BGP 路由优先级值为 80(EBGP)、100(IBGP)、130(本地 BGP) 从而避免路由环路。

  • 分部向总部发布缺省路由。最终,要求全网路由互通。

防火墙安全域部署

FW上配置安全域和域间策略。具体要求如下:

  • FW1与 R1 互联接口处于 Untrust 安全域,其余接口处于 Trust 安全域;

  • 配置域间策略,允许所有 IP流量通过

  • 域间策略通过 ACL 实现,ACL 编号为 3100。

路由优化部署

在S1、S2上配置路由策略以达到路由优化目的。VLAN10、VLAN20 的数据流经过 S1-FW转发,当FW-S1 不可用时, 通过 S1-S2-FW 转发;VLAN30、VLAN40 的数据流经过S2-FW转发,当 S2-FW 不可用时,通过 S2-S1-FW 转发。

通过发布路由时配置 route-policy 来实现,具体要求如下: 本要求如下:

  • Route-policy名称为 12100,节点必须为 10、20、30等依此类推;

  • 使用 ACL 来匹配路由,ACL 编号必须为 2001(对应 VLAN10、VLAN20 的路由)和 2002(对应VLAN30、 VLAN40 的路由) ;

  • policy 设定的 local-preference 值分别为 100和200(分别对应主路由和备路由)。

IPv6 路由配置

考虑到总部有部分主机需要通过IPv6访问总部防火墙,所以需要配置 IPv6 网络

地址分配如下表所示:

IPv6 地址分配表

设备接口IPV6 地址
S 1VLAN 102001:172:10::252/64
VLAN 202001:172:20::252/64
VLAN 302001:172:30::252/64
VLAN 402001:172:40::252/64
G 1/0/1FE80:11::1 link-local
G 1/0/10FE80:10::2 link-local
S 2
VLAN 102001:172:10::253/64
VLAN 202001:172:20::253/64
VLAN 302001:172:30::253/64
VLAN 402001:172:30::253/64
G 1/0/1FE80:12::1 link-local
G 1/0/10FE80:10::1 link-local
FWG 1/0/1FE80:11::2 link-local
G 1/0/2FE80:12::2 link-local
  • 规划使用动态路由协议,所配置的参数要求如下:

  • 使用 OSPFv3 路由协议,进程号为 100 ,区域为 0;

  • Router-id 用Loopback 0 接口 IP;

  • FW的域间策略与IPV4的相同;

  • IPV6 的ACL 编号为: 3100,允许所有 IPV6 流量通过;

  • VLAN 内主机(host) 使用无状态自动配置地址技术自动获得 IPv6前缀。

MSTP 及 VRRP 部署

在总部交换机 S1、S2、IRF 上配置 MSTP 防止二层环路;要求VLAN10、VLAN20 所有数据流经过 S1 转发,VLAN30、VLAN40 所有数据流经过S2 转发。所配置的参数要求如下:

  • region-name 为 H3C;

  • 实例值为1和2

  • S1 作为实例1中的主根, S2作为从根;

在S1 和 S2 上配置 VRRP,实现主机的网关冗余。所配置的参数要求如表2-3

表 2-3 52 和 53 的 VRRP 参数表

VLANVRRP 备份组号(VRID)VRRP 虚拟 IP
VLAN1010192.168.10.254
VLAN2020192.168.20.254
VLAN3030192.168.30.254
VLAN4040192.168.40.254
  • S1 作为 VLAN 10, VLAN 20 所有主机的实际网关, S2 作为备份网关;S2 作为 VLAN 30, VLAN 40 中所有主机的实际网关, S1 作为备份网关

