华为设备大型园区出口配置

1.配置各接口的IP地址

(1)配置AR1

[AR1]int LoopBack 0

[AR1-LoopBack0]ip add 3.3.3.3 32

[AR1-GigabitEthernet0/0/0]ip add 10.1.1.3 24

[AR1-GigabitEthernet0/0/1]ip add 20.1.1.3 24

[AR1-GigabitEthernet0/0/2]ip add 10.1.3华为商城2.3 24

(2)配置AR2

[AR2]int大型园区网配置 LoopBack 0

[AR2-LoopBack0]ip add 4.4.4.4 32

[AR2-GigabitEthernet0/0/0]ip add 10.1.2.4 24

[AR2-GigabitEthernet0/0/2]ip add 10.1.华为41.4 24

[AR2-GigabitEthernet0/0/1]ip add 20.1.2.4 24

(3)配置FW1

[FW1]int LoopBack 0

[FW1-LoopBack0]ip add 1.1.1.1 32

[FW1-GigabitEthernet1/0/0]ip add 10.1.1.1 24

[FW1-GigabitEthernet1/0/1]ip add 10.1.3.1 24

[FW1-GigabitEthernet1/0/2]ip add 10.1.14.1华为将和苹果三星谈判 24

[FW1-GigabitEthernet1/0/4]ip add 10.1.41.1 24

[FW1-GigabitEthernet1/0/6]ip add 10.1.12.1 24

(4)配置FW2

[FW2]int LoopBack 0

[FW2-LoopBack0]ip add 2.网络安全主题班会2.2.2 32

[FW2-GigabitEthernet1/0/0]ip add 10.1.2.2 2网络安全法4

[FW2-GigabitEthernet1/0/1]ip add 10.1.23.2 24

[FW2-GigabitEthernet1/0/2]ip add 10.1.4.2 24

[FW2-GigabitEthernet1/0/3]ip add 10.1.41.2 24

[FW2-GigabitEthernet1/0/6]ip add 10.1.12.2 24

(5)配置LSW1

[LSW1-LoopBack0]i华为将和苹果三星谈判p address 3.路由交换3.3.5 32

[LSW1]vlan batch 30 31 32 34 35 36 37

[LSW1-GigabitEthernet0/0/1]port link-网络安全法开始施行的时间是t路由交换基础知识ype access

[LSW1-GigabitEthernet0/0/1]port defaul华为mate40prot vlan 31

[LSW1-GigabitEthernet0/0/2]port link-type access

[LSW1-GigabitEthernet0/0/2]port default vlan 32

[LSW1-GigabitEthernet0/0/3]port link-type trunk

[LSW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 35

[LSW1-GigabitEthernet0/0/4]port link-type trunk

[LSW1-GigabitEthernet0/0/4]port trun路由交换技术基础知识k allow-pass vlan 36

[LSW1-GigabitEthernet0/0/5]port link-type acc网络安全法开始施行的时间是ess

[LSW1-GigabitEthernet0/0/5]port default vlan 30

[LSW1-GigabitEthernet0/0/6]port link-type tru网络安全知识nk

[LSW1-GigabitEthernet0/0/6]port trunk allow-pass vlan a路由交换技术详解与实践答案ll

[LSW1-Vlanif31]ip add 10.1.3路由交换机.3 24

[LSW1-Vlanif32]ip add 10.1.23.3 24

[LSW1-Vlanif35]ip add 10.1.5.3 24

[LSW1-Vlanif36]ip add 10.1.36.3 24

[LSW1-Vlanif37]ip add 10.1.7.3 24

[LSW1-Vlanif34]ip add 10.1.34.3 24

(6)配置LSW2

[LSW2-LoopBack0]ip add 4.4.4.6 32

[LSW2]vlan batch 41 to 43 45 46

[LSW2-GigabitEthernet0/0/1]port link-type access

[LSW2-GigabitEthernet0/0/1]port default vlan 41

[LSW2-GigabitEthernet0/0/2]port link-type access

[LSW2-GigabitEthernet0/0/2]port default vlan 42

[LSW2-GigabitEthernet0/0/3]port link-type trunk

[LSW2-GigabitEthernet0/0/3]port trunk allow-pass vlan 45

[LSW2-GigabitEthernet0/0/4]por网络安全法t link-type trunk

[LSW2-GigabitEthernet0/0/4]port trunk allow-pass vlan 46

