Scribd
Upload
5 views4 pages

Network_Configuration_Guide

The document outlines the network configuration for a setup involving a Huawei Firewall, Cisco Router, and Cisco Core Switch with specific VLANs for Management, HR, and IT. It details the configurations for each device, including IP addresses, NAT policies, ACLs, and port security settings. Additionally, it mentions optional high availability configurations using Cisco HSRP and Huawei HRP.

Uploaded by

wasedan0sewa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views4 pages

Network_Configuration_Guide

The document outlines the network configuration for a setup involving a Huawei Firewall, Cisco Router, and Cisco Core Switch with specific VLANs for Management, HR, and IT. It details the configurations for each device, including IP addresses, NAT policies, ACLs, and port security settings. Additionally, it mentions optional high availability configurations using Cisco HSRP and Huawei HRP.

Uploaded by

wasedan0sewa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Network Configuration Guide

1. Topology Overview

Internet
|
[Huawei Firewall]
| (Outside: Public IP)
| (Inside: 192.168.99.1)
[Cisco 1941/K9 Router]
| (G0/0: to Firewall, G0/1: to Core Switch)
[Cisco Core Switch 3650]
-> VLANs/Subnets (Management, HR, IT)

2. Cisco Core Switch Configuration

vlan 10
name Management
vlan 20
name HR
vlan 30
name IT

interface vlan 10
ip address 192.168.10.2 255.255.255.0
no shutdown

interface vlan 20
ip address 192.168.20.1 255.255.255.0
no shutdown

interface vlan 30
ip address 192.168.30.1 255.255.255.0
no shutdown

interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk

ip default-gateway 192.168.10.1

3. Cisco Router Configuration

interface GigabitEthernet0/1
no shutdown
Network Configuration Guide

interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0

interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 192.168.30.254 255.255.255.0

interface GigabitEthernet0/0
ip address 192.168.99.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.99.1

4. Huawei Firewall Configuration

interface GigabitEthernet0/0/1
ip address 192.168.99.1 255.255.255.0

interface GigabitEthernet0/0/0
ip address <Public_IP> 255.255.255.252

nat address-group 1 1 1
section 0
address <Public_IP> 255.255.255.252

acl number 3000


rule 5 permit ip source 192.168.0.0 0.0.255.255

nat-policy
rule name NAT-OUT
source-zone trust
destination-zone untrust
source-address 192.168.0.0 255.255.0.0
action nat address-group 1 no-pat

security-zone name trust


add interface GigabitEthernet0/0/1

security-zone name untrust


add interface GigabitEthernet0/0/0
Network Configuration Guide

5. ACL and Port Security

ip access-list extended INTERNET-ACCESS


permit ip 192.168.20.0 0.0.0.255 any
deny ip any any

interface GigabitEthernet0/0
ip access-group INTERNET-ACCESS out

interface GigabitEthernet1/0/10
switchport mode access
switchport access vlan 20
switchport port-security
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security mac-address sticky

6. Huawei Firewall Policies

acl number 3001


rule 5 permit ip source 192.168.20.0 0.0.0.255

security-policy
rule name Allow-HR-Internet
source-zone trust
destination-zone untrust
source-address 192.168.20.0 0.0.0.255
action permit

security-policy
rule name Block-Others
source-zone trust
destination-zone untrust
action deny

7. High Availability (Optional)

Cisco HSRP (VLAN 10)


interface vlan 10
standby 1 ip 192.168.10.1
standby 1 priority 110
standby 1 preempt

Huawei HRP
Network Configuration Guide

hrp enable
interface GigabitEthernet0/0/1
hrp interface
hrp bind peer GigabitEthernet0/0/1

hrp auto-sync enable


hrp priority 120
hrp preempt delay 10

You might also like