SlideShare a Scribd company logo

Single Arm Routing Configuration for Huawei USG2130 Firewall

Download as DOC, PDF
Huanetwork
Huanetwork

Leading Huawei networking products distributor-huanetwork.com Single Arm Routing Configuration for Huawei USG2130 Firewall

Technology
1 of 4
Single arm routing configuration for Huawei USG2130 firewall Have you wondered with this: Partition VLAN on switch, and setting the single arm routing on the Huawei USG2130, while VLAN30 can access VLAN10, VLAN20; but VLAN10 and VLAN20 are unable to access the VLAN30. Cause analysis: because the USG2130 only has a three layer interface WAN port, supports the sub interface portand WAN port (E0/0/0), based on the current demand, we would be the port as the network interface. Through the creation of VLAN, one VLAN interface as the Internet interface. If theVLAN in the same region, to realize the VLAN access control is more complex. If the VLAN interface is divided into different areas, through the realization of inter domain packet filtermethod, which is simple and reliable. How to configure single arm routing for Huawei USG2130 firewall Process: 1 Enter sub interface, configure the IP address, and package the 802.1. [USG2130]int e0/0/0.1 [USG2130-Ethernet0/0/0.1]description VLAN10 [USG2130-Ethernet0/0/0.1]ip address 192.168.1.1 24 [USG2130-Ethernet0/0/0.1]vlan-type dot1q 10 [USG2130][USG2130]int e0/0/0.2 [USG2130-Ethernet0/0/0.2]description VLAN20 [USG2130-Ethernet0/0/0.2]ip add 192.168.2.1 24 [USG2130-Ethernet0/0/0.2]vlan-type dot1q 20 [USG2130]int e0/0/0.3 [USG2130-Ethernet0/0/0.3]description VLAN30 [USG2130-Ethernet0/0/0.3]ip add 192.168.3.1 24 [USG2130-Ethernet0/0/0.3]vlan-type dot1q 30 2 Creating a VLAN Internet connection, and configuring the IP. [USG2130]vlan 3 [USG2130-vlan3]description WAN [USG2130]int e1/0/0 1
[USG2130-Ethernet1/0/0]port access VLAN 3 [USG2130]int VLAN 3 [USG2130-Vlanif3]description TO-INTERNET [USG2130-Vlanif3]ip add 100.100.100.1 30 3 Custom three regions, and devide the VLAN interface in the regions, make the Vlan 3 into the untrust region. [USG2130]firewall zone name lan1 joined the regional [USG2130-zone-lan1]set priority 60 [USG2130-zone-lan1]add interface e0/0/0.1 [USG2130]firewall zone name lan2 [USG2130-zone-lan2]set priority 65 [USG2130-zone-lan2]add interface e0/0/0.2 [USG2130]firewall zone name lan3 [USG2130-zone-lan3]set priority 70 [USG2130-zone-lan3]add interface e0/0/0.3 [USG2130]firewall zone untrust [USG2130-zone-untrust]add interface vlan3 4 Creating for VLAN access control between the ACL, and applied to VLAN region. [USG2130]acl 3001 [USG2130-acl-adv-3001]rule permit IP source 192.168.3.0 0.0.0.255 [USG2130]acl 3002 [USG2130-acl-adv-3002]rule deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3 .00.0.0.255 [USG2130-acl-adv-3002]rule deny IP source 192.168.2.0 0.0.0.255 destination 192.168.3 .00.0.0.255 [USG2130-acl-adv-3002]rule permit IP [USG2130]firewall interzone lan1 lan3 [USG2130-interzone-lan3-lan1]packet-filter 3001 outbound [USG2130-interzone-lan3-lan1]packet-filter 3001 inbound 2
[USG2130]firewall interzone lan2 lan3 [USG2130-interzone-lan3-lan2]packet-filter 3001 outbound [USG2130-interzone-lan3-lan2]packet-filter 3002 inbound 5 (Optional), change the interface region of Ethernet0/0/0 [USG2130-Vlanif3]fire zone untrust [USG2130-zone-untrust]undo add interface e0/0/0 [USG2130-zone-untrust]firewall Zone Trust [USG2130-zone-trust]add interface e0/0/0 6 Completed the NAT configuration [USG2130-zone-trust]acl 2000 [USG2130-acl-basic-2000]rule permit source 192.168.0.0 0.0.0.3 [USG2130]firewall interzone trust untrust [USG2130-interzone-trust-untrust]nat outbound 2000 interface VLAN 3 Summary: due to a network device is limited, in order to meet the special need to break the normal procedure setting and planning, and use of custom domain USG2130 the type of firewall between the packet filtering and VLAN function. More related: Three switch styles of switches The latest version of Huawei switch configuration commands: start the FTP service Data Center Switches-Huawei End-To-End Date Center Network Solution More Huawei products and Reviews you can visit: http://www.huanetwork.com/blog Huanetwork.com is a world leading Huawei networking products distributor, we wholesale 3
original new Huawei networking equipments, including Huawei switches, Huawei routers, Huaweisymantec security products, Huawei IAD, Huawei SFP and other Huawei networking products. Our customers include telecom operators, Huawei resellers, ISP and system integrators. Right now most of our sales are contributed by regular customers Our website: http://www.huanetwork.com Telephone: +852-30501940 Email: sales@huanetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 4

