网络配置手册.docx
- 文档编号:9734327
- 上传时间:2023-02-06
- 格式:DOCX
- 页数:26
- 大小:62.97KB
网络配置手册.docx
《网络配置手册.docx》由会员分享,可在线阅读,更多相关《网络配置手册.docx(26页珍藏版)》请在冰豆网上搜索。
网络配置手册
网络配置手册
一、路由器简要说明
广西移动彩铃系统全区网络使用2×2M专线进行数据通信,中心南宁608厂IDC机房采用华为3640E路由器接入,配置3×4口E1模块,地市采用华为2621路由器,配置1×2口E1模块,双链路同时工作,互为备份。
二、路由器配置说明
配置中所有E1控制器都使用较为标准时隙分配方案,即1-15,17-31时隙,使用的帧格式为CRC4,本系统内所有路由器的用户名均为colorring,密码为mscbs&router,登陆方式可采用TELNET到以太网接口地址,也可以使用超级终端的方式。
1.E1控制器接口
从0到11共12个接口分配给5个地市10个,余下2个
controllere10……11
2.本地以太网接口
interfaceEthernet0
ipaddress192.168.10.1255.255.255.0
ospfenablearea0.0.0.60
3.空闲以太网接口
interfaceEthernet1
4.南宁到柳州接口1
interfaceSerial0:
0
link-protocolppp
descriptionColorRingwithNNtoLiuZhou
ipaddress172.16.20.1255.255.255.252
ospfenablearea0.0.0.60
5.南宁到柳州接口2
interfaceSerial1:
0
link-protocolppp
descriptionColorRingwithNNtoLiuZhou
ipaddress172.16.20.5255.255.255.252
ospfenablearea0.0.0.60
6.南宁到桂林接口1
interfaceSerial2:
0
link-protocolppp
descriptionColorRingwithNNtoGuiLin
ipaddress172.16.30.1255.255.255.252
ospfenablearea0.0.0.60
7.南宁到桂林接口2
interfaceSerial3:
0
link-protocolppp
descriptionColorRingwithNNtoGuiLin
ipaddress172.16.30.5255.255.255.252
ospfenablearea0.0.0.60
8.南宁到梧州接口1
interfaceSerial4:
0
link-protocolppp
descriptionColorRingwithNNtoWuZhou
ipaddress172.16.40.1255.255.255.252
ospfenablearea0.0.0.60
9.南宁到梧州接口2
interfaceSerial5:
0
link-protocolppp
descriptionColorRingwithNNtoWuZhou
ipaddress172.16.40.5255.255.255.252
ospfenablearea0.0.0.60
10.南宁到北海接口1
interfaceSerial6:
0
link-protocolppp
descriptionColorRingwithNNtoBeiHai
ipaddress172.16.50.1255.255.255.252
ospfenablearea0.0.0.60
11.南宁到北海接口2
interfaceSerial7:
0
link-protocolppp
descriptionColorRingwithNNtoBeiHai
ipaddress172.16.50.5255.255.255.252
ospfenablearea0.0.0.60
12.南宁到玉林接口1
interfaceSerial8:
0
link-protocolppp
descriptionColorRingwithNNtoYuLin
ipaddress172.16.60.1255.255.255.252
ospfenablearea0.0.0.60
13.南宁到玉林接口2
interfaceSerial9:
0
link-protocolppp
descriptionColorRingwithNNtoYuLin
ipaddress172.16.60.5255.255.255.252
ospfenablearea0.0.0.60
14.目前空闲
interfaceSerial10:
0
link-protocolppp
descriptionColorRingwithBackupDataLinktoOthers
interfaceSerial11:
0
link-protocolppp
descriptionColorRingwithBackupDataLinktoOthers
15.OSPF路由协议
ospfenable
abr-summary172.16.0.0mask255.255.0.0area0.0.0.60
abr-summary192.168.10.0mask255.255.255.0area0.0.0.60
三、防火墙简要说明
广西移动彩铃项目中使用的防火墙共两台,型号均为NetScreen204,其中一台(ns204-1)用于隔离MCP设备和IP设备,该防火墙采用路由方式通过协议数据,另外一台(ns204-2)用于隔离Web服务器和CMnet,该防火墙采用透明网桥方式连接内外部网络,并严格设置策略。
四、防火墙的登陆方式
包括从内部网络Telnet和Web访问,用户名均为netscreen,密码分别为mscbs&ns204-1和mscbs&ns204-2
开放的WebUI,登陆界面,
策略设置界面
五、
防火墙详细配置表
1.防火墙1
setauth-server"Local"id0
setauth-server"Local"server-name"Local"
setauthdefaultauthserver"Local"
setclock"timezone"8
setadminformatdos
setadminname"netscreen"
setadminpasswordnFkKPmrfOYiHcnFEIs0N9fPtbJCtrn
setadminmailalert
setadminmailserver-name""
setadminmailmail-addr1gx_colorring@
setadminmailmail-addr2jiessie@
setadminmailtraffic-log
setadminauthtimeout10
