网络安全管理案例解析.docx
- 文档编号:6841473
- 上传时间:2023-01-11
- 格式:DOCX
- 页数:16
- 大小:231.32KB
网络安全管理案例解析.docx
《网络安全管理案例解析.docx》由会员分享,可在线阅读,更多相关《网络安全管理案例解析.docx(16页珍藏版)》请在冰豆网上搜索。
网络安全管理案例解析
网络安全管理案例解析
1网络拓扑
2配置解析
2.1IGP/MPLS配置
2.1.1RH4(BRAS)配置
mplslsr-id4.4.4.4
mplsldp
quit
isis595
network-entity86.4725.0004.0004.0004.00
is-levellevel-2
quit
interfaceLoopBack0
ipaddress4.4.4.432
isisenable595
isiscircuit-levellevel-2
quit
interfaceLoopBack101
ipaddress44.44.44.4432
isisenable595
isiscircuit-levellevel-2
quit
interfaceGigabitEthernet1/0
undoshut
ipaddress45.45.45.424
isisenable595
isiscircuit-levellevel-2
mplsenable
mplsldpenable
quit
2.1.2RH5(CR)配置
mplslsr-id5.5.5.5
mpls
mplsldp
quit
isis595
network-entity86.4725.0005.0005.0005.00
is-levellevel-2
quit
interfaceLoopBack0
ipaddress5.5.5.532
isisenable595
isiscircuit-levellevel-2
quit
interfaceLoopBack101
ipaddress55.55.55.5532
isisenable595
isiscircuit-levellevel-2
quit
interfaceEthernet0/0/0
undoshut
ipaddress45.45.45.524
isisenable595
isiscircuit-levellevel-2
mpls
mplsldp
quit
interfaceEthernet0/0/1
undoshut
ipaddress56.56.56.524
isisenable595
isiscircuit-levellevel-2
mpls
mplsldp
quit
2.1.3RH6(SR)配置
mplslsr-id6.6.6.6
mpls
mplsldp
quit
isis595
network-entity86.4725.0006.0006
is-levellevel-2
quit
interfaceLoopBack0
ipaddress6.6.6.632
isisenable595
isiscircuit-levellevel-2
quit
interfaceLoopBack101
ipaddress66.66.66.6632
isisenable595
isiscircuit-levellevel-2
quit
interfaceEthernet0/0/0
undoshut
ipaddress56.56.56.624
isisenable595
isiscircuit-levellevel-2
mpls
mplsldp
quit
2.1.4结果验证
Ø从RH5PINGRH4和RH6的接口IP,确认是否正常。
PING45.45.45.4:
56databytes,pressCTRL_Ctobreak
Replyfrom45.45.45.4:
bytes=56Sequence=1ttl=255time=20ms
Replyfrom45.45.45.4:
bytes=56Sequence=2ttl=255time=10ms
Replyfrom45.45.45.4:
bytes=56Sequence=3ttl=255time=20ms
---45.45.45.4pingstatistics---
3packet(s)transmitted
3packet(s)received
0.00%packetloss
round-tripmin/avg/max=10/16/20ms
PING56.56.56.6:
56databytes,pressCTRL_Ctobreak
Replyfrom56.56.56.6:
bytes=56Sequence=1ttl=255time=40ms
Replyfrom56.56.56.6:
bytes=56Sequence=2ttl=255time=40ms
Replyfrom56.56.56.6:
bytes=56Sequence=3ttl=255time=40ms
---56.56.56.6pingstatistics---
3packet(s)transmitted
3packet(s)received
0.00%packetloss
round-tripmin/avg/max=40/40/40ms
Ø查看ISIS邻居、MPLS对等体信息,确认是否正常。
PeerinformationforISIS(595)
SystemIdInterfaceCircuitIdStateHoldTimeTypePRI
-------------------------------------------------------------------------------
0004.0004.0004Eth0/0/00005.0005.0005.01Up30sL264
0006.0006.0006Eth0/0/10005.0005.0005.02Up25sL264
LDPPeerInformationinPublicnetwork
A'*'beforeapeermeansthepeerisbeingdeleted.
------------------------------------------------------------------------------
PeerIDTransportAddressDiscoverySource
------------------------------------------------------------------------------
4.4.4.4:
04.4.4.4Ethernet0/0/0
6.6.6.6:
06.6.6.6Ethernet0/0/1
------------------------------------------------------------------------------
TOTAL:
2Peer(s)Found.
