銀行網(wǎng)絡(luò)應(yīng)急預(yù)案_第1頁
銀行網(wǎng)絡(luò)應(yīng)急預(yù)案_第2頁
銀行網(wǎng)絡(luò)應(yīng)急預(yù)案_第3頁
銀行網(wǎng)絡(luò)應(yīng)急預(yù)案_第4頁
銀行網(wǎng)絡(luò)應(yīng)急預(yù)案_第5頁
已閱讀5頁,還剩38頁未讀, 繼續(xù)免費閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)

文檔簡介

1、銀行網(wǎng)絡(luò)應(yīng)急方案XX股份有限公司網(wǎng)絡(luò)與安全服務(wù)部2012年2月目錄一、銀行網(wǎng)絡(luò)結(jié)構(gòu)拓撲二、骨干網(wǎng)通信故障匕故障處理人員電信、聯(lián)通網(wǎng)絡(luò)通信故障通信故障恢復(fù)到總行路由器故障路由器故障處理三、核心交換機故障應(yīng)急一臺4506交換機故障應(yīng)急當核心交換同時癱瘓在20分鐘內(nèi)保證業(yè)務(wù)正常運作四、第三方外聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急第三方業(yè)務(wù)銀聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急其它第三方業(yè)務(wù)區(qū)網(wǎng)絡(luò)應(yīng)急五、聯(lián)系方式:一、銀行網(wǎng)絡(luò)結(jié)構(gòu)拓撲二、骨干網(wǎng)通信故障故障處理人員參與人:XX、XX、XX電信、聯(lián)通網(wǎng)絡(luò)通信故障根據(jù)到總行的兩臺cisco 7206路由器的日志以及實際登陸設(shè)備使用 show int ATM4/0.1、ping對端地址、show ip r

2、oute、show log,查看上述相關(guān)設(shè)備和線路是否 有反復(fù)重起、誤碼率高、異常路由、錯誤連接等情況即可確認故障。通信故障恢復(fù)恢復(fù)步驟:1)重啟故障新路相連路由器,看是否能夠自動恢復(fù)2)斷電重起無法解決故障的,停止使用故障設(shè)備和線路,防止其影響網(wǎng)絡(luò)其他部分。3)如系線路故障通知各有關(guān)方面(逐項對照處理):如為中國電信線路故障,向報修,并通知分行辦公室相關(guān)人員。如為中國聯(lián)通線路故障,向XXXX報修,并通知分行辦公室相關(guān)人員。到總行路由器故障查看日志,檢查設(shè)備故障前的異常日志信息;登陸路由器使用show log,show ip int brie , show process cpu his ,

3、show ip route , ping 對端地址等命令來確認故障。路由器故障處理一旦發(fā)現(xiàn)到總行7206路由器故障可按以下步驟來處理:聯(lián)系XX公司,并啟動原廠商保修服務(wù)備件更換程序。因為兩臺7206路由器是互為備份的,一臺發(fā)生故障不影響實際業(yè)務(wù),不調(diào)用庫房 備件和集成商備件更換,等待原廠商備件到達。對于能夠在線插拔的接口模塊、有standby的引擎和電源,優(yōu)先使用在線更換方 式。在線更換的具體操作流程如下:a)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Console上,啟動Console監(jiān)控和記錄;b)準備好存檔的系統(tǒng)配置,備用。如有可能,同時保存當前系統(tǒng)配置;c)對故障模塊上連接的線纜做好標記,小心拔下;

4、d)做好安全接地,拔下故障模塊;e)檢查設(shè)備和模塊狀態(tài),確認是否影響整個設(shè)備或其他模塊正常運行,standby模 塊是否正常接管;f)做好安全接地,插上更換的備件模塊;g)檢查設(shè)備和模塊狀態(tài),確認是否能夠正常識別新模塊,是否影響其他模塊運行;h)按原樣插上線纜;i)檢查線纜連接狀態(tài)正常;j)確認備件更換成功。l對于機箱、不能在線插拔的接口模塊、或者沒有standby的引擎和電源,采用下 電更換方式。下電更換的具體操作流程如下:a)準備好存檔的系統(tǒng)配置,備用。如有可能,同時保存當前系統(tǒng)配置;b)準備好原先使用的系統(tǒng)軟件,備用;c)故障設(shè)備下電;d)對需要拔除的線纜做好標記,小心拔下。如果機箱或引