setadminauthserver"Local"
setvroutertrust-vrsharable
unsetvrouter"trust-vr"auto-route-export
setzone"Trust"vrouter"trust-vr"
setzone"Untrust"vrouter"trust-vr"
setzone"DMZ"vrouter"trust-vr"
setzone"Trust"tcp-rst
setzone"Untrust"block
unsetzone"Untrust"tcp-rst
setzone"DMZ"tcp-rst
setzone"MGT"block
setzone"MGT"tcp-rst
setzoneUntrustscreentear-drop
setzoneUntrustscreensyn-flood
setzoneUntrustscreenping-death
setzoneUntrustscreenip-filter-src
setzoneUntrustscreenland
setzoneV1-Untrustscreentear-drop
setzoneV1-Untrustscreensyn-flood
setzoneV1-Untrustscreenping-death
setzoneV1-Untrustscreenip-filter-src
setzoneV1-Untrustscreenland
setinterface"ethernet1"zone"Trust"
setinterface"ethernet2"zone"Untrust"
setinterface"ethernet3"zone"DMZ"
setinterfacevlan1ip192.168.0.1/29
setinterfaceethernet1ip192.168.10.2/24
setinterfaceethernet1route
setinterfaceethernet2ip192.168.1.1/24
setinterfaceethernet2route
unsetinterfacevlan1bypass-others-ipsec
unsetinterfacevlan1bypass-non-ip
setinterfacevlan1ipmanageable
setinterfaceethernet1ipmanageable
setinterfaceethernet2ipmanageable
setinterfaceethernet3ipmanageable
unsetinterfaceethernet1managescs
unsetinterfaceethernet1managesnmp
unsetinterfaceethernet1manageglobal-pro
unsetinterfaceethernet1managessl
setinterfaceethernet2manageping
setinterfaceethernet2managetelnet
setinterfaceethernet2manageweb
setinterface"ethernet2"mip192.168.1.3host192.168.10.1netmask255.255.255.255vr"trust-vr"
sethostnamens204-1
setaddress"Trust""CRBTnet.10"192.168.10.0255.255.255.0
setaddress"Untrust""CRBTnet.1"192.168.1.0255.255.255.0
setsnmpname"ns204-1"
setikepolicy-checking
setikerespond-bad-spi1
setikeid-modesubnet
setxauthlifetime480
setxauthdefaultauthserverLocal
setpolicyid5name"1->10"from"Untrust"to"Trust""CRBTnet.1""CRBTnet.10""ANY"Permit
setpolicyid4name"10->1"from"Trust"to"Untrust""CRBTnet.10""CRBTnet.1""ANY"Permit
setpolicyid6name"IProute"from"Untrust"to"Trust""CRBTnet.1""MIP(192.168.1.3)""ANY"Permit
unsetglobal-propolicy-managerprimaryoutgoing-interface
unsetglobal-propolicy-managersecondaryoutgoing-interface
setpkiauthoritydefaultscepmode"auto"
setpkix509defaultcert-pathpartial
setdnshostdns1202.96.134.133
setdnshostschedule00:
00
setvrouter"untrust-vr"
exit
setvrouter"trust-vr"
unsetadd-default-route
exit
2.防火墙2
setauth-server"Local"id0
setauth-server"Local"server-name"Local"
setauthdefaultauthserver"Local"
setclock"timezone"0
setadminformatdos
setadminname"netscreen"
setadminpasswordnOL3Exr1HHOAcfyM5s8PfeDtf+E/Qn
setadminauthtimeout10
setadminauthserver"Local"
setservice"rdc"group"other"tcpsrc0-65535dst3389-3389
setservice"rdc"+udpsrc0-65535dst3389-3389
setvroutertrust-vrsharable
unsetvrouter"trust-vr"auto-route-export
setzone"Trust"vrouter"trust-vr"
setzone"Untrust"vrouter"trust-vr"
setzone"DMZ"vrouter"trust-vr"
setzone"Trust"tcp-rst
setzone"Untrust"block
unsetzone"Untrust"tcp-rst
setzone"DMZ"tcp-rst
setzone"MGT"block
setzone"MGT"tcp-rst
setzoneUntrustscreentear-drop