  • 各 VRRP组中高优先级设置为150,低优先级设置为 120。

设备配置

基础 IP 配置

//S1
Sys
Sysname S1
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int vlan 10
Ip add 192.168.10.252 24
Undo shutdown
Quit
Int vlan 20
Ip add 192.168.20.252 24
Undo shutdown
Quit
Int vlan 30
Ip add 192.168.30.252 24
Undo shutdown
Quit
Int vlan 40
Ip add 192.168.40.252 24
Undo shutdown
Quit
Int ge 1/0/1
Port link-mode route
Ip add 10.0.0.5 30
Undo shutdown
Quit
Int ge 1/0/10
Port link-mode route
Ip add 10.0.0.1 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.201 32
Quit
//S2
Sys
Sysname S2
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int vlan 10
Ip add 192.168.10.253 24
Undo shutdown
Quit
Int vlan 20
Ip add 192.168.20.253 24
Undo shutdown
Quit
Int vlan 30
Ip add 192.168.30.253 24
Undo shutdown
Quit
Int vlan 40
Ip add 192.168.40.253 24
Undo shutdown
Quit
Int ge 1/0/1
Port link-mode route
Ip add 10.0.0.9 30
Undo shutdown
Quit
Int ge 1/0/10
Port link-mode route
Ip add 10.0.0.2 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.202 32
Quit
//FW
Sys
Sysname FW
Int ge 1/0/0
Ip add 10.0.0.13 30
Undo shutdown
Quit
Int ge 1/0/1
Ip add 10.0.0.6 30
Undo shutdown
Quit
Int ge 1/0/2
Ip add 10.0.0.10 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.1 32
Int lo 100
Ip add 192.16.100.254 24
Quit
//R1
Sys
Sysname R 1
Int ge 0/0
Ip add 10.0.0.14 30
Undo shutdown
Quit
Int lo 0
Ip add 9.9.9.2 32
Quit

二层部分

IRF 堆叠
//IRF 1
Sys
Sysname IRF1
//IRF 2
Sys
Sysname IRF2
Irf member 1 renumber 2
Y
Quit
Save
Y
Reboot
//IRF 1
Sys
Irf domian 10
Int range ten-gi 1/0/50 ten-gi 1/0/51
Shutdown
Quit
Irf-port 1/1
Port group int ten-gi 1/0/50
Port group int ten-gi 1/0/51
Quit
Int range ten-gi 1/0/50 ten-gi 1/0/51
Undo shutdown
Quit
Irf member 1 priority 10
Save
Y
Irf-port-configuration active
//IRF 2
Sys
Irf domian 10
Int range ten-gi 2/0/50 ten-gi 2/0/51
Shutdown
Quit
Irf-port 2/2
Port group int ten-gi 2/0/50
Port group int ten-gi 2/0/51
Quit
Int range ten-gi 2/0/50 ten-gi 2/0/51
Undo shutdown
Quit
Save
Y
Irf-port-configuration active
VLAN 划分+VLAN 修剪+链路聚合
//IRF
Sys
Sysname IRF
Vlan 10
Name RD
Vlan 20
Name Sales
Vlan 30
Name Supply
Vlan 40
Name Service
Quit
Int bridge-aggregation 1
Quit
Int range ge 1/0/24 ge 2/0/24
Port link-aggregation group 1