5、擎更換,需拔除所有連接 線纜;e)更換備件;f)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Console上,啟動Console監(jiān)控和記錄;g)設(shè)備上電;h)檢查系統(tǒng)自檢情況,確認無硬件故障;i)安裝系統(tǒng)軟件;j)恢復(fù)系統(tǒng)配置;k)冷啟動,確認軟硬件正常工作;l)按原樣插上其他線纜;m)檢查線纜連接狀態(tài)正常;n)確認備件更換成功。三、核心交換機故障應(yīng)急一臺4506交換機故障應(yīng)急查看日志,檢查設(shè)備故障前的異常日志信息;登陸交換機使用show log, show ip int brie , show process cpu his , show ip route , ping 對端地址,show vlan bri

6、e , show vtp stat , show process mem , show modul , show diag , show ip eigrp nei , show cdp nei等一系列命令來查找、確認故障。因為兩臺4506核心交換機完全是熱備的雙機,所以一臺發(fā)生故障并不影響業(yè)務(wù)運 行。對于配置問題要制定正確的更改配置腳本,備份當前配置以后實施更改;對于線路 問題的要制作新網(wǎng)線,替換故障的網(wǎng)線;對于硬件問題要練習(xí)XX公司,申請硬件故障維 修。對于能夠在線插拔的接口模塊、有standby的引擎和電源,優(yōu)先使用在線更換方式。 在線更換的具體操作流程如下:a)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備

7、的Console上,啟動Console監(jiān)控和記錄;b)準備好存檔的系統(tǒng)配置,備用。如有可能,同時保存當前系統(tǒng)配置;c)對故障模塊上連接的線纜做好標記,小心拔下;d)做好安全接地,拔下故障模塊;e)檢查設(shè)備和模塊狀態(tài),確認是否影響整個設(shè)備或其他模塊正常運行,standby模 塊是否正常接管;f)做好安全接地,插上更換的備件模塊;g)檢查設(shè)備和模塊狀態(tài),確認是否能夠正常識別新模塊,是否影響其他模塊運行;h)按原樣插上線纜;i)檢查線纜連接狀態(tài)正常;j)確認備件更換成功。l對于機箱、不能在線插拔的接口模塊、或者沒有standby的引擎和電源,采用下 電更換方式。下電更換的具體操作流程如下:a)準備好

8、存檔的系統(tǒng)配置,備用。如有可能,同時保存當前系統(tǒng)配置;b)準備好原先使用的系統(tǒng)軟件,備用;c)故障設(shè)備下電;d)對需要拔除的線纜做好標記,小心拔下。如果機箱或引擎更換,需拔除所有連接 線纜;e)更換備件;f)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Console上,啟動Console監(jiān)控和記錄;g)設(shè)備上電;h)檢查系統(tǒng)自檢情況,確認無硬件故障;i)安裝系統(tǒng)軟件;j)恢復(fù)系統(tǒng)配置;k)冷啟動,確認軟硬件正常工作;l)對于交換機要將VTP設(shè)置為Client模式,首先連接上行線纜,確認VTP復(fù)制正 確;m)按原樣插上其他線纜;n)檢查線纜連接狀態(tài)正常;o)確認備件更換成功。當核心交換同時癱瘓在20分鐘內(nèi)保證業(yè)

9、務(wù)正常運作現(xiàn)有2臺備用的cisco3550,在兩臺核心cisco4506同事癱瘓后,將其作為核心交換 來保證業(yè)務(wù)的正常運作,同時保持原有的網(wǎng)絡(luò)拓撲及網(wǎng)絡(luò)核心的安全策略和qos。3550核心交換配置定義設(shè)備命名hostname production設(shè)備軟件版本使用支持動態(tài)路由協(xié)議的 IOS: c3550-i5k2l2q3-mz.121-13.EA1a.binVlan定義1 defaultactive Fa0/1, Fa0/2, Fa0/35,Fa0/36Fa0/37, Fa0/38, Fa0/39,Fa0/40Fa0/41, Fa0/42, Fa0/43,Fa0/44Fa0/45, Fa0/46

10、, Fa0/47,Fa0/482vlan0002activeFa0/10, Fa0/21, Fa0/25,Fa0/34Gi0/1, Gi0/23vlan0003activeFa0/5, Fa0/8, Fa0/11,Fa0/12Fa0/17, Fa0/19, Fa0/20,Fa0/22Fa0/28, Fa0/29, Fa0/30,Fa0/324vlan0004activeFa0/13, Fa0/18, Fa0/275vlan0005activeFa0/76vlan0006active10vlan0010activeFa0/4, Fa0/6, Fa0/1420vlan0020active30vla

