如何在瞻博网络交换机中配置 2 个 LAN 作为输入和一个输出端口

网络工程 转变 杜松 瞻博网络 杜松-srx
2021-07-29 12:30:36

我想知道如何配置瞻博网络“SRX100”交换机,以便在那里我可以连接两个 LAN 用于入站流量和一个出站流量。

1个回答

基本流程如下:

  1. 配置您的 VLAN

    set vlans v100-INTERNAL1 vlan-id 100
set vlans v101-INTERNAL2 vlan-id 101
set vlans v102-EXTERNAL vlan-id 102

  2. 将 VLAN 连接到交换机端口

    set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan-members v100-INTERNAL1
set interfaces fe-0/0/1 unit 0 family ethernet-switching vlan-members v101-INTERNAL2
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan-members v102-EXTERNAL

  3. 配置 IP 接口

    set interfaces vlan unit 100 family inet address 192.168.100.1/24
set interfaces vlan unit 101 family inet address 192.168.101.1/24
set interfaces vlan unit 102 family inet address 192.168.102.1/24

  4. 将 IP 接口连接到 VLAN

    set vlans v100-INTERNAL1 l3-interface vlan.100
set vlans v101-INTERNAL2 l3-interface vlan.101
set vlans v102-EXTERNAL l3-interface vlan.102

  5. 配置默认路由

    set routing-options static route 0.0.0.0/0 next-hop 192.168.102.254

  6. 创建安全区域

    set security zones security-zone INTERNAL host-inbound-traffic system-services all
set security zones security-zone EXTERNAL host-inbound-traffic ping

  7. 将 IP 接口连接到安全区域

    set security zones security-zone EXTERNAL interfaces vlan.102
set security zones security-zone INTERNAL interfaces vlan.100
set security zones security-zone INTERNAL interfaces vlan.101

  8. 创建安全策略 

    set security policies from-zone INTERNAL to-zone EXTERNAL policy PERMIT-OUTBOUND match source-address any destination-address any application any
set security policies from-zone INTERNAL to-zone EXTERNAL policy PERMIT-OUTBOUND then permit
set security policies from-zone INTERNAL to-zone INTERNAL policy PERMIT-INTERNAL match source-address any destination-address any application any
set security policies from-zone INTERNAL to-zone INTERNAL policy PERMIT-INTERNAL then permit

希望拓扑结构是不言自明的 - 只需替换您希望使用的 IP 地址即可。

如果您通过 EXTERNAL 网络连接到 Internet,我建议您收紧安全策略以仅允许特定子网和特定应用程序进入

其它你可能感兴趣的问题
上一篇UDP 源端口如何映射到 NAT 上? 下一篇戴尔 6248P 电源连接交换机 - 路由 IP 配置 - 它有什么用?