C3560g交换机连接asa5510防火墙

C3560g交换机连接asa5510防火墙基本配置

asa5510防火墙的配置如下：

asa5510#showrun

:Saved

:

ASAVersion8.0(2)

!

hostnameasa5510

enablepasswordPfviWF/YRBQU/lVJencrypted

names

dns-guard

!

interfaceEthernet0/0

nameifoutside

security-level0

ipaddress202.*.*.*

92

!

interfaceEthernet0/1

shutdown

nonameif

nosecurity-level

noipaddress

!

interfaceEthernet0/2

nameifinside

security-level100

ipaddress

!

interfaceEthernet0/3

shutdown

nonameif

nosecurity-level

noipaddress

!

interfaceManagement0/0

nameifasagl

security-level0

ipaddress

management-only

!

passwdrWinqAaBq9LPAhmTencrypted

!

time-rangetime1517

!

bootsystemdisk0:/asa802-k8.bin

ftpmodepassive

clocktimezoneCST8

access-list1extendedpermitipanyany

access-list100extendedpermiticmpanyany

access-list100extendedpermittcpanyhost202.*.*.*eqwww

access-list100extendedpermitudpanyhost202.*.*.*eqdomain

access-list100extendedpermittcpanyhost202.*.*.*eqwww

access-list100extendedpermitudpanyhost202.*.*.*eqdomainaccess-list110extendeddenyip2824anyaccess-list110extendeddenyip6024anyaccess-list110extendeddenyip2424any

access-list110extendedpermitipanyany

pagerlines24

loggingenable

loggingasdminformational

mtuoutside1500

mtuinside1500

mtuasagl1500

icmpunreachablerate-limit1burst-size1

asdmimagedisk0:/asdm-602.bin

noasdmhistoryenable

\\主要配置如下：

global(outside)1202.*.*.*netmask

92

nat(inside)1

nat(inside)1

nat(inside)1

static(inside,outside)202.*.*.*

0

netmask

55

static(inside,outside)202.*.*.*

2

netmask

55

access-group100ininterfaceoutside

access-group110ininterfaceinside

routeoutside

202.*.*.*1

routeinside

1

routeinside

1

timeoutxlate3:00:00

timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02

timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcp-pat

0:05:00

timeoutsip0:30:00sip_media0:02:00sip-invite0:03:00sip-disconnect

0:02:00

timeoutuauth0:05:00absolute

dynamic-access-policy-recordDfltAccessPolicy

httpserverenable

http

asagl

nosnmp-serverlocation

nosnmp-servercontact

snmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstart

nocryptoisakmpnat-traversal

telnet

55

inside

telnettimeout5

sshtimeout5

consoletimeout0

threat-detection

threat-detection

threat-detection

threat-detection

!

basic-threat

statisticsport

statisticsprotocol

statisticsaccess-list

class-mapinspection_default

matchdefault-inspection-traffic

!

!

policy-maptypeinspectdnspreset_dns_map

parameters

message-lengthmaximum512

policy-mapglobal_policy

classinspection_default

inspectdnspreset_dns_map

inspectftp

inspecth323h225

inspecth323ras

inspectnetbios

inspectrsh

inspectrtsp

inspectskinny

inspectesmtp

inspectsqlnet

inspectsunrpc

inspecttftp

inspectsip

inspectxdmcp

policy-mapglobal_default

classinspection_default

!

service-policyglobal_policyglobal

usernameasampasswordhqH5pTbBQT35J9GJencryptedprivilege15

prompthostnamecontext

Cryptochecksum:1496294f5645ffed162eb880f9366db9

:end

asa5510#

c3560g的简单配置如下：

c3560g#showrun

Buildingconfiguration...

Currentconfiguration:2409bytes

!

version12.2

noservicepad

servicetimestampsdebuguptime

servicetimestampsloguptime

noservicepassword-encryption

!

hostnamec3560g

!

enablesecret5$1$Vebn$8UddcbB8kEz/LHNh.vcfV0

enablepasswordcwwww

!

usernameaaaaaprivilege15password0ddddddddd

noaaanew-model

systemmturouting1500

ipsubnet-zero

\\

iprouting

启动三层路由

!

!

!

!

nofileverifyauto

spanning-treemodepvst

spanning-treeextendsystem-id

!

vlaninternalallocationpolicyascending

!

!

interfaceGigabitEthernet0/1

机的1端口

switchporttrunkencapsulationdot1q

switchportmodetrunk

!

interfaceGigabitEthernet0/2

asa510防火墙的2端口

noswitchport

ipaddress

!

interfaceGigabitEthernet0/3

划分到vlan100

switchportaccessvlan100

switchportmodeaccess

!

.

.

\\连接到c3524交换

\\连接到

\\g0/3~g0/24

.

interfaceGigabitEthernet0/25

划分到vlan2

switchportaccessvlan2

switchportmodeaccess

!

.

.

.

!

interfaceVlan1

noipaddress

!

interfaceVlan2

ipaddress

!

interfaceVlan100

ipaddress

!

ipclassless

iproute

iphttpserver

iphttpauthenticationlocal

!

!

!

control-plane

!

!

\\g0/25~g0/48

c3560g#

linecon0

linevty04

passwordcsfdsfd

login

linevty515

login

!

end

c3560g#

c3560g#showvtpstatus\\vtp

域名及服务模式信息

VTPVersion:

2

ConfigurationRevision:

10

MaximumVLANssupportedlocally:1005

NumberofexistingVLANs:

7

VTPOperatingMode:Server

VTPDomainName:xxxx

VTPPruningMode:Disabled

VTPV2Mode:Disabled

VTPTrapsGeneration:Disabled

MD5digest:0x1C0x070xDC0x7E0xE3

0x7A0x080xF2

Configurationlastmodifiedby

at3-1-9308:31:03

LocalupdaterIDis

oninterfaceVl2(lowestnumberedVLAN

interfacefo

und)

c3524的简单配置如下：

3524#showrun

Buildingconfiguration...

Currentconfiguration:

!

version12.0

noservicepad

servicetimestampsdebuguptime

servicetimestampsloguptime

noservicepassword-encryption

!

hostname3524

!

enablesecret5$1$X7/M$2uy4vv877ftCcKQzUuHZ81

enablepasswordchineses

!

!

!

!

!

!

ipsubnet-zero

!

!

!

interfaceFastEthernet0/1

的1端口

switchporttrunkencapsulationdot1q

\\连接到c3560g交换机

switchportmodetrunk

!

interface

FastEthernet0/2

g0/20[/url]划分到vlan100

switchportaccessvlan100

!

.

interface

FastEthernet0/21

21~g0/24[/url]划分到vlan2

switchportaccessvlan2

!

.

interface

!

interface

!

interface

GigabitEthernet0/1

GigabitEthernet0/2

VLAN1

noipaddress

noipdirected-broadcast

noiproute-cache

!

interfaceVLAN2

ipaddress

noipdirected-broadcast

noiproute-cache

!

[url=file://\\f0/2~g0/20]\\f0/2~

[url=file://\\f0/21~g0/24]\\f0/

interfaceVLAN100

ipaddress

noipdirected-broadcast

noiproute-cache

!

ipdefault-gateway

bannermotd^C3524

Welcome!^C

!

linecon0

password789654123

l