Quit
Int bridge-aggregation 1
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
Int bridge-aggregation 2
Quit
Int range ge 1/0/23 ge 2/0/23
Port link-aggregation group 2
Quit
Int bridge-aggregation 2
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
Int range ge 1/0/1 to ge 1/0/4 ge 2/0/1 to ge 2/0/4
Port link-type access
Port access vlan 10
Quit
Int range ge 1/0/5 to ge 1/0/8 ge 2/0/5 to ge 2/0/8
Port link-type access
Port access vlan 20
Quit
Int range ge 1/0/9 to ge 1/0/12 ge 2/0/9 to ge 2/0/12
Port link-type access
Port access vlan 30
Quit
Int range ge 1/0/13 to ge 1/0/16 ge 2/0/13 to ge 2/0/16
Port link-type access
Port access vlan 10
Quit
//S 1
Sys
Int bridge-aggregation 1
Quit
Int range ge 1/0/23 ge 1/0/24
Port link-aggregation group 1
Quit
Int range bridge-aggregation 1 ge 1/0/11
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
//S 2
Sys
Int bridge-aggregation 2
Quit
Int range ge 1/0/23 ge 1/0/24
Port link-aggregation group 2
Quit
Int range bridge-aggregation 2 ge 1/0/11
Port link-type trunk
Port trunk permit vlan 10 20 30 40
Quit
MSTP +VRRP
//S 1
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20
Instance 2 vlan 30 40
Active region-configuration
Quit
Stp instance 1 root primary
Stp instance 2 root secondary
Int vlan 10
Vrrp vrid 10  virtual-ip 192.168.10.254
Vrrp vrid 10 priority 150
Quit
Int vlan 20
Vrrp vrid 20  virtual-ip 192.168.20.254
Vrrp vrid 20 priority 150
Quit
Int vlan 30
Vrrp vrid 30  virtual-ip 192.168.30.254
Vrrp vrid 30 priority 120
Quit
Int vlan 40
Vrrp vrid 40  virtual-ip 192.168.40.254
Vrrp vrid 40 priority 120
Quit
//S 2
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20
Instance 2 vlan 30 40
Active region-configuration
Quit
Stp instance 1 root secondary
Stp instance 2 root primary
Int vlan 10
Vrrp vrid 10  virtual-ip 192.168.10.254
Vrrp vrid 10 priority 120
Quit
Int vlan 20
Vrrp vrid 20  virtual-ip 192.168.20.254
Vrrp vrid 20 priority 120
Quit
Int vlan 30
Vrrp vrid 30  virtual-ip 192.168.30.254
Vrrp vrid 30 priority 150
Quit
Int vlan 40
Vrrp vrid 40  virtual-ip 192.168.40.254
Vrrp vrid 40 priority 150
Quit
//IRF
Sys
Stp mode mstp
Stp region
Region-name H 3 C
Instance 1 vlan 10 20 di
Instance 2 vlan 30 40
Active region-configuration
Quit