Recommended

Optical module
Optical moduleOptical module
Optical moduleHuanetwork
 
Huawei s9300 terabit routing switch
Huawei s9300 terabit routing switchHuawei s9300 terabit routing switch
Huawei s9300 terabit routing switchHuanetwork
 
Huawei S5700 28 p-pwr-li-ac introduction
Huawei S5700 28 p-pwr-li-ac introductionHuawei S5700 28 p-pwr-li-ac introduction
Huawei S5700 28 p-pwr-li-ac introductionHuanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Version support for huawei s7700 components (1)
Version support for huawei s7700 components (1)Version support for huawei s7700 components (1)
Version support for huawei s7700 components (1)Huanetwork
 
Huawei s3700 cables
Huawei s3700 cablesHuawei s3700 cables
Huawei s3700 cablesHuanetwork
 
Huawei net engine5000e core router chassis and features
Huawei net engine5000e core router chassis and featuresHuawei net engine5000e core router chassis and features
Huawei net engine5000e core router chassis and featuresHuanetwork
 
What is huawei quidway s5300 gigabit switches
What is huawei quidway s5300 gigabit switchesWhat is huawei quidway s5300 gigabit switches
What is huawei quidway s5300 gigabit switchesHuanetwork
 

Recommended

Optical module
Optical moduleOptical module
Optical moduleHuanetwork
 
Huawei s9300 terabit routing switch
Huawei s9300 terabit routing switchHuawei s9300 terabit routing switch
Huawei s9300 terabit routing switchHuanetwork
 
Huawei S5700 28 p-pwr-li-ac introduction
Huawei S5700 28 p-pwr-li-ac introductionHuawei S5700 28 p-pwr-li-ac introduction
Huawei S5700 28 p-pwr-li-ac introductionHuanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Version support for huawei s7700 components (1)
Version support for huawei s7700 components (1)Version support for huawei s7700 components (1)
Version support for huawei s7700 components (1)Huanetwork
 
Huawei s3700 cables
Huawei s3700 cablesHuawei s3700 cables
Huawei s3700 cablesHuanetwork
 
Huawei net engine5000e core router chassis and features
Huawei net engine5000e core router chassis and featuresHuawei net engine5000e core router chassis and features
Huawei net engine5000e core router chassis and featuresHuanetwork
 
What is huawei quidway s5300 gigabit switches
What is huawei quidway s5300 gigabit switchesWhat is huawei quidway s5300 gigabit switches
What is huawei quidway s5300 gigabit switchesHuanetwork
 
Huawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-reportHuawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-reportHuanetwork
 
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)Huanetwork
 
Wiki and solution in ftth technology
Wiki and solution in ftth technologyWiki and solution in ftth technology
Wiki and solution in ftth technologyHuanetwork
 
Ont, olt and mdu in gpon technology
Ont, olt and mdu in gpon technologyOnt, olt and mdu in gpon technology
Ont, olt and mdu in gpon technologyHuanetwork
 
What are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan productsWhat are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan productsHuanetwork
 
Huawei ac6005
Huawei ac6005Huawei ac6005
Huawei ac6005Huanetwork
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616Huanetwork
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHuanetwork
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuanetwork
 
Huawei opti x osn 1500 boards
Huawei opti x osn 1500 boardsHuawei opti x osn 1500 boards
Huawei opti x osn 1500 boardsHuanetwork
 
Huawei ftth c b e2 e solution
Huawei ftth c b e2 e solutionHuawei ftth c b e2 e solution
Huawei ftth c b e2 e solutionHuanetwork
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuanetwork
 
What’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPONWhat’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPONHuanetwork
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIHuanetwork
 