[LSW2-GigabitEthernet0/0/6]port link-type trunk

[LSW2-GigabitEthernet0/0/6]port trunk allow-pass vlan all

[LSW2-Vlanif41]ip add 10.1.1路由交换技术4.4 24

[LSW2-Vlanif42]ip add 10.1.4.4 24

[LSW2-Vlanif45]i路由交换p add 10.1.45.4 24

[LSW2-Vlanif46]ip add 10.1.46.4 24

[LSW2-Vlanif43]ip add 10.1.43.4 24

(7)配置LSW3

[LSW3-LoopBack0]ip ad网络安全知识d 5.5.5.3 32

[LSW3]vlan batch 10 35 45

[LSW3-GigabitEthernet0/0/1]port link-type tru网络安全法立法的首要目的nk

[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 35

[LSW3-GigabitEthernet0/0/2]port link-type trunk

[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 45

[LSW3-GigabitEthernet0/0/3]port link-type access

[LSW3-GigabitEthernet0/0/3]por路由交换基础知识t default vlan 10

[LSW3-GigabitEthernet0/0/3]stp edged-port enable

[LSW3-Vlanif10]ip add 1网络安全知识0.1.10.5 24

[LSW3-Vlanif35]ip add 10.1.5.5 2路由交换技术基础知识4

[LSW3-Vlanif45]ip add 10.1.45.5 24

[LSW3]stp bpdu-protection //配置B网络安全法开始施行的时间是PDU保护功能,加强网络的稳定性

(8)配置LSW4

[LSW4-LoopBack0]ip a网络安全知识内容dd 6.6.6.4网络安全知识内容 32

[LSW4]vlan batch 20 36 46

[LSW4-GigabitEthernet0/0/1]port l路由交换技术详解与实践答案ink-路由交换技术从事的工作ty路由交换原理pe trunk

[LSW4-GigabitEthernet0/0/1]port trunk allow-pass vlan 20 36

[LSW4-GigabitEthernet0/0/2]port link-华为nova7type trunk

[LSW4-GigabitEthernet0/0/2]port trunk网络安全教育 allow-pass vlan 20 46

[LSW4-GigabitEthernet0/0/3]port link-type access

[LSW4-GigabitEthernet0/0/3]port default vlan 20

[LSW4-GigabitEthernet0/0/3]stp edged-port enable网络安全手抄报图片

[LSW4-Vlanif20]ip add 10.1.20.6 24

[LSW4-Vlanif36]ip add 10.1.36.6 24

[LSW4-Vlanif46]ip add 10.1.6.6 24

[LSW4]stp bpdu-protection //配置BPDU保护功能,加强网络的稳定性

(9)配置AR3

[AR3-GigabitEthernet0/0/1]ip add 20.1.1.1 24

[AR3-GigabitEthernet0/0/2]ip add 20.1.2.1 24

[AR3-LoopBack0]ip add 10.10.10.10 32

2.配置防火墙

(1)将各接口加入到安全区域

[FW1]firewall zone trust

[FW1-zone-trust]add inter路由交换技术从事的工作face g1/0/1

[FW1-zone-trust]a网络安全知识dd interface g1/0/2

[FW1]firewall zone untrust

[FW1-zone-untrust]add interface g1/0/0

[FW1-zone-untrust]add interf华为云空间ace g1/0/4

[FW1]firewall zone dmz

[FW1-zone-dmz]add interface华为p40 g1/0/6

[FW2]firew网络安全知识内容all zone trust

[FW2-zone-trust]add interface g1/0/1

[FW2-zone-trust]add网络安全知识 interface g1/0/2

[FW2]f路由交换技术基础知识irewall zone untru网络/安全st网络/安全

[FW2-zone-untrust]add interface g1/0/0

[FW2-zone-untrust]add interface g1/网络安全主题班会0/3

[FW2]f网络安全教育心得体会irewall zone dmz网络安全教育心得体会

[FW2-zone-dmz]add interface g1/0/6

(2)配置FW1的安全策略

[FW1]securit网络安全工程师y-policy

[FW1-policy-security]rule na路由交换技术从事的工作me un_网络安全法立法的首要目的to_l //允许untrust区域的设备访问防火墙