三层网络配置

防火墙安全部署
//FW
Sys
Security-zone name Trust
Import int ge 1/0/1
Import int ge 1/0/2
Quit
Security-zone name Untrust
Import int ge 1/0/0
Quit
Acl advanced 3100
Rule permit ip source any  destination any
Quit
Zone-pair security source trust destination untrust
Packet-filter 3100
Quit
Zone-pair security source untrust destination trust
Packet-filter 3100
Quit
Zone-pair security source trust destination local
Packet-filter 3100
Quit
Zone-pair security source local destination trust
Packet-filter 3100
Quit
Zone-pair security source untrust destination local
Packet-filter 3100
Quit
Zone-pair security source local destination untrust
Packet-filter 3100
Quit
Ospf+接口 P 2 P
//S 1
Ospf 10 router-id 9.9.9.201
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Network 9.9.9.201 0.0.0.0
Network 10.0.0.4 0.0.0.3
Network 10.0.0.0 0.0.0.3
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Quit
Quit
Int range ge 1/0/1 ge 1/0/10
Ospf network-type p 2 p
Quit
//S 2
Ospf 10 router-id 9.9.9.202
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Network 9.9.9.202 0.0.0.0
Network 10.0.0.8 0.0.0.3
Network 10.0.0.0 0.0.0.3
Network 192.168.10.0 0.0.0.255
Network 192.168.20.0 0.0.0.255
Network 192.168.30.0 0.0.0.255
Network 192.168.40.0 0.0.0.255
Quit
Quit
Int range ge 1/0/1 ge 1/0/10
Ospf network-type p 2 p
Quit
//FW
Ospf 10 router-id 9.9.9.1
Area 0
Network 9.9.9.1 0.0.0.0
Network 10.0.0.8 0.0.0.3
Network 10.0.0.4 0.0.0.3
Quit
Quit
Int range ge 1/0/1 ge 1/0/2
Ospf network-type p 2 p
Quit
BGP 路由部署
BGP 邻居建立+next-hop-local
//FW
Sys
Bgp 100
Peer 9.9.9.201 as 100
Peer 9.9.9.201 connect-int lo 0
Peer 9.9.9.202 as 100
Peer 9.9.9.202 connect-int lo 0
Peer 10.0.0.14 as 200
Address ipv 4 unicast
Peer 9.9.9.201 enable
Peer 9.9.9.202 enable
Peer 10.0.0.14 enable
Peer 9.9.9.201 next-hop-local
Peer 9.9.9.202 next-hop-local
Network 9.9.9.1 255.255.255.255
Quit
Quit
//S 1
Sys
Bgp 100
Peer 9.9.9.1 as 100
Peer 9.9.9.1 connect-int lo 0
Address ipv 4 unicast
Peer 9.9.9.1 enable
Quit
Quit
//S 2
Sys
Bgp 100
Peer 9.9.9.1 as 100
Peer 9.9.9.1 connect-int lo 0
Address ipv 4 unicast
Peer 9.9.9.1 enable
Quit
Quit
//R 1
Sys
Bgp 200 
Peer 10.0.0.13 as 100
Address ipv 4 unicast
Peer 10.0.0.13 enable
Network 9.9.9.2 255.255.255.255
Network 192.16.100.0 255.255.255.0
Quit
Quit
BGP 路由策略+发布缺省路由
//S 1
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.1 route-policy 12000 im
Default local-preference 130
Quit
Quit
//S 2
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.1 route-policy 12000 im
Default local-preference 130
Quit
Quit
//FW
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Peer 9.9.9.201 route-policy 12000 im
Peer 9.9.9.202 route-policy 12000 im
Peer 10.0.0.14 route-policy 12000 im
Default local-preference 130
Quit
Quit
//R 1
Sys
Route-policy 12000 permit node 10
If-match as 200
Apply local-preference 80
Quit
Route-policy 12000 permit node 20
If-match as 100
Apply local-preference 100
Quit
Bgp 200
Address ipv 4 unicast
Peer 10.0.0.13 route-policy 12000 im
Default local-preference 130
Peer 10.0.0.13 default-route-advertise
Quit
Quit
路由优化部署
//S 1
Sys
Acl basic 2001
Rule 5 permit source 192.168.10.0 0.0.0.255
Rule 10 permit source 192.168.20.0 0.0.0.255
Quit
Acl basic 2002
Rule 5 permit source 192.168.30.0 0.0.0.255
Rule 10 permit source 192.168.40.0 0.0.0.255
Quit
Route-policy 12100 permit node 10
If-match ip address acl 2001
Apply local-preference 200
Quit
Route-policy 12100 permit node 20
If-match ip address acl 2002
Apply local-preference 100
Quit
Bgp 100
Address ipv 4 unicast
Import direct route-policy 12100
Quit
Quit
//S 2
Sys
Acl basic 2001
Rule 5 permit source 192.168.10.0 0.0.0.255
Rule 10 permit source 192.168.20.0 0.0.0.255
Quit
Acl basic 2002
Rule 5 permit source 192.168.30.0 0.0.0.255
Rule 10 permit source 192.168.40.0 0.0.0.255
Quit
Route-policy 12100 permit node 10
If-match ip address acl 2001
Apply local-preference 100
Quit
Route-policy 12100 permit node 20
If-match ip address acl 2002
Apply local-preference 200
Quit
Bgp 100
Address ipv 4 unicast
Import direct route-policy 12100
Quit
Quit

