金融网络建设项目演练 上海农业银行网络项目建设方案书
目录
一 项目需求:
2
二 项目拓扑:
3
三 IP地址规划:
4
四 项目测试:
5
五 配置脚本:
6
六 技术分析:
6
一 项目需求:
1.农行设有2个部门,生产部门和办公部门,要求划分2个Vlan,生产部门属于Vlan5,办公部门属于Vlan6,2个部门共用一台交换机。
2.正常情况下生产部门的流量走路由器A,办公部门的流量走路...
上海农业银行网络项目建设
书
目录
一 项目需求:
2
二 项目拓扑:
3
三 IP地址规划:
4
四 项目测试:
5
五 配置脚本:
6
六 技术分析:
6
一 项目需求:
1.农行设有2个部门,生产部门和办公部门,要求划分2个Vlan,生产部门属于Vlan5,办公部门属于Vlan6,2个部门共用一台交换机。
2.正常情况下生产部门的流量走路由器A,办公部门的流量走路由器B。
3.数据包出去和回来的路径相同。
4.正常情况下生产部门流量走上行链路line1,如果line1链路故障,走line3,line3链路故障,走line2,line2故障走line4.
5. 正常情况下办公部门流量走上行链路line2,如果line2链路故障,走line4,line4链路故障,走line1,line1故障走line3.
6. 使用VRRP ,使得无论是A或B的上行链路断开,故障路由器流量均能切换到非故障路由器上。
二 项目拓扑:
三 IP地址规划:
设备
接口
IP
A
F1/0
192.6.27.82/29
B
F1/0
192.6.27.90/29
R2
F0/0
192.6.27.81/29
F1/0
192.6.27.2/29
R3
F0/0
192.6.27.89/29
F1/0
192.6.27.10/29
R4
F0/0
192.6.27.83/29
F1/0
192.6.27.18/29
R5
F0/0
192.6.27.91/29
F1/0
192.6.27.26/29
PC1
VLAN10
192.6.25.32/27
PC2
VLAN20
192.6.26.32/27
R1
F0/0
192.6.27.1/29
F0/1
192.6.27.9/29
F0/2
192.6.27.17/29
F0/3
192.6.27.25/29
Loopback0
192.6.27.254/32
四 项目测试:
正常情况下PC1与PC2的路径
正常情况下回路路由
R2坏掉后PC1的路径
R2和R4都坏掉后PC1的路径
R2、R4和R5都坏掉时PC1的路径
五 配置脚本:
EMBED WordPad.Document.1
EMBED WordPad.Document.1
EMBED WordPad.Document.1
EMBED WordPad.Document.1
EMBED WordPad.Document.1
EMBED WordPad.Document.1
EMBED WordPad.Document.1
六 技术分析:
1. VRRP技术
接口下
vrrp 1 ip 192.6.25.62
vrrp 1 prreempt
vrrp 1 priority 105
vrrp 1 track 1 decrement 10
(config-if)#ip add 10.10.10.253 255.255.255.0 / 进入接口模式,配置IP地址为10.10.10.253
(config-if)#vrrp 1 ip 10.10.10.254 / 设置vrrp组1的虚拟IP为10.10.10.254
(config-if)#vrrp 1 priority 150 / 设置VRRP组1的优先级为150
(config-if)#vrrp 1 track 1 decrement 50 / 使用track 1 监测下一跳,down时优先级减少50
2. 浮动静态路由及SLA技术
ip route 0.0.0.0 0.0.0.0 192.6.27.81 track 1
ip route 0.0.0.0 0.0.0.0 192.6.27.83 20
ip sla monitor 10 /创建服务条目
type echo protocol ipIcmpEcho 192.6.27.81 source-ipaddr 192.6.27.82
/设置监测ICPM echo 监测路由条目的下一跳IP 数据包离开路由器的出接口IP地址
timeout 50 /设置超时时间为 50 s
frequency 10 /设置频率为10 S
ip sla monitor schedule 10 life forever start-time now /设置SLA的启动时间为马上,有效期为永远
track 10 rtr 10 reachability /和track条目和响应条目关联,track关心可达性
3.静态路由重分布:
(config-router)#redistribute static subnets
4.OSPF优化
修改网络类型为点对点
ip router ospf network point-to-point
上海农业银行网络项目
建设方案
飞鹰小组
PAGE
3
_1373881521.rtf
R2#
R2#sh run
Building configuration...