[FW1-policy-security-rule-un_to_l]source-zone untrust

[FW1-policy-security-rule-un_to_l]source-address 1路由交换技术课后答案0.1.1.0 24

[FW1-policy-security-rule-un_to_l]source-address 10.1.41.0 24

[FW1-policy-security-rule-un_to_l]destination-zone local

[FW1-policy-security-rule-un_to_l]action permit

[FW1-policy-security]rule name tr_to_l //允许trunst区域的设备访问防火墙

[FW1-policy-security-rule-tr_to_l]source-zone tru网络安全知识st

[FW1-policy-security-rule-tr_to_l]sou华为云空间rce-address 10.1.3.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.5.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.45.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.7.0 24

[FW1-policy-security-rule-tr_to_l]so网络安全法urc网络安全法开始施行的时间是e-address 10.1.36.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.34.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.10.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.14.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.6.0 24

[FW1-policy-security-rule-tr_to_l]source-address 10.1.20.0 24

[FW1-policy-security-rule-tr_to_l]destination-zone local

[FW1-policy-security-rule-tr_to_l]action permit

[FW1-policy-security]rule name un_to_tr //允许untrust区域设备访问trust区域华为

[FW1-policy-security-rule-un_to_tr]source-zone untrust

[FW1-policy-security-rule-un_to_tr]source-address 10.1.1.0 24

[FW1-policy-security-rule-un_to_tr]so网络安全手抄报图片urce-address华为mate50 10.1.41路由交换原理.0 24