IPv 6 路由配置

IPv 6 地址配置
//S 1
Sys
Int vlan 10
ipv6 add 2001:172:10:: 252 64
Undo shutdown
Quit
Int vlan 20
ipv6 add 2001:172:20:: 252 64
Undo shutdown
Quit
Int vlan 30
ipv6 add 2001:172:30:: 252 64
Undo shutdown
Quit
Int vlan 40
ipv6 add 2001:172:40:: 252 64
Undo shutdown
Quit
Int ge 1/0/1
ipv6 add FE80:11:: 1 link-local
Undo shutdown
Quit
Int ge 1/0/10
ipv6 add FE80:10:: 2 link-local
Undo shutdown
Quit
//S 2
Sys
Int vlan 10
ipv6 add 2001:172:10:: 253 64
Undo shutdown
Quit
Int vlan 20
ipv6 add 2001:172:20:: 253 64
Undo shutdown
Quit
Int vlan 30
ipv6 add 2001:172:30:: 253 64
Undo shutdown
Quit
Int vlan 40
ipv6 add 2001:172:40:: 253 64
Undo shutdown
Quit
Int ge 1/0/1
ipv6 add FE80:12:: 1 link-local
Undo shutdown
Quit
Int ge 1/0/10
ipv6 add FE80:10:: 1 link-local
Undo shutdown
Quit
//FW
Sys
Int ge 1/0/1
ipv6 add FE80:11:: 2 link-local
Undo shutdown
Quit
Int ge 1/0/2
ipv6 add FE80:12:: 2 link-local
Undo shutdown
Quit
VRRPv3
//S 1
Sys
Int vlan 10
Vrrp ipv6 vrid 10 virtual-ip FE80:: 10 link-local
vrrp ipv6 vrid 10 virtual-ip 20 01:172:10::254
Vrrp ipv6 vrid 10 priority 150
Quit
Int vlan 20
Vrrp ipv6 vrid 20 virtual-ip FE80:: 20 link-local
vrrp ipv 6 vrid 20 virtual-ip 20 01:172:20::254
Vrrp ipv 6 vrid 20 priority 150
Quit
Int vlan 30
Vrrp ipv6 vrid 30 virtual-ip FE80:: 30 link-local
vrrp ipv6 vrid 30 virtual-ip 20 01:172:30::254
Vrrp ipv6 vrid 30 priority 120
Quit
Int vlan 40
Vrrp ipv6 vrid 40 virtual-ip FE80:: 40 link-local
vrrp ipv6 vrid 40 virtual-ip 20 01:172:40::254
Vrrp ipv6 vrid 40 priority 120
Quit
//S 2
Sys
Int vlan 10
Vrrp ipv6 vrid 10 virtual-ip FE80:: 10 link-local
vrrp ipv6 vrid 10 virtual-ip 20 01:172:10::254
Vrrp ipv6 vrid 10 priority 120
Quit
Int vlan 20
Vrrp ipv6 vrid 20 virtual-ip FE80:: 20 link-local
vrrp ipv6 vrid 20 virtual-ip 20 01:172:20::254
Vrrp ipv6 vrid 20 priority 120
Quit
Int vlan 30
Vrrp ipv6 vrid 30 virtual-ip FE80:: 30 link-local
vrrp ipv6 vrid 30 virtual-ip 20 01:172:30::254
Vrrp ipv6 vrid 30 priority 150
Quit
Int vlan 40
Vrrp ipv6 vrid 40 virtual-ip FE80:: 40 link-local
vrrp ipv6 vrid 40 virtual-ip 20 01:172:40::254
Vrrp ipv6 vrid 40 priority 150
Quit
OSPFv3
//S 1
Sys
Ospfv 3 100
Router-id 9.9.9.201
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Quit
Int range vlan 10 vlan 20 vlan 30 vlan 40 ge 1/0/1 ge 1/0/10
Ospfv 3 100 area 0
Quit
//S 2
Sys
Ospfv 3 100
Router-id 9.9.9.202
Silent-interface vlan 10
Silent-interface vlan 20
Silent-interface vlan 30
Silent-interface vlan 40
Area 0
Quit
Int range vlan 10 vlan 20 vlan 30 vlan 40 ge 1/0/1 ge 1/0/10
Ospfv 3 100 area 0
Quit
//FW
Sys
Ospfv 3 100
Router-id 9.9.9.1
Area 0
Quit
Int range ge 1/0/1 ge 1/0/2
Ospfv 3 100 area 0
Quit
基于 IPv 6 的 FW 域间策略
//FW
Sys
Acl ipv6 advanced 3100
Rule permit ipv6 source any destination any
Quit
Zone-pair security source trust destination untrust
Packet-filter ipv6 3100
Quit
Zone-pair security source untrust destination trust
Packet-filter ipv6 3100
Quit
Zone-pair security source trust destination local
Packet-filter ipv6 3100
Quit
Zone-pair security source local destination trust
Packet-filter ipv6 3100
Quit
Zone-pair security source untrust destination local
Packet-filter ipv6 3100
Quit
Zone-pair security source local destination untrust
Packet-filter ipv6 3100
Quit
IPv 6 无状态自动获取 IPv 6 前缀
//S 1
Sys
Int range vlan 10 vlan 20 vlan 30 vlan 40
Ipv6 address auto
Quit
//S 2
Sys
Int range vlan 10 vlan 20 vlan 30 vlan 40
Ipv6 address auto
Quit

