步骤一：IP地址规划

步骤二：配置二层设备

生产区内配置设备

办公区内配置设备 

配置 DMZ区地址

valn配置 

[Huawei]vlan batch 2 3
[Huawei]int g 0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access        

[Huawei-GigabitEthernet0/0/2]port default  vlan 2          

[Huawei]int g 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access 
[Huawei-GigabitEthernet0/0/3]port default vlan 3

[Huawei-GigabitEthernet0/0/3]int g 0/0/1  
[Huawei-GigabitEthernet0/0/1]port link-type trunk 
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan  2 3    

[Huawei-GigabitEthernet0/0/1]undo  port trunk allow-pass vlan  1 

步骤三：防火墙配置

Username:admin
Password:        # 密码为Admin@123
The password needs to be changed. Change now? [Y/N]: y
Please enter old password:     
Please enter new password:        # 修改新密码为Wang2115
Please confirm new password: 

 Info: Your password has been changed. Save the change to survive a reboot. 
*************************************************************************
*         Copyright (C) 2014-2018 Huawei Technologies Co., Ltd.         *
*                           All rights reserved.                        *
*               Without the owner's prior written consent,              *
*        no decompiling or reverse-engineering shall be allowed.        *
*************************************************************************
[USG6000V1]int g 0/0/0
[USG6000V1-GigabitEthernet0/0/0]ip add 192.168.100.1 24  

[USG6000V1-GigabitEthernet0/0/0] service-manage all permit   

 

在浏览器上使用https协议登陆防火墙，并操作

访问网址：https://192.168.100.1:8443