[FW1-policy-security-rule-un_to_tr]destination-zone trust

[FW1-policy-security-rule-un_to_tr]action p网络/安全ermit

[FW1-policy-security]rule name tr_to_un //允许A访问外网

[FW1-policy-security-rule-tr_to_un]source-zone trust

[FW1-policy-security-rule-tr_to_un]source-address 10.1.10.0 24

[FW1-policy-security-rule-tr_to_un]destination-zone untrust

[FW1-policy-security-rule-tr_to_un]action permit

(3)配置FW2的安全策略

[FW2]security-policy

[FW2-policy-security]rule name un_t华为mate40proo_l

[FW2-policy-security-rule-un_to_l]source-zone untrust

[FW2-policy-security-rule-un_to_l]so网络/安全urce-address 10.1.2.0 24

[FW2-policy-security-rule-un_to_l]source-address 10.1.32.0 24

[FW2-policy-security-rule-un_to_l]destination-zone local

[FW2-policy-security-rule-un_to_l]action permit

[FW2-policy-security]rule name tr_to_l

[FW2-policy-security-rule-tr_to_l]source-zone trust

[FW2-policy-security-rule-tr_to_l]source-路由交换技术详解与实践答案address 10.1.4.0 24

[FW2-policy-security-rule-tr_to_l]source-addre路由交换基础知识ss 10.1.23.0 24

[FW2-policy-security-rule-tr_to_l]source-address 10.1.34.0 24

[FW2-policy-security-rule-tr_to_l]so路由交换技术是干嘛的urce-address 10.1.6.0 24

[FW2-policy-security-rule-tr_to_l]source-address 10.1路由交换机.36.0 24

[FW2-policy-security-rule-tr_to_l]sourc大型园区网配置e-address 10.1.20.0 24

[FW2-policy-security-rule-tr_to_l]source网络安全知识-address 10.网络安全法立法的首要目的1.7.0 24

[FW2-policy-security-rule-tr_to_l]source-address 10.1.45.0 24

[FW2-policy-security-rule-tr_to_l]source-address 10.1.5.0 24

[FW2-policy-security-rule-tr_to_l]source-address 10.1.10.0 24

[FW2-policy-security-rule-tr_to_l]destin路由交换技术是干嘛的ation-z华为one local

[FW2-policy-security-rule-tr_to_l]actio网络安全教育n permit

[FW2-policy-security]rule name tr_to_un

[FW2-policy-security-rule-tr_to_un]source-z华为应用市场one trust

[FW2-policy-security-rule-tr_to_un]source-address 10.1.10.0 24

[FW2-policy-security-rule-tr_to_un]destination-zone untrust

[FW2-policy-security-rule-tr_to_un]action permit路由交换技术

[FW2-policy-security]rule name un_to_tr

[FW2-policy-security-rule-un_to_tr]source-zon华为p40e untrust

[FW2-policy-security-rule-un_to_tr]source路由交换机-address 10.1.2.0 24网络安全法开始施行的时间是

[FW2-policy-security-rule-un_to_tr]so华为应用市场urce-address 10.1.32.0 24路由交换技术基础知识

[FW2-policy-security-rule-un_to_tr]destination-zone trust

[FW2-policy-security-rule-un_to_tr]action permit

3.部署路由

(1)配置area 0区域

[AR1]rout网络安全手抄报图片er id 3.3.3.3

[AR1]ospf 1

[AR1-ospf-1]area 0

[AR1-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255

[AR1-ospf-1-area-0.0.0.0]network 10.1.32.0 0.0.0.255

[AR2]router id 4.4.4.4

[AR2]ospf 1

[AR2-ospf-1]area 0

[AR2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.255

[AR2-ospf-1-area-0.0.0.0]network 10.1.41.0 0.0.0.255

[FW1]router id 1.1.1.华为手机商标已申请注册至p1001

[FW1]ospf 1

[FW1-ospf-1]area 0

[FW1-ospf-1-area-0.0.0.0]n路由交换技术详解与实践答案etwork 10.1.华为官网1.0 0.0.0.255

[FW1-ospf-1-area-0.0.0.0]network 10.1.41.0 0.0.0.255

[FW1-ospf-1-area-0.0.0.0]netw华为应用市场ork 10.1.14.0 0.0.0.255

[FW1-ospf-1-area-0.0.0.0]network 10.路由交换基础知识1.3.0 0.0.华为mate500.255

[FW2]router id 2.2.2.2网络安全手抄报图片

[FW2]ospf 1

[FW2-ospf-1]area 0

[FW2-ospf-1-area-0.0.0.0]network 10.1.2.0 0.0.0.网络安全法立法的首要目的是255

[FW2-ospf-1-area-0.0.0.0]network 10.1.32.0 0.0.0.255路由交换

[FW2-ospf-1-area-0.0.0.0]netw网络安全工程师ork 10.1.23.0 0.0.0.255

[FW2-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.华为p40255

[LSW1]router id 3.3.3.5

[LSW1]ospf 1

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.1.3.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]n路由交换技术etwork 10.1.7.0 0.0.0.255

[LSW2]router id 4.4.4.6

[LSW2]ospf 1

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 10.1.4.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255网络安全知识

(2)配置area 1区域

[LSW1]ospf 1

[LSW1-ospf-1]area 1

[LSW1-ospf-1-area-0.0.0.1]network 10.1.5.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.1]nssa

[LSW2]ospf 1网络安全工程师

[LSW2-ospf-1]area 1

[LSW2-ospf-1-area-0.0.0.1]

[LSW2-ospf-1-area-0.0.0.1]network 10.1.45.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.1]nssa

[LSW3]ospf 1

[LSW3-ospf-1]area 1

[LSW3-ospf-1-area-0.0.0.1]network 10.1.5.0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.1]ne华为手机商标已申请注册至p100twork 10.1.45.路由交换技术0 0.0.0.255