LDPLSPInformation
-------------------------------------------------------------------------------
DestAddress/MaskIn/OutLabelUpstreamPeerNextHopOutInterface
-------------------------------------------------------------------------------
4.4.4.4/32NULL/3-45.45.45.4Eth0/0/0
4.4.4.4/321026/34.4.4.445.45.45.4Eth0/0/0
4.4.4.4/321026/36.6.6.645.45.45.4Eth0/0/0
*4.4.4.4/32Liberal
5.5.5.5/323/NULL6.6.6.6127.0.0.1InLoop0
5.5.5.5/323/NULL4.4.4.4127.0.0.1InLoop0
*5.5.5.5/32Liberal
*5.5.5.5/32Liberal
6.6.6.6/32NULL/3-56.56.56.6Eth0/0/1
6.6.6.6/321025/36.6.6.656.56.56.6Eth0/0/1
6.6.6.6/321025/34.4.4.456.56.56.6Eth0/0/1
*6.6.6.6/32Liberal
44.44.44.44/32NULL/3-45.45.45.4Eth0/0/0
44.44.44.44/321027/34.4.4.445.45.45.4Eth0/0/0
44.44.44.44/321027/36.6.6.645.45.45.4Eth0/0/0
*44.44.44.44/32Liberal
55.55.55.55/323/NULL6.6.6.6127.0.0.1InLoop0
55.55.55.55/323/NULL4.4.4.4127.0.0.1InLoop0
*55.55.55.55/32Liberal
*55.55.55.55/32Liberal
66.66.66.66/32NULL/3-56.56.56.6Eth0/0/1
66.66.66.66/321024/36.6.6.656.56.56.6Eth0/0/1
66.66.66.66/321024/34.4.4.456.56.56.6Eth0/0/1
*66.66.66.66/32Liberal
-------------------------------------------------------------------------------
TOTAL:
16NormalLSP(s)Found.
TOTAL:
8LiberalLSP(s)Found.
TOTAL:
0FrrLSP(s)Found.
A'*'beforeanLSPmeanstheLSPisnotestablished
A'*'beforeaLabelmeanstheUSCBorDSCBisstale
A'*'beforeaUpstreamPeermeansthesessionisinGRstate
A'*'beforeaNextHopmeanstheLSPisFRRLSP
2.2BGP配置
2.2.1RH4(BRAS)配置
bgp64725
peer5.5.5.5as-number64725
peer5.5.5.5connect-interfaceLoopBack0
peer55.55.55.55as-number64725
peer55.55.55.55connect-interfaceLoopBack101
address-familyipv4unicast
peer55.55.55.55enable
quit
address-familyvpnv4
peer5.5.5.5enable
quit
quit
2.2.2RH5(CR)配置
bgp64725
peer4.4.4.4as-number64725
peer4.4.4.4connect-interfaceLoopBack0
peer44.44.44.44as-number64725
peer44.44.44.44connect-interfaceLoopBack101
peer6.6.6.6as-number64725
peer6.6.6.6connect-interfaceLoopBack0
peer66.66.66.66as-number64725
peer66.66.66.66connect-interfaceLoopBack101
undopeer4.4.4.4enable
undopeer6.6.6.6enable
peer44.44.44.44reflect-client
peer66.66.66.66reflect-client
ipv4-familyvpn
peer4.4.4.4enable
peer6.6.6.6enable
peer4.4.4.4reflect-client
peer6.6.6.6reflect-client
undopolicyvpn-target
quit
quit
2.2.3RH6(SR)配置
bgp64725
peer5.5.5.5as-number64725
peer5.5.5.5connect-interfaceLoopBack0
peer55.55.55.55as-number64725
peer55.55.55.55connect-interfaceLoopBack101
undopeer5.5.5.5enable
ipv4-familyvpnv4
peer5.5.5.5enable
quit
quit
2.2.4结果验证
Ø查看BGP对等体信息,确认是否正常。
BGPlocalrouterID:
45.45.45.5
LocalASnumber:
64725
Totalnumberofpeers:
2Peersinestablishedstate:
2
PeerVASMsgRcvdMsgSentOutQUp/DownStatePrefRcv
44.44.44.4446472534000:
00:
32Established0
66.66.66.6646472599000:
04:
24Established0
BGPlocalrouterID:
45.45.45.5
LocalASnumber:
64725
Totalnumberofpeers:
2Peersinestablishedstate:
2
PeerVASMsgRcvdMsgSentOutQUp/DownStatePrefRcv
4.4.4.446472532000:
00:
21Established0
