网络配置手册Word文档下载推荐.docx
- 文档编号:22936921
- 上传时间:2023-02-06
- 格式:DOCX
- 页数:26
- 大小:62.97KB
网络配置手册Word文档下载推荐.docx
《网络配置手册Word文档下载推荐.docx》由会员分享,可在线阅读,更多相关《网络配置手册Word文档下载推荐.docx(26页珍藏版)》请在冰豆网上搜索。
ipaddress172.16.30.1255.255.255.252
7.南宁到桂林接口2
interfaceSerial3:
ipaddress172.16.30.5255.255.255.252
8.南宁到梧州接口1
interfaceSerial4:
descriptionColorRingwithNNtoWuZhou
ipaddress172.16.40.1255.255.255.252
9.南宁到梧州接口2
interfaceSerial5:
ipaddress172.16.40.5255.255.255.252
10.南宁到北海接口1
interfaceSerial6:
descriptionColorRingwithNNtoBeiHai
ipaddress172.16.50.1255.255.255.252
11.南宁到北海接口2
interfaceSerial7:
ipaddress172.16.50.5255.255.255.252
12.南宁到玉林接口1
interfaceSerial8:
descriptionColorRingwithNNtoYuLin
ipaddress172.16.60.1255.255.255.252
13.南宁到玉林接口2
interfaceSerial9:
ipaddress172.16.60.5255.255.255.252
14.目前空闲
interfaceSerial10:
descriptionColorRingwithBackupDataLinktoOthers
interfaceSerial11:
descriptionColorRingwithBackupDataLinktoOthers
15.OSPF路由协议
ospfenable
abr-summary172.16.0.0mask255.255.0.0area0.0.0.60
abr-summary192.168.10.0mask255.255.255.0area0.0.0.60
三、防火墙简要说明
广西移动彩铃项目中使用的防火墙共两台,型号均为NetScreen204,其中一台(ns204-1)用于隔离MCP设备和IP设备,该防火墙采用路由方式通过协议数据,另外一台(ns204-2)用于隔离Web服务器和CMnet,该防火墙采用透明网桥方式连接内外部网络,并严格设置策略。
四、防火墙的登陆方式
包括从内部网络Telnet和Web访问,用户名均为netscreen,密码分别为mscbs&
ns204-1和mscbs&
ns204-2
开放的WebUI,登陆界面,
策略设置界面
五、
防火墙详细配置表
1.防火墙1
setauth-server"
Local"
id0
server-name"
setauthdefaultauthserver"
setclock"
timezone"
8
setadminformatdos
setadminname"
netscreen"
setadminpasswordnFkKPmrfOYiHcnFEIs0N9fPtbJCtrn
setadminmailalert
setadminmailserver-name"
"
setadminmailmail-addr1gx_colorring@
setadminmailmail-addr2jiessie@
setadminmailtraffic-log
setadminauthtimeout10
setadminauthserver"
setvroutertrust-vrsharable
unsetvrouter"
trust-vr"
auto-route-export
setzone"
Trust"
vrouter"
Untrust"
DMZ"
tcp-rst
block
unsetzone"
MGT"
setzoneUntrustscreentear-drop
setzoneUntrustscreensyn-flood
setzoneUntrustscreenping-death
setzoneUntrustscreenip-filter-src
setzoneUntrustscreenland
setzoneV1-Untrustscreentear-drop
setzoneV1-Untrustscreensyn-flood
setzoneV1-Untrustscreenping-death
setzoneV1-Untrustscreenip-filter-src
setzoneV1-Untrustscreenland
setinterface"
ethernet1"
zone"
ethernet2"
ethernet3"
setinterfacevlan1ip192.168.0.1/29
setinterfaceethernet1ip192.168.10.2/24
setinterfaceethernet1route
setinterfaceethernet2ip192.168.1.1/24
setinterfaceethernet2route
unsetinterfacevlan1bypass-others-ipsec
unsetinterfacevlan1bypass-non-ip
setinterfacevlan1ipmanageable
setinterfaceethernet1ipmanageable
setinterfaceethernet2ipmanageable
setinterfaceethernet3ipmanageable
unsetinterfaceethernet1managescs
unsetinterfaceethernet1managesnmp