setzoneUntrustscreensyn-flood
setzoneUntrustscreenping-death
setzoneUntrustscreenip-filter-src
setzoneUntrustscreenland
setzoneV1-Untrustscreentear-drop
setzoneV1-Untrustscreensyn-flood
setzoneV1-Untrustscreenping-death
setzoneV1-Untrustscreenip-filter-src
setzoneV1-Untrustscreenland
setinterface"ethernet1"zone"V1-Trust"
setinterface"ethernet2"zone"V1-DMZ"
setinterface"ethernet3"zone"V1-Untrust"
setinterfacevlan1ip192.168.1.2/24
unsetinterfacevlan1bypass-others-ipsec
unsetinterfacevlan1bypass-non-ip
setinterfacevlan1ipmanageable
sethostnamens204-2
setsnmpname"ns204-2"
setikepolicy-checking
setikerespond-bad-spi1
setikeid-modesubnet
setxauthlifetime480
setxauthdefaultauthserverLocal
setpolicyid0from"V1-Trust"to"V1-Untrust""Any""Any""ANY"Permit
setpolicyid1from"V1-Untrust"to"V1-Trust""Any""Any""HTTP"Permit
setpolicyid2from"V1-Untrust"to"V1-Trust""Any""Any""DNS"Permit
setpolicyid3from"V1-Untrust"to"V1-Trust""Any""Any""rdc"Permit
unsetglobal-propolicy-managerprimaryoutgoing-interface
unsetglobal-propolicy-managersecondaryoutgoing-interface
setpkiauthoritydefaultscepmode"auto"
setpkix509defaultcert-pathpartial
setdnshostdns1202.96.128.68
setdnshostdns2202.96.134.133
setdnshostschedule00:
00
setvrouter"untrust-vr"
exit
setvrouter"trust-vr"
unsetadd-default-route
exit
附1:
网络系统配置
位置
设备
网络配置
系统平台
备注
南宁
中心路由器
192.168.10.1/24
172.16.20.1,5/30
172.16.30.1,5/30
172.16.40.1,5/30
172.16.50.1,5/30
172.16.60.1,5/30
华为3640E
内网
至柳州
至桂林
至梧州
至北海
至玉林
IP
192.168.10.11/24
ADLink
IPOMP
192.168.10.15/24
Dell1600SC
IPServer
192.168.10.21,22/24
SUNFirev280
IPSOMP
192.168.10.23/24
SunBlade150
CPServer
192.168.10.31,32/24
10.187.1.54/29(IOD)
10.187.2.22/29(BOSS)
SunFirev240
Ethernet1
Ethernet3
Ethernet4
Firewall(ns204-1)
192.168.10.2/24
192.168.1.1/24
NetScreen
Ethernet1
Ethernet2
MCPDB(db01)
192.168.1.41/24
SunFirev240
MCPApp(db02)
192.168.1.42/24
SunFirev240
Management
192.168.1.43/24
SunFirev240
StorEdge
192.168.1.49/24
StorEdge3310
WebServer
192.168.1.51,52/24
10.187.3.52/29
Dell2650
Ethernet1
Ethernet2
IVR
192.168.1.61,62/24
Dell1600SC
SIU
192.168.1.63/24
IntelSIU520
Firewall(ns204-2)
192.168.1.2/24
NetScreen
E1(内)
E3(外)
位置
设备
网络配置
系统平台
备注
柳州
接入路由器
192.168.20.1/24
172.16.20.2,6/30
华为2621
内网
至南宁
IP
192.168.20.11/24
IPOMP
192.168.20.13/24
桂林
接入路由器
192.168.30.1/24
172.16.30.2,6/30
华为2621
内网
至南宁
IP
192.168.30.11/24
IPOMP
192.168.30.13/24
梧州
接入路由器
192.168.40.1/24
172.16.40.2,6/30
华为2621
内网
至南宁
IP
192.168.40.11/24
IPOMP
192.168.40.13/24
北海
接入路由器
192.168.50.1/24
172.16.50.2,6/30
华为2621
内网
至南宁
IP
192.168.50.11/24
IPOMP
192.168.50.13/24
玉林
接入路由器
192.168.60.1/24
172.16.60.2,6/30
华为2621
内网
至南宁
IP
192.168.60.11/24
IPOMP
192.168.60.13/24
附2:
交换机端口配置
位置
设备
设备接口
交换机端口
网络地址
南宁
WebServer01
(DellPE2650)
00:
0d:
56:
71:
71:
d9/eth0
00:
0d:
56:
71:
71:
da/eth1
Switch01-03
Switch01-05
192.168.10.31
10.187.3.52
WebServer02
(DellPE2650)
00:
0d:
56:
71:
71:
bf/eth0
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络 配置 手册