How to configure the logical distance of gpon
How to configure the logical distance of gponHow to configure the logical distance of gpon
How to configure the logical distance of gponHuanetwork
 
Huanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for YouHuanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for YouHuanetwork
 
Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4Huanetwork
 
How to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nmsHow to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nmsHuanetwork
 
How to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenarioHow to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenarioHuanetwork
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

More Related Content

More from Huanetwork

Huawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-reportHuawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-reportHuanetwork
 
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)Huanetwork
 
Wiki and solution in ftth technology
Wiki and solution in ftth technologyWiki and solution in ftth technology
Wiki and solution in ftth technologyHuanetwork
 
Ont, olt and mdu in gpon technology
Ont, olt and mdu in gpon technologyOnt, olt and mdu in gpon technology
Ont, olt and mdu in gpon technologyHuanetwork
 
What are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan productsWhat are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan productsHuanetwork
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616Huanetwork
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHuanetwork
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuanetwork
 
Huawei opti x osn 1500 boards
Huawei opti x osn 1500 boardsHuawei opti x osn 1500 boards
Huawei opti x osn 1500 boardsHuanetwork
 
Huawei ftth c b e2 e solution
Huawei ftth c b e2 e solutionHuawei ftth c b e2 e solution
Huawei ftth c b e2 e solutionHuanetwork
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuanetwork
 
What’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPONWhat’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPONHuanetwork
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIHuanetwork
 
How to configure the logical distance of gpon
How to configure the logical distance of gponHow to configure the logical distance of gpon
How to configure the logical distance of gponHuanetwork
 
Huanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for YouHuanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for YouHuanetwork
 
Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4Huanetwork
 
How to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nmsHow to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nmsHuanetwork
 
How to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenarioHow to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenarioHuanetwork
 

More from Huanetwork (20)

Huawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-reportHuawei s5710-ei-power-module-test-report
Huawei s5710-ei-power-module-test-report
 
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
Huanetwork x dsl solution - huawei adsl2+ and vdsl2 solution)
 
Wiki and solution in ftth technology
Wiki and solution in ftth technologyWiki and solution in ftth technology
Wiki and solution in ftth technology
 
Ont, olt and mdu in gpon technology
Ont, olt and mdu in gpon technologyOnt, olt and mdu in gpon technology
Ont, olt and mdu in gpon technology
 
What are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan productsWhat are the differences between huawei and cisco wlan products
What are the differences between huawei and cisco wlan products
 
Huawei ac6005
Huawei ac6005Huawei ac6005
Huawei ac6005
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616
 
How to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol tsHow to configure eo c services for huawei ol ts
How to configure eo c services for huawei ol ts
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet mode
 
Huawei opti x osn 1500 boards
Huawei opti x osn 1500 boardsHuawei opti x osn 1500 boards
Huawei opti x osn 1500 boards
 
Huawei ftth c b e2 e solution
Huawei ftth c b e2 e solutionHuawei ftth c b e2 e solution
Huawei ftth c b e2 e solution
 
Huawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet modeHuawei osn3500 typical networking in packet mode
Huawei osn3500 typical networking in packet mode
 
What’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPONWhat’s the Difference Between GPON and EPON
What’s the Difference Between GPON and EPON
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HI
 
How to configure the logical distance of gpon
How to configure the logical distance of gponHow to configure the logical distance of gpon
How to configure the logical distance of gpon
 
Huanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for YouHuanetwork Design the Network Solution Free for You
Huanetwork Design the Network Solution Free for You
 
Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4Configuration difference between ipv6 and ipv4
Configuration difference between ipv6 and ipv4
 
How to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nmsHow to configure the gpon ftth layer 2 internet access service on the nms
How to configure the gpon ftth layer 2 internet access service on the nms
 
How to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenarioHow to configure i pv6 services in the fttb c (no hgws) scenario
How to configure i pv6 services in the fttb c (no hgws) scenario
 

Recently uploaded

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Single Arm Routing Configuration for Huawei USG2130 Firewall