11、n0030active40vlan0040active50VLAN0050active60VLAN0060active63vlan0063active128vlan0128activeFa0/3, Fa0/24, Fa0/26,Fa0/31Fa0/33195vlan195activeFa0/16, Fa0/23196vlan196active255VLAN0255activeFa0/9, Fa0/15Ip地址分配及hsrpinterface Vlanlno ip redirectsshutdownstandby 10 priority 100standby 10 preempt!interfa

12、ce Vlan2ip access-group 101 inno ip redirectsstandby 20 priority 150standby 20 preempt!interface Vlan3ip access-group 101 inno ip redirectsstandby 30 priority 150standby 30 preempt!interface Vlan4no ip redirectsstandby 40 priority 150standby 40 preempt!interface Vlan5no ip redirectsstandby 50 priori

13、ty 150standby 50 preemptinterface Vlan6no ip addressno ip redirectsshutdownstandby 60 priority 150standby 60 preempt!interface Vlan10ip address 10.20.0ip access-group 103 inno ip redirectsstandby 100 ip standby 100 timers 5 15standby 100 priority 200standby 100 preemptstandby 100 track Vlan10 50 !in

14、terface Vlan20no ip addressno ip redirectsstandby 110 timers 5 15standby 110 priority 150standby 110 preemptstandby 110 track Vlan20 50 !interface Vlan30no ip addressip access-group 101 inno ip redirectsshutdownstandby 120 timers 5 15standby 120 priority 200standby 120 track Vlan30 50interface Vlan4

15、0no ip addressip access-group 101 inno ip redirectsshutdownstandby 130 timers 5 15standby 130 priority 150standby 130 preemptstandby 130 track Vlan40 50!interface Vlan50ip address 10.20.1ip helper-address 0no ip redirectsstandby 150 ip standby 150 timers 5 15standby 150 priority 150standby 150 preem

16、ptstandby 150 track Vlan150!interface Vlan63no ip addressno ip redirects!interface Vlan128ip access-group 101 inno ip redirectsstandby 160 timers 5 15standby 160 priority 150standby 160 preemptstandby 160 track Vlan128 50 !interface Vlan150no ip addressshutdown!interface Vlan195no ip redirectsstandb

17、y 195 priority 150standby 195 preempt !interface Vlan196no ip addressno ip redirectsshutdownstandby 196 priority 100standby 196 preempt !interface Vlan255no ip redirectsstandby 255 priority 200standby 255 preempt路由策略router eigrp 20redistribute staticnetwork 10.20.0no auto-summaryno eigrp log-neighbo

18、r-changesip route 0.0.0ip route 10.20.9ip route 10.20.9interface Vlan2ip access-group 101 ininterface Vlan3ip access-group 101 ininterface Vlan30no ip addressip access-group 101 ininterface Vlan40no ip addressip access-group 101 ininterface Vlan128ip access-group 101 inaccess-list 101 permit ip host

19、 10.20.0access-list 101 permit ip host 10.20.0access-list101denyip10.0.0access-list101denyip10.0.0access-list101denyip10.0.0access-list101permitipany anyinterface Vlan10ip address 10.20.0ip access-group 103 inaccess-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103

20、 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip 10.20.0access-list 103

21、permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.0access-list 103 permit ip 10.20.2access-list 103 permit ip 10.20.3access-list 103 per

22、mit ip 10.20.0access-list 103 permit ip host 10.20.0access-list 103 permit ip host 10.20.0access-list 103 deny ip 10.0.0access-list 103 deny ip 10.0.0access-list 103 deny ip 10.0.0access-list 103 permit ip any anyQos作為核心交換機無需在此配置qos安全策略aaa new-modelaaa authentication login spdb-acs group tacacs+ ena

23、bleaaa accounting exec spdb-acs start-stop group tacacs+aaa accountingcommands0spdb-acsstart-stopgrouptacacs+aaa accountingcommands1spdb-acsstart-stopgrouptacacs+aaa accountingcommands2spdb-acsstart-stopgrouptacacs+aaa accountingcommands3spdb-acsstart-stopgrouptacacs+aaa accountingcommands 4 spdb-ac

24、s start-stopgrouptacacs+aaa accountingcommands 5 spdb-acs start-stopgrouptacacs+aaa accountingcommands 6 spdb-acs start-stopgrouptacacs+aaa accountingcommands 7 spdb-acs start-stopgrouptacacs+aaa accountingcommands 8 spdb-acs start-stopgrouptacacs+aaa accountingcommands 9 spdb-acs start-stopgrouptac

