In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
1. Case topology diagram (where AR2 and FW enable ospf protocol)
2. The main configuration of core equipment AR2
2.1
AR2
#
Acl number 2000
Rule 5 permit source 192.168.1.0 0.0.0.255 / / match routes that need to be filtered
#
Traffic classifier liu operator or
If-match acl 2000
#
Traffic behavior liu
Redirect ip-nexthop 2.1.1.6
#
Traffic policy liu
Classifier liu behavior liu
Interface GigabitEthernet0/0/0
Ip address 1.1.1.5 255.255.255.252
Traffic-policy liu inbound / / policies are applied in the direction of data entry
2.2
The key point has bothered me for a long time (if the default route is not issued, it will cause two ospf processes to fail to learn each other's business address)
Ospf 1
Default-route-advertise always / / will issue a default route.
Ospf 2
Default-route-advertise always / / will issue a default route.
3. Key configuration of firewall
3.1
Security policy
#
Security-policy
Rule name trust-local
Source-zone trust
Destination-zone local
Action permit
Rule name local-trust
Source-zone local
Destination-zone trust
Action permit
Rule name untrust-local
Source-zone untrust
Destination-zone local
Action permit
Rule name local-untrust
Source-zone local
Destination-zone untrust
Action permit
Rule name pc-server
Source-address 192.168.1.1 mask 255.255.255.255
Destination-address 10.1.1.1 mask 255.255.255.255
Action permit
3.2
Firewall interface security zone
Firewall zone trust
Set priority 85
Add interface GigabitEthernet0/0/0
#
Firewall zone untrust
Set priority 5
Add interface GigabitEthernet1/0/0
4. Verify whether pc1--- > server passes through the firewall
View the session table of the firewall
View the session list on the firewall to show that the policy is in effect.
Display firewall session table
2019-04-04 14 purl 4843.930
Current Total Sessions: 6
Icmp × ×: public-- > public 192.168.1.1 public 18713-- > 10.1.1.1 public 2048
Icmp × ×: public-- > public 192.168.1.1 public 20249-- > 10.1.1.1 public 2048
Icmp × ×: public-- > public 192.168.1.1 public 19225-- > 10.1.1.1 public 2048
Icmp × ×: public-- > public 192.168.1.1 public 19993-- > 10.1.1.1 public 2048
Icmp × ×: public-- > public 192.168.1.1 public 18969-- > 10.1.1.1 public 2048
Icmp × ×: public-- > public 192.168.1.1 public 19481-> 10.1.1.1 public 2048
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