  • 1. Single arm routing configuration for Huawei USG2130 firewall Have you wondered with this: Partition VLAN on switch, and setting the single arm routing on the Huawei USG2130, while VLAN30 can access VLAN10, VLAN20; but VLAN10 and VLAN20 are unable to access the VLAN30. Cause analysis: because the USG2130 only has a three layer interface WAN port, supports the sub interface portand WAN port (E0/0/0), based on the current demand, we would be the port as the network interface. Through the creation of VLAN, one VLAN interface as the Internet interface. If theVLAN in the same region, to realize the VLAN access control is more complex. If the VLAN interface is divided into different areas, through the realization of inter domain packet filtermethod, which is simple and reliable. How to configure single arm routing for Huawei USG2130 firewall Process: 1 Enter sub interface, configure the IP address, and package the 802.1. [USG2130]int e0/0/0.1 [USG2130-Ethernet0/0/0.1]description VLAN10 [USG2130-Ethernet0/0/0.1]ip address 192.168.1.1 24 [USG2130-Ethernet0/0/0.1]vlan-type dot1q 10 [USG2130][USG2130]int e0/0/0.2 [USG2130-Ethernet0/0/0.2]description VLAN20 [USG2130-Ethernet0/0/0.2]ip add 192.168.2.1 24 [USG2130-Ethernet0/0/0.2]vlan-type dot1q 20 [USG2130]int e0/0/0.3 [USG2130-Ethernet0/0/0.3]description VLAN30 [USG2130-Ethernet0/0/0.3]ip add 192.168.3.1 24 [USG2130-Ethernet0/0/0.3]vlan-type dot1q 30 2 Creating a VLAN Internet connection, and configuring the IP. [USG2130]vlan 3 [USG2130-vlan3]description WAN [USG2130]int e1/0/0 1
  • 2. [USG2130-Ethernet1/0/0]port access VLAN 3 [USG2130]int VLAN 3 [USG2130-Vlanif3]description TO-INTERNET [USG2130-Vlanif3]ip add 100.100.100.1 30 3 Custom three regions, and devide the VLAN interface in the regions, make the Vlan 3 into the untrust region. [USG2130]firewall zone name lan1 joined the regional [USG2130-zone-lan1]set priority 60 [USG2130-zone-lan1]add interface e0/0/0.1 [USG2130]firewall zone name lan2 [USG2130-zone-lan2]set priority 65 [USG2130-zone-lan2]add interface e0/0/0.2 [USG2130]firewall zone name lan3 [USG2130-zone-lan3]set priority 70 [USG2130-zone-lan3]add interface e0/0/0.3 [USG2130]firewall zone untrust [USG2130-zone-untrust]add interface vlan3 4 Creating for VLAN access control between the ACL, and applied to VLAN region. [USG2130]acl 3001 [USG2130-acl-adv-3001]rule permit IP source 192.168.3.0 0.0.0.255 [USG2130]acl 3002 [USG2130-acl-adv-3002]rule deny IP source 192.168.1.0 0.0.0.255 destination 192.168.3 .00.0.0.255 [USG2130-acl-adv-3002]rule deny IP source 192.168.2.0 0.0.0.255 destination 192.168.3 .00.0.0.255 [USG2130-acl-adv-3002]rule permit IP [USG2130]firewall interzone lan1 lan3 [USG2130-interzone-lan3-lan1]packet-filter 3001 outbound [USG2130-interzone-lan3-lan1]packet-filter 3001 inbound 2
  • 3. [USG2130]firewall interzone lan2 lan3 [USG2130-interzone-lan3-lan2]packet-filter 3001 outbound [USG2130-interzone-lan3-lan2]packet-filter 3002 inbound 5 (Optional), change the interface region of Ethernet0/0/0 [USG2130-Vlanif3]fire zone untrust [USG2130-zone-untrust]undo add interface e0/0/0 [USG2130-zone-untrust]firewall Zone Trust [USG2130-zone-trust]add interface e0/0/0 6 Completed the NAT configuration [USG2130-zone-trust]acl 2000 [USG2130-acl-basic-2000]rule permit source 192.168.0.0 0.0.0.3 [USG2130]firewall interzone trust untrust [USG2130-interzone-trust-untrust]nat outbound 2000 interface VLAN 3 Summary: due to a network device is limited, in order to meet the special need to break the normal procedure setting and planning, and use of custom domain USG2130 the type of firewall between the packet filtering and VLAN function. More related: Three switch styles of switches The latest version of Huawei switch configuration commands: start the FTP service Data Center Switches-Huawei End-To-End Date Center Network Solution More Huawei products and Reviews you can visit: http://www.huanetwork.com/blog Huanetwork.com is a world leading Huawei networking products distributor, we wholesale 3
  • 4. original new Huawei networking equipments, including Huawei switches, Huawei routers, Huaweisymantec security products, Huawei IAD, Huawei SFP and other Huawei networking products. Our customers include telecom operators, Huawei resellers, ISP and system integrators. Right now most of our sales are contributed by regular customers Our website: http://www.huanetwork.com Telephone: +852-30501940 Email: sales@huanetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 4