Current configuration : 1347 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname B
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ip sla monitor 1
type echo protocol ipIcmpEcho 192.6.27.91 source-ipaddr 192.6.27.90
timeout 100
frequency 10
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 192.6.27.89 source-ipaddr 192.6.27.90
timeout 100
frequency 10
ip sla monitor schedule 2 life forever start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.6.25.61 255.255.255.224
vrrp 1 ip 192.6.25.62
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.6.26.61 255.255.255.224
vrrp 2 ip 192.6.26.62
vrrp 2 priority 105
!
interface FastEthernet1/0
ip address 192.6.27.90 255.255.255.248
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.6.27.91 track 1
ip route 0.0.0.0 0.0.0.0 192.6.27.89 20 track 2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373881636.rtf
R4# sh run
Building configuration...
Current configuration : 1216 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.6.27.252 255.255.255.255
!
interface FastEthernet0/0
ip address 192.6.27.89 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.6.27.10 255.255.255.248
duplex auto
speed auto
!
router ospf 1
router-id 192.6.27.10
log-adjacency-changes
redistribute static subnets route-map SPOTO
network 192.6.27.8 0.0.0.7 area 0
network 192.6.27.88 0.0.0.7 area 0
network 192.6.27.252 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
ip route 192.6.25.32 255.255.255.224 192.6.27.90
ip route 192.6.26.32 255.255.255.224 192.6.27.90
!
!
access-list 1 permit 192.6.25.32 0.0.0.31
access-list 2 permit 192.6.26.32 0.0.0.31
!
route-map SPOTO permit 10
match ip address 1
set metric 40
!
route-map SPOTO permit 20
match ip address 2
set metric 20
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373881734.rtf
R5# sh run
Building configuration...
Current configuration : 1217 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.6.27.250 255.255.255.255
!
interface FastEthernet0/0
ip address 192.6.27.91 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.6.27.26 255.255.255.248
duplex auto
speed auto
!
router ospf 1
router-id 192.6.27.26
log-adjacency-changes
redistribute static subnets route-map SPOTO
network 192.6.27.24 0.0.0.7 area 0
network 192.6.27.88 0.0.0.7 area 0
network 192.6.27.250 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
ip route 192.6.25.32 255.255.255.224 192.6.27.90
ip route 192.6.26.32 255.255.255.224 192.6.27.90
!
!
access-list 1 permit 192.6.25.32 0.0.0.31
access-list 2 permit 192.6.26.32 0.0.0.31
!
route-map SPOTO permit 10
match ip address 1
set metric 30
!
route-map SPOTO permit 20
match ip address 2
set metric 10
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373887003.vsd
SW3
R1
分行
网点
Lo0:192.6.27.254/32
192.6.27.1/29
192.6.27.2/29
192.6.27.9/29
192.6.27.10/29
192.6.27.25/29
192.6.27.26/29
192.6.27.18/29
192.6.27.17/29
192.6.27.81/29
192.6.27.89/29
192.6.27.83/29
192.6.27.91/29
192.6.27.82/29
192.6.27.90/29
VLAN 5
IP:192.6.25.33/27
网关:192.6.25.62/27
VLAN 6
IP:192.6.26.33/27
网关:192.6.26.62/27
地址范围
业务: 192.6.25.32/27
办公:192.6.26.32/27
互联:192.6.27.0/29
R2
R3
R4
R5
SW1
SW2
A
B
Line:1
Line:2
Line:3
Line:4
SW3
PC1
PC2
OSPF: Area 0
252/32
251/32
250/32
_1373885540.rtf
R1# sh run
Building configuration...