unsetinterfaceethernet1manageglobal-pro
unsetinterfaceethernet1managessl
setinterfaceethernet2manageping
setinterfaceethernet2managetelnet
setinterfaceethernet2manageweb
mip192.168.1.3host192.168.10.1netmask255.255.255.255vr"
sethostnamens204-1
setaddress"
"
CRBTnet.10"
192.168.10.0255.255.255.0
CRBTnet.1"
192.168.1.0255.255.255.0
setsnmpname"
ns204-1"
setikepolicy-checking
setikerespond-bad-spi1
setikeid-modesubnet
setxauthlifetime480
setxauthdefaultauthserverLocal
setpolicyid5name"
1->
10"
from"
to"
ANY"
Permit
setpolicyid4name"
10->
1"
setpolicyid6name"
IProute"
MIP(192.168.1.3)"
unsetglobal-propolicy-managerprimaryoutgoing-interface
unsetglobal-propolicy-managersecondaryoutgoing-interface
setpkiauthoritydefaultscepmode"
auto"
setpkix509defaultcert-pathpartial
setdnshostdns1202.96.134.133
setdnshostschedule00:
00
setvrouter"
untrust-vr"
exit
unsetadd-default-route
2.防火墙2
0
setadminpasswordnOL3Exr1HHOAcfyM5s8PfeDtf+E/Qn
setservice"
rdc"
group"
other"
tcpsrc0-65535dst3389-3389
+udpsrc0-65535dst3389-3389
V1-Trust"
V1-DMZ"
V1-Untrust"
setinterfacevlan1ip192.168.1.2/24
sethostnamens204-2
ns204-2"
setpolicyid0from"
Any"
setpolicyid1from"
HTTP"
setpolicyid2from"
DNS"
setpolicyid3from"
setdnshostdns1202.96.128.68
setdnshostdns2202.96.134.133
附1:
网络系统配置
位置
设备
网络配置
系统平台
备注
南宁
中心路由器
192.168.10.1/24
172.16.20.1,5/30
172.16.30.1,5/30
172.16.40.1,5/30
172.16.50.1,5/30
172.16.60.1,5/30
华为3640E
内网
至柳州
至桂林
至梧州
至北海
至玉林
IP
192.168.10.11/24
ADLink
IPOMP
192.168.10.15/24
Dell1600SC
IPServer
192.168.10.21,22/24
SUNFirev280
IPSOMP
192.168.10.23/24
SunBlade150
CPServer
192.168.10.31,32/24
10.187.1.54/29(IOD)
10.187.2.22/29(BOSS)
SunFirev240
Ethernet1
Ethernet3
Ethernet4
Firewall(ns204-1)
192.168.10.2/24
192.168.1.1/24
NetScreen
Ethernet2
MCPDB(db01)
192.168.1.41/24
MCPApp(db02)
192.168.1.42/24
Management
192.168.1.43/24
StorEdge
192.168.1.49/24
StorEdge3310
WebServer
192.168.1.51,52/24
10.187.3.52/29
Dell2650
IVR
192.168.1.61,62/24
SIU
192.168.1.63/24
IntelSIU520
Firewall(ns204-2)
192.168.1.2/24
E1(内)
E3(外)
柳州
接入路由器
192.168.20.1/24
172.16.20.2,6/30
华为2621
至南宁
192.168.20.11/24
192.168.20.13/24
桂林
192.168.30.1/24
172.16.30.2,6/30
192.168.30.11/24
192.168.30.13/24
梧州
192.168.40.1/24
172.16.40.2,6/30
192.168.40.11/24
192.168.40.13/24
北海
192.168.50.1/24
172.16.50.2,6/30
192.168.50.11/24
192.168.50.13/24
玉林
192.168.60.1/24
172.16.60.2,6/30
192.168.60.11/24
192.168.60.13/24
附2:
交换机端口配置
设备接口
交换机端口
网络地址
WebServer01
(DellPE2650)
00:
0d:
56:
71:
d9/eth0
da/eth1
Switch01-03
Switch01-05
192.168.10.31
10.187.3.52
WebServer02
bf/eth0
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络 配置 手册