接口配置：
SW2:
[sw2]vlan 10
[sw2]vlan 20
[sw2]interface GigabitEthernet 0/0/1
[sw2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
[sw2]interface GigabitEthernet 0/0/2
[sw2-GigabitEthernet0/0/2]port link-type access
[sw2-GigabitEthernet0/0/2]port default vlan 10
[sw2-GigabitEthernet0/0/2]interface GigabitEthernet 0/0/3
[sw2-GigabitEthernet0/0/3]port link-type access
[sw2-GigabitEthernet0/0/3]port default vlan 20

fw:
[FW]interface GigabitEthernet 1/0/0
[FW-GigabitEthernet1/0/0]ip add
[FW-GigabitEthernet1/0/0]ip address 10.0.0.254 24
[FW]interface GigabitEthernet 1/0/2
[FW-GigabitEthernet1/0/2]ip address 100.1.1.10 24
[FW]interface GigabitEthernet 1/0/1.1
[FW-GigabitEthernet1/0/1.1]ip address 172.16.1.254 24
[FW-GigabitEthernet1/0/1.1]vlan-type dot1q 10

g1/0/1.2:web页面：

Server






Clinet1,Clinet3,pc2:dhcp

DHCP：
[FW]dhcp enable
[FW]interface GigabitEthernet 1/0/1.1
[FW-GigabitEthernet1/0/1.1]dhcp select interface
[FW-GigabitEthernet1/0/1.1]interface GigabitEthernet 1/0/1.2
[FW-GigabitEthernet1/0/1.2]dhcp select interface

web页面：

clent1:IP
dhcp补全信息

防火墙安全区域划分
web页面：Trust_A

Trust_B：
[FW]firewall zone name Trust_B
[FW-zone-Trust_B]set priority 80
[FW-zone-Trust_B]add interface GigabitEthernet 1/0/1.2
[FW]firewall zone dmz
[FW-zone-dmz]add interface GigabitEthernet 1/0/0
[FW]firewall zone untrust
[FW-zone-untrust]add interface GigabitEthernet 1/0/2

防火墙地址组信息












管理员
对应接口开启telnet功能：
web:


telnet配置：
[FW]telnet server enable
[FW]user-interface vty 0 4
[FW-ui-vty0-4]protocol inbound telnet

[SW2]interface Vlanif 10
[SW2-Vlanif10]ip address 172.16.1.10 24

创建管理员：

认证域openlab









高管用户






认证策略：







认证策略界面：
修改密码

安全策略配置

web安全策略界面,安全策略命中次数