[LSW3-ospf-1-area-0.0.0.1]network 10.1.10.0 0.0.0.255

(3)配置area 2区路由交换技术从事的工作

[LSW2-ospf-1]area 2

[LSW2-ospf-1-area-0.0.0.2]network 10.1.6.0 0.0.0.255

[LSW2-ospf-1-area-0.0.0.2]nssa

[LSW4]ospf 1

[LSW4-ospf-1]area 2

[LSW4-ospf-1-area-0.0.0.2]network 10.1路由交换.6.0 0.0.0.255

[LSW4-ospf-1-area-0.0.0.2]network 10.1.36.0 0.0.0.2网络安全法55路由交换基础知识

[LSW4-ospf-1-area-0.0.0.2]nssa

[LSW1-ospf-1]area 2

[LSW1-ospf-1-area-0.0.0.2]ne华为应用市场twork 10.1.36.0 0.0.路由交换技术详解与实践答案0.255

[LSW1-ospf-1-area-0.0.0.2]nssa

4.配置缺省路由:负载均衡方式

[AR1]ip route-static 0.0.0.0 0.0.0.0 20.1.1.1

[AR2]ip r网络安全教育oute-static 0.0.0.0 0.0.0.0 20.1.2.1

[FW1]ip route-static 0.0.0.0 0.0.0.0 10.1.1大型园区网配置.3

[FW1]ip route-stati网络安全法立法的首要目的是c 0.0.0.0 0.0.0.0 10.1.41.4

[FW2]ip route-static 0.0.0.0 0.0.0.0 10.1.2.4

[FW2]ip route-static 0.0.0.0 0.0.0.0 10.1.32.4

[LSW1]ip route-static 0.0.0.0 0.0.0.0 10.1.3.1

[LSW1]ip r大型园区网配置oute-sta路由交换机tic 0.0.0.0 0.0.0.0 10.1.23.2

[LSW2]ip route-static 0.0.0.0 0.0.0.0 10.1.4.2

[LSW2]ip route-static 0.0.0.0 0.0.0.0 10.1.华为云空间14.1

5.检查配置结果


                                            华为设备大型园区出口配置


                                            华为设备大型园区出口配置


                                            华为设备大型园区出口配置

6. 配置DHCP

(1)配置LSW1

[LSW1]dhcp enable

[LSW1]int Vlanif 35 //为A配置IP地址

[LSW1-Vlanif35]dhcp select global

[LSW1]int Vlanif 36 //为B配置IP地址

[LSW1-Vlanif36]dhcp select global

[LSW1]ip pool poola //A的地址池

[LSW1-ip-pool-poola]network 10.1.10.0 mask 24

[LSW1-ip-pool-poola]gateway-list 10.1.10.5

[LSW1]ip po华为mate50ol poolb //B的地址池

[LSW1-ip-pool-poolb]network 10.1.20.0 mask 24

[LSW1-ip-pool-poolb]gateway-list 10.1.20.6

网络安全知识2)配置LSW2

[LSW2]dhcp enable

[LSW2]int Vlanif 4华为商城6

[LSW2-Vlanif46]dhcp select global

[LSW2]int Vlanif 45

[LSW2-Vlanif45]dhcp select global

[LSW2]ip pool poola

[LSW2-ip-pool-poola]network 10.1.10.0 mask 24

[LSW2-ip-pool-poola]gatewa网络安全知识内容y-list 10.1.1路由交换技术0.5

[LSW2]ip pool poolb

[LSW2-ip-pool-poolb]network 10.1.20.路由交换技术课后答案0 mask 24

[LSW2-ip-pool-poolb]gateway-list 10.1.20.6

(3)配置DHCP中继

[LSW3]dhcp enable

[LSW3-Vlanif10]dhcp select relay

[LSW3-Vlanif10]dhcp relay serv华为nova7er-ip 10.华为mate501.5.3

[LSW3-Vlanif10]dhcp relay server-ip 10.1.45.4

[LSW4]dhcp enable

[LSW4]int Vlanif 20

[LSW4-Vlanif20]dhcp select relay

[LSW4-Vlanif20]dhcp relay server-ip 10.1.6.4

[LSW4-Vlanif20]dhcp华为 relay server-路由交换基础知识ip 10.1.36.3

7. 在出口路由交换路由器配置NAT

(1)在AR1上配置NAT

[AR1]nat address-group 1 20.路由交换1.1.4 20.1.1.10