http://www.ppmy.cn/server/15071.html

相关文章

wordpress建网站主题案例推荐

wordpress企业网站主题案例 https://www.mymoban.com/wordpress/ wordpress公司官网主题案例 https://www.wowsoho.com/jianzhan wordpress外贸主题案例 https://www.wpniu.com/moban

Redis网络模型

目录 1. Redis命令执行部分为什么使用单线程 2. 单线程下,Redis如何实现高性能的? reactor模型 3. 单线程部分 函数initServer 函数aeMain 服务端可读,执行acceptTcpHandler 客户端可读,执行readQueryFromClient 1. 读取…

开源事件通知库libevent及网络连接管理模块bufferevent详解

目录 1、libevent介绍 1.1、什么是libevent? 1.2、libevent特点 1.3、网络连接管理模块bufferevent 2、bufferevent有什么用? 3、bufferevent的整体设计与实现细节 3.1、整体概况 3.2、evbuffer与bufferevent 3.3、defer callback 4、bufferev…

三、搭建 VLC,实战点播功能

目录 1、VLC 播放器 2、VLC media player 3、VLC 打开网络串流 4、VLC 系统支持

2024HW --->蓝队面试题

这段时间在写横向移动,搞得鸽了很久(内网真的很玄学) 还没写完。。。 但是这不是准备HW了吗。小编也来整理一下自己收集到的题目吧!!! (仅为个人见解,不代表最终答案)&…

掌握未来通信技术:5G核心网基础入门

🔥个人主页:Quitecoder 🔥专栏:5GC笔记仓 朋友们大家好,本篇文章是我们新内容的开始,我们本篇进入5GC的学习,希望大家多多支持! 目录 一.核心网的演进2G核心网2.5G核心网3G核心网4G…

C#基础|OOP学习总结、优质的OOP程序有啥特点。

哈喽,你好,我是雷工。 以下为关于学习OOP的学习笔记。 01 OOP学习与基础语法有何不同 C#基础语法需要当时记住就行;OOP学习需要深入理解和记忆。 02 OOP学什么? OOP是学习各种编程的原则、方法、技巧、经验、模式、架构等。 …

【Harmony3.1/4.0】笔记三-计算器

概念 网格布局是由“行”和“列”分割的单元格所组成,通过指定“项目”所在的单元格做出各种各样的布局。网格布局具有较强的页面均分能力,子组件占比控制能力,是一种重要自适应布局,其使用场景有九宫格图片展示、日历、计算器等…