The company has built a new factory. I purchase, plan, deploy and configure the network here. Three telecommunications 1000M downlink and 100 uplink broadband access the Huawei firewall. Just from zero configuration and recording, the actual operation of the entire process interface of a 100-person enterprise. I remembered that when I was just getting started, I couldn’t find a useful tutorial on the entire Internet. I hope this will help those enterprise IT and network managers who want to use Huawei equipment.
All equipment is purchased in JD.com
-
First, the computer network cable is connected to the G0/0/0 port of the firewall, and the computer is configured with an IP address of 192.168.0.10 and a mask of 255.255.255.0. Then enter https://192.168.0.1:8443 in the computer browser to connect and log in to the Huawei firewall configuration interface
-
The default login user name of Huawei Firewall is admin and the password is [email protected]
-
In the network, there are three dial-up connections in the branch office, and I plug them into G0/0/1 (there is a problem with my optical modem, the information is not configured), G0/0/2 and G0/0/3, because the three telecom networks are now Both are 1G downlink, and the total access bandwidth is 3G. In order to ensure the maximum bandwidth utilization, the firewall is connected to the switch with 10G 10G AOC. First set the firewall to connect to the optical port of the switch.
-
Because it is connected to the internal network of the switch, first set the security zone to trust, and set the static IP to an IP address of the internal network of the firewall. For example, the firewall is 192.168.199.1, and the planned core switch IP is 192.168.199.254.
-
Set the access dial-up or leased line account password and other information. Select PPPOE to fill in the account password for dial-up Internet access, and fill in the fixed IP and gateway address for dedicated line with static IP. After connecting to the network, you can see the IP address, and the preliminary settings are complete.
-
To configure multi-channel static routing
, configure three broadband first, the destination address is 0.0.0.0/0.0.0.0, and the outgoing interface is the interface address of the network just configured, such as G/0/0/1 G/0/0/2 G/0
Remember that the next hop of /0/3 is the address of the core switch.
-
Check the default antivirus policy of the firewall
-
Huawei's mapping for fixed IP is relatively simple, but for dial-up Internet access, you must open the command line. I list the command line for reference:
nat server custom name protocol tcp global interface dialer1 5000 5100 inside 192.168.10.13 5000 5100 no-reverse
-
Core switch configuration, configure the optical port on the core switch (one end is connected to the firewall), set the port to allow VLAN199, configure vlan 199, and through this VLAN, configure static routing on the core Static routing: 0.0.0.0 0.0.0.0 The next hop is Firewall gateway 192.168.199.1, so far the entire network is connected, and the intranet can be divided and configured with other VLANs for management. (To really engage in the network, the basic commands of Huawei switches must be mastered, so there is no zero code)
Firewall X0/0/0 is connected to the X0/0/1 optical port on the core, and connected to the core switch with a CONSOLE cable to configure:
dh en #开启DHCP
st ro pri #设置核心为根
vl ba 2 to 20 199 #规划好局域网内需要配置多少业务VLAN,设置199为所有设备的管理VLAN
int vl 199 #进入管理VLAN
ip add 192.168.199.254 24 #设置核心管理地址
q
ip ro 0.0.0.0 0.0.0.0 192.168.199.1
int X0/0/1 #进入核心交换机上设置既然防火墙的光口
po li ac
po de vl 199
q
int vl 2 #设置一个内网2网段的VLAN 2
ip ad 192.168.2.254 24
dh se int
dh se le day 3
de se dns 114.114.114.114 8.8.8.8
int vl 3 #设置一个内网3网段的VLAN 3
ip ad 192.168.3.254 24
dh se int
dh se le day 3
de se dns 114.114.114.114 8.8.8.8
po v2 #创建一个名为v2的组
gr g0/0/1 to g0/0/12 #把交换机上1口到12口加入v2组
po li ac
po de vl 2
q
po v3 #创建一个名为v3的组
gr g0/0/13 to g0/0/24 #把交换机上13口到24口加入v3组
po li ac
po de vl 3
q
sa #保存配置,大功告成!
Finally, a company instance deployment solution is attached. The following hardware stably supports the network usage needs of nearly 2,000 people. If you need higher availability and stability, you can use dual links at the core layer and above. Of course, banks and other units do not have it. It is necessary to use dual links. Personally, I think the necessity is very low. After all, the performance and stability of Huawei's switches are already very high.