25、acs+aaa accountingcommands 10 spdb-acs start-stopgrouptacacs+aaa accountingcommands 11 spdb-acs start-stopgrouptacacs+aaa accountingcommands 12 spdb-acs start-stopgrouptacacs+aaa accountingcommands 13 spdb-acs start-stopgrouptacacs+aaa accountingcommands 14 spdb-acs start-stopgrouptacacs+aaa account

26、ingcommands 15 spdb-acs start-stopgrouptacacs+ip tacacs source-interface Loopback0 tacacs-server key s9y8 logging trap debugginglogging source-interface Loopback0 line vty 0 4exec-timeout 5 0accounting commands 0 spdb-acsaccounting commands 1 spdb-acsaccounting commands 2 spdb-acsaccounting commands

27、 3 spdb-acsaccounting commands 4 spdb-acsaccounting commands 5 spdb-acsaccounting commands 6 spdb-acsaccounting commands 7 spdb-acsaccounting commands 8 spdb-acsaccounting commands 9 spdb-acs accounting commands 10 spdb-acs accounting commands 11 spdb-acsaccounting commands 12 spdb-acsaccounting com

28、mands 13 spdb-acsaccounting commands 14 spdb-acsaccounting commands 15 spdb-acsaccounting exec spdb-acslogin authentication spdb-acs網(wǎng)管配置snmp-server community public ROsnmp-server community read RO 10snmp-server trap-source Loopback0snmp-server enable traps snmp authentication warmstartsnmp-server en

29、able traps configsnmp-server enable traps entitysnmp-server enable traps rtrsnmp-server enable traps vtp其他配置service timestamps debug datetime localtime show-timezoneservice timestamps log datetime localtime show-timezoneservice password-encryptionno ip domain-lookupip cef load-sharing algorithm orig

30、inalclock timezone BJT 8ntp source Loopback0monitor session 1 source vlan 1 , 10 , 192 rxmonitor session 1 destination interface Fa0/5網(wǎng)絡(luò)實施前期準備一、8條交叉線(2條做trunk,6條連向樓層交換機)二、將樓層交換機的fa0/47和48 口空出來,并做好相應(yīng)的配置實施步驟第一步:兩臺3550上架并加電啟用(預(yù)計3分鐘)第二步:將連接hp小機的光纖接口連到3550上(預(yù)計1分鐘)cisco4506 主的 gigabit1/1 對應(yīng) 3550 主的 gigabi

31、t0/1cisco4506 主的 gigabit2/2 對應(yīng) 3550 主的 gigabit0/2cisco4506 備的 gigabit1/1 對應(yīng) 3550 主的 gigabit0/1cisco4506 備的 gigabit2/2 對應(yīng) 3550 主的 gigabit0/2第三步:將現(xiàn)成的交叉線在3550主備之間互連做ether channel(預(yù)計1分鐘)3550 主的 fa0/47 對應(yīng) 3550 備的 fa0/473550 主的 fa0/48 對應(yīng) 3550 備的 fa0/48第四步:將連在cisco4506上所有的電口都挪向3550上(預(yù)計5分鐘)cisco4506 主的 fa2/

32、3 對應(yīng) 3550 主的 fa0/3cisco4506 主的 fa2/4 對應(yīng) 3550 主的 fa0/4以此類推cisco4506 主的 fa2/34 對應(yīng) 3550 主的 fa0/34cisco4506 備的 fa2/3 對應(yīng) 3550 備的 fa0/3cisco4506 備的 fa2/4 對應(yīng) 3550 備的 fa0/4以此類推cisco4506 備的 fa2/34 對應(yīng) 3550 備的 fa0/34第五步:3臺樓層交換機與3550之間的互連(預(yù)計3分鐘)3550 主的 fa0/41 對應(yīng) 255.15 的 fa0/473550 主的 fa0/43 對應(yīng) 255.16 的 fa0/473

33、550 主的 fa0/45 對應(yīng) 255.17 的 fa0/473550 備的 fa0/41 對應(yīng) 255.15 的 fa0/483550 備的 fa0/43 對應(yīng) 255.16 的 fa0/483550 備的 fa0/45 對應(yīng) 255.17 的 fa0/48四、第三方外聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急1.第三方業(yè)務(wù)銀聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急線路故障:發(fā)生故障時,登陸ASA防火墻、交換機、路由器通過show log , show ip int brie , show interface , ping , show ip route , show route等命令來確認相關(guān) 接口在故障發(fā)生前和發(fā)生時的狀態(tài),找出問題線路。如果