Current configuration : 1119 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.6.27.254 255.255.255.255
!
interface FastEthernet0/0
ip address 192.6.27.1 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.6.27.9 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet2/0
ip address 192.6.27.17 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet3/0
ip address 192.6.27.25 255.255.255.248
duplex auto
speed auto
!
router ospf 1
router-id 192.6.27.254
log-adjacency-changes
network 192.6.27.0 0.0.0.7 area 0
network 192.6.27.8 0.0.0.7 area 0
network 192.6.27.16 0.0.0.7 area 0
network 192.6.27.24 0.0.0.7 area 0
network 192.6.27.254 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373881674.rtf
R4#
R4#sh run
Building configuration...
Current configuration : 1217 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.6.27.251 255.255.255.255
!
interface FastEthernet0/0
ip address 192.6.27.83 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.6.27.18 255.255.255.248
duplex auto
speed auto
!
router ospf 1
router-id 192.6.27.18
log-adjacency-changes
redistribute static subnets route-map SPOTO
network 192.6.27.16 0.0.0.7 area 0
network 192.6.27.80 0.0.0.7 area 0
network 192.6.27.251 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
ip route 192.6.25.32 255.255.255.224 192.6.27.82
ip route 192.6.26.32 255.255.255.224 192.6.27.82
!
!
access-list 1 permit 192.6.25.32 0.0.0.31
access-list 2 permit 192.6.26.32 0.0.0.31
!
route-map SPOTO permit 10
match ip address 1
set metric 20
!
route-map SPOTO permit 20
match ip address 2
set metric 40
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373881590.rtf
R3#sh run
Building configuration...
Current configuration : 1216 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.6.27.253 255.255.255.255
!
interface FastEthernet0/0
ip address 192.6.27.81 255.255.255.248
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 192.6.27.2 255.255.255.248
duplex auto
speed auto
!
router ospf 1
router-id 192.6.27.253
log-adjacency-changes
redistribute static subnets route-map SPOTO
network 192.6.27.0 0.0.0.7 area 0
network 192.6.27.80 0.0.0.7 area 0
network 192.6.27.253 0.0.0.0 area 0
!
ip http server
no ip http secure-server
!
ip route 192.6.25.32 255.255.255.224 192.6.27.82
ip route 192.6.26.32 255.255.255.224 192.6.27.82
!
!
access-list 1 permit 192.6.25.32 0.0.0.31
access-list 2 permit 192.6.26.32 0.0.0.31
!
route-map SPOTO permit 10
match ip address 1
set metric 10
!
route-map SPOTO permit 20
match ip address 2
set metric 30
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373841361.rtf
Building configuration...
Current configuration : 560 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.6.26.33 255.255.255.224
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 192.6.26.62
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
_1373881433.rtf
SW# sh run
Building configuration...
Current configuration : 1067 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW3
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
switchport access vlan 10
!
interface FastEthernet0/1
switchport access vlan 20
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
no ip route-cache
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373881484.rtf
R1#sh run
Building configuration...
Current configuration : 1347 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ip sla monitor 1
type echo protocol ipIcmpEcho 192.6.27.81 source-ipaddr 192.6.27.82
timeout 100
frequency 10
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type echo protocol ipIcmpEcho 192.6.27.83 source-ipaddr 192.6.27.82
timeout 100
frequency 10
ip sla monitor schedule 2 life forever start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.6.25.60 255.255.255.224
vrrp 1 ip 192.6.25.62
vrrp 1 priority 105
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.6.26.60 255.255.255.224
vrrp 2 ip 192.6.26.62
!
interface FastEthernet1/0
ip address 192.6.27.82 255.255.255.248
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.6.27.81 track 1
ip route 0.0.0.0 0.0.0.0 192.6.27.83 20 track 2
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password spoto
login
!
!
end
_1373841663.rtf
SW1#sh run
Building configuration...
Current configuration : 945 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
no ip route-cache
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
_1373841695.rtf
SW2#sh run
Building configuration...
Current configuration : 945 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2
!
boot-start-marker
boot-end-marker
!
enable password spoto
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
no ip route-cache
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
_1373841340.rtf
PC1#sh run
Building configuration...
Current configuration : 560 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PC1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
!
!
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.6.25.33 255.255.255.224
no ip route-cache
duplex auto
speed auto
!
ip default-gateway 192.6.25.62
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
本文档为【金融网络建设项目演练】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。