[AR1]acl 2000

[AR1-acl-basic-2000]rule permit source 10.1.10.0 0.0.0.255

[AR1-GigabitEthernet0/0/1]nat outbound 2000 address-group 1

路由交换基础知识2)路由交换技术基础知识在AR2上配置NAT

[AR2]nat address-group 1 20.1.1.4 20.1.1.10

[AR2]acl 2000

[AR2-acl-basic-2000]rule permit source 10.1.10.0 0.0.0.255

[AR2-GigabitEthernet0/0/1]nat outbound 2000 address-group 1

(3)配华为p40置NAT server,保证外部用户能够路由交换技术基础知识访问内网HTTP服务器

[AR1-GigabitEthernet0/0/1]nat server protocol tcp global 20.1.1.2 inside 10.1.7.30

[AR2-GigabitEthernet0/0/1]nat ser华为ver protocol tcp global 20.1.2.3 inside 10.1.7.3路由交换0

8.配置防火墙双机热备

(1)在防火墙上配置VG网络/安全MP组监控上下行业务接口

[FW1]hrp tr路由交换原理ac路由交换技术基础知识k interface Giga网络安全教育心得体会bitEther路由交换原理net 1/0/0

[FW1]hrp tra路由交换原理ck interface GigabitEthernet 1/0/4

[FW1]hrp track interface Gigabit华为官网Ethernet 1/0/2

[FW1]hrp网络安全知识内容 track interface GigabitEthernet 1/0/1

[FW2]hrp track interface GigabitEthernet 1/0/0

[FW2]hrp track interface GigabitEthernet 1/0/3

[FW2]hrp track inte网络安全工程师rface Gigabit华为mate50Ethernet 1/0/1

[FW2]hrp track i路由交换技术基础知识nterface Gigab网络安全法立法的首要目的是itEthernet 1/0/2

(2)在防火墙配置路由交换技术基础知识根据华为官网HRP状态调整OSPF的相关COST值的功能

[FW1]hrp adjust ospf-cost enable

[FW2]hrp adjust ospf-cost enable

(3)在防火华为墙上指定心跳接口,启用双机热备

[FW1]hrp interfac网络安全知识内容e g1/0/6 remote 10.1.12.路由交换2

[FW1]hrp enable //启动HRP双机热备份功能

HRP_S[FW1]hrp mirror session enable网络/安全 //启动会话快速备份功能, 防火墙工作于双机热网络安全教育备份组网环境下,如果报文的来回路径不一致,通过配置会话快速备份功能,能够保证主用防火墙的会话信息立即同步至备用防路由交换技术详解与实践答案火墙。当主用防火墙出现故障时,报文能够被备用防火墙转发出去,从而保证内外部用户的会话不中断

[FW2]hrp interface g1/0/6 remote 10.1.12.1

[FW2]hrp enable

HRP_S[FW2]hrp mirror session enable

(4)检查配置结果:本端和对端路由交换原理优先级相同,且状态都为a路由交换技术详解与实践答案ctive,说明两台防火墙处于负载分担状态


                                            华为设备大型园区出口配置

9. 防火墙配置攻击防范:对于内部服务器,可华为mate50能会遭受SYN Flood、HTTP Flood攻击,所以在防火墙上开启SYN Flood、HTTP Flood攻击防范功能,保护内部服务器不受攻击。

HRP_M[FW1]fire路由交换技术从事的工作wall网络安全教育心得体会 defend udp-flood base-session max-rate 1500 (+B)

HRP_M[FW1]firewall defend icmp-unreachable enable (+B)

HRP_M[FW1]firewal华为将和苹果三星谈判l blacklist enable (+B)

HRP_M[FW1]firewa华为mate50ll blacklist enable (+B)

HRP_M[FW1]firewall defend ip-sweep max-rate 4000 (+B)

HRP_M[FW1]firewall defend port-scan ena路由交换技术从事的工作ble (+B)

HRP_M路由交换技术基础知识[FW1]firewall d华为efend port-scan max-rate 4000 (+B)

HRP_M[FW1]firewall defend ip-fragment enable (+B)

HRP_M[FW1]firewall defend ip-spoofing enable (+B)

10.验证:A可以ping 通外网


                                            华为设备大型园区出口配置