拓扑图如图所示：

三层Route-Aggregation可以配置IP

二层Bridge-Aggregation链路类型

默认为hybrid

交换机配置：

interface Bridge-Aggregation12  port link-type trunk  undo port trunk permit vlan 1  port trunk permit vlan 10 20

# interface GigabitEthernet1/0/1  port link-mode bridge  port link-type trunk  undo port trunk permit vlan 1  port trunk permit vlan 10 20  combo enable fiber  port link-aggregation group 12 # interface GigabitEthernet1/0/2  port link-mode bridge  port link-type trunk  undo port trunk permit vlan 1  port trunk permit vlan 10 20  combo enable fiber  port link-aggregation group 12 防火墙配置：

# interface Route-Aggregation12.1  ip address 10.1.1.10 255.255.255.0  vlan-type dot1q vid 10

# interface Route-Aggregation12.2  ip address 10.1.2.10 255.255.255.0  vlan-type dot1q vid 20

# interface GigabitEthernet1/0/1  port link-mode route  combo enable copper  port link-aggregation group 12 # interface GigabitEthernet1/0/2  port link-mode route  combo enable copper  port link-aggregation group 12  

注意：

注意:所有防火墙的接口，无论是物理还是逻辑都需要加ZONE

防火墙所有的接口都定义ZONE

security-zone name Trust  import interface GigabitEthernet1/0/1  import interface GigabitEthernet1/0/2  import interface Route-Aggregation12  import interface Route-Aggregation12.1  import interface Route-Aggregation12.2

放行安全策略

security-policy ip

rule 1 name trust_local   action pass   source-zone trust   destination-zone local

检查测试