6.6.6.646472555000:
03:
41Established0
2.3PPPOE业务配置
2.3.1RH2(接入交换机)配置
vlanbatch23
interfaceEthernet0/0/1
undoshutdown
portlink-typeaccess
portdefaultvlan3
quit
interfaceEthernet0/0/0
undoshutdown
portlink-typeaccess
portdefaultvlan2
quit
interfaceEth-Trunk2
quit
interfaceEthernet0/0/2
undoshutdown
eth-trunk2
quit
interfaceEthernet0/0/3
undoshutdown
eth-trunk2
quit
interfaceEth-Trunk2
portlink-typetrunk
porttrunkallow-passvlan23
quit
2.3.2RH3(汇聚交换机)配置
vlanbatch2233
interfaceEth-Trunk2
quit
interfaceEthernet0/0/0
undoshutdown
eth-trunk2
quit
interfaceEthernet0/0/2
undoshutdown
eth-trunk2
quit
interfaceEth-Trunk2
portswitch
portvlan-stackingoutside-vlan2stack-vlan22
portvlan-stackingoutside-vlan3stack-vlan33
quit
interfaceEthernet0/0/3
undoshutdown
portlink-typetrunk
porttrunkallow-passvlan2233
quit
2.3.3RH4(BRAS)配置
ippoolpppoe-1100.0.0.2100.0.0.254
ippoolpppoe-1100.0.0.1
domainqzadsl
authorization-attributeip-poolpppoe-1
authorization-attributeprimary-dnsip218.85.152.99
authorization-attributesecondary-dnsip218.85.157.99
authenticationppplocal
authorizationppplocal
accountingppplocal
quit
domaindefaultenableqzadsl
local-user22594511classnetwork
service-typeppp
passwordsimple22594511
quit
interfaceVirtual-Template1
pppauthentication-modepap
ipaddressunnumberedinterfaceLoopBack0
quit
interfaceGigabitEthernet2/0.3
vlan-typedot1qvid33second-dot1q3
pppoe-serverbindvirtual-template1
quit
2.3.4RH4(BRAS)路由发布
iproute-static100.0.0.024NULL0
bgp64725
address-familyipv4unicast
import-routestatic
quit
2.3.5结果验证
Ø在RH4路由发布前,RH5的路由表项如下。
RouteFlags:
R-relay,D-downloadtofib
------------------------------------------------------------------------------
RoutingTables:
Public
Destinations:
12Routes:
12
Destination/MaskProtoPreCostFlagsNextHopInterface
4.4.4.4/32ISIS1510D45.45.45.4Ethernet0/0/0
5.5.5.5/32Direct00D127.0.0.1InLoopBack0
6.6.6.6/32ISIS1510D56.56.56.6Ethernet0/0/1
44.44.44.44/32ISIS1510D45.45.45.4Ethernet0/0/0
45.45.45.0/24Direct00D45.45.45.5Ethernet0/0/0
45.45.45.5/32Direct00D127.0.0.1InLoopBack0
55.55.55.55/32Direct00D127.0.0.1InLoopBack0
56.56.56.0/24Direct00D56.56.56.5Ethernet0/0/1
56.56.56.5/32Direct00D127.0.0.1InLoopBack0
66.66.66.66/32ISIS1510D56.56.56.6Ethernet0/0/1
127.0.0.0/8Direct00D127.0.0.1InLoopBack0
127.0.0.1/32Direct00D127.0.0.1InLoopBack0
Ø在RH4路由发布后,RH5的路由表项如下。
RouteFlags:
R-relay,D-downloadtofib
------------------------------------------------------------------------------
RoutingTables:
Public
Destinations:
13Routes:
13
Destination/MaskProtoPreCostFlagsNextHopInterface
4.4.4.4/32ISIS1510D45.45.45.4Ethernet0/0/0
5.5.5.5/32Direct00D127.0.0.1InLoopBack0
6.6.6.6/32ISIS1510D56.56.56.6Ethernet0/0/1
44.44.44.44/32ISIS1510D45.45.45.4Ethernet0/0/0
45.45.45.0/24Direct00D45.45.45.5Ethernet0/0/0
45.45.45.5/32Direct00D127.0.0.1InLoopBack0
55.55.55.55/32Direct00D127.0.0.1InLoopBack0
56.56.56.0/
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 网络安全 管理 案例 解析