核心交换机跟防火墙怎么连

1、配置连接用户的接口和VLANif的接口。 

<Huawei>system-view

[Huawei]vlan batch 2 3 100

[Huawei]interface g0/0/2

[Huawei-GigabitEthernet0/0/2]port link-type access

[Huawei-GigabitEthernet0/0/2]port default vlan 2

[Huawei-GigabitEthernet0/0/2]quit

[Huawei]interface g0/0/3

[Huawei-GigabitEthernet0/0/3]port link-type access

[Huawei-GigabitEthernet0/0/3]port default vlan 3

[Huawei-GigabitEthernet0/0/3]quit

[Huawei]interface vlanif 2

[Huawei-Vlanif2]ip address 192.168.2.1 24

[Huawei-Vlanif2]quit

[Huawei]interface vlanif 3

[Huawei-Vlanif3]ip address 192.168.3.1 24

[Huawei-Vlanif3]quit

2、配置防火墙对应的接口

 [Huawei]interface g0/0/1

[Huawei-GigabitEthernet0/0/1]port link-type trunk

[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 100

[Huawei-GigabitEthernet0/0/1]quit

3、配置防火墙对应的VLanif接口。

[Huawei]interface vlanif 100

[Huawei-Vlanif100]ip address 192.168.100.2 24

[Huawei-Vlanif100]quit

4、配置静态路由

[Huawei]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1

1、配置连接交换机的端口和对应的IP地址

<Huawei>system-view

 [SRG]interface g0/0/1

 [SRG-GigabitEthernet0/0/1]ip address 192.168.100.1 24

 [SRG-GigabitEthernet0/0/1]quit

2、配置回程路由。

[SRG]ip route-static 192.168.2.0 255.255.255.0 192.168.100.2

[SRG]ip route-static 192.168.3.0 255.255.255.0 192.168.100.2

3、本方法只是讲述了核心交换机和防火墙的连接配置，配置公网IP，NAT配置，配置域并开启域间策略，在此省略，可以看我分享的三层对接防火墙的详细配置。