34、是內(nèi)部網(wǎng)絡(luò)線路,在線更換的具體操作流程如下:a)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Console上,啟動Console監(jiān)控和記錄;b)準備好存檔的系統(tǒng)配置,備用。如有可能,同時保存當前系統(tǒng)配置;c)對故障模塊上連接的線纜做好標記,小心拔下;d)做好安全接地,插上更換的新網(wǎng)線e)檢查線纜連接狀態(tài)正常;f)確認線纜更換成功。如果是外部線纜,則確認故障后,由XX打保修電話,聯(lián)系聯(lián)通、移動公司人員前來 維修。設(shè)備故障:由于銀聯(lián)區(qū)所有的設(shè)備都是雙機熱備,所以一臺發(fā)生故障并不影響業(yè)務(wù) 運行。對于配置問題要制定正確的更改配置腳本,備份當前配置以后實施更改;對于硬 件問題要練習(xí)XX公司,申請硬件故障維修。兩臺設(shè)備故

35、障:使用1臺ASA 5540防火墻備份ASA防火墻的配置、使用1臺cisco 1841路由器備份連接銀聯(lián)方路由器的配置,任意1臺交換機無需配置用來備份銀聯(lián)區(qū)交 換機。ASA防火墻配置:spdbsyasa# sh run:SavedASA Version 8.2(1)!hostname spdbsyasaenable password 2KFQnbNIdI.2KYOU encryptedpasswd 2KFQnbNIdI.2KYOU encryptednamesinterface GigabitEthernet0/0speed 100 duplex full nameif outside sec

36、urity-level 0 !interface GigabitEthernet0/1nameif insidesecurity-level 100!interface GigabitEthernet0/2nameif dmzsecurity-level 50!interface GigabitEthernet0/3description LAN Failover Interface !interface Management0/0shutdownno nameifno security-levelno ip address!ftp mode passiveaccess-list OUTSID

37、E_IN extended permit icmp any any access-list INSIDE_OUT extended permit icmp any any pager lines 24 mtu outside 1500 mtu inside 1500 mtu dmz 1500failoverfailover lan unit primaryfailover lan interface failoverlan GigabitEthernet0/3failover polltime unit msec 500 holdtime 5icmp unreachable rate-limi

38、t 1 burst-size 1no asdm history enablearp timeout 14400nat (inside) 2 access-list IPP_PATaccess-group OUTSIDE_IN in interface outsideaccess-group INSIDE_OUT in interface insideroute inside 10.20.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:1

39、0:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server TACACS+ p

40、rotocol tacacs+aaa-server RADIUS protocol radiusaaa-server spdb-acs protocol tacacs+key s9y8key s9y9aaa authentication ssh console spdb-acsno snmp-server locationno snmp-server contactsnmp-server community *snmp-server enable traps snmp authentication linkup linkdown coldstartsnmp-server enable trap

41、s syslogcrypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000telnet timeout 5ssh timeout 5console timeout 0threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-intercept !class-map inspec

42、tion_defaultmatch default-inspection-traffic!policy-map type inspect dns preset_dns_mapparametersmessage-length maximum 512policy-map global_policyclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225inspect h323 rasinspect netbiosinspect rshinspect rtspinspect skinnyinspect

43、 esmtpinspect sqlnetinspect sunrpcinspect tftpinspect sipinspect xdmcpservice-policy global_policy globalprompt hostname contextCryptochecksum:b0171b7af7453023bce0c7ebfafb273e:endspdbsyasa#路由器配置:R1#sh runBuilding configuration.Current configuration : 4554 bytes !version 12.4service timestamps debug

44、datetime msecservice timestamps log datetime msecno service password-encryption!hostname R1!boot-start-markerboot-end-marker!logging message-counter syslogenable password cisco!aaa new-model!aaa authentication login spdb-acs group tacacs+ enableaction-type start-stopgroup tacacs+!aaa accounting comm

45、ands 0 spdb-acs action-type start-stopgroup tacacs+!aaa accounting commands 1 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 2 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 3 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 4 spdb-a

46、cs action-type start-stop group tacacs+!aaa accounting commands 5 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 6 spdb-acs action-type start-stopaaa accounting commands 7 spdb-acsaction-type start-stopgroup tacacs+aaa accounting commands 8 spdb-acs action-type start-stop grou

47、p tacacs+!aaa accounting commands 9 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 10 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 11 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 12 spdb-acs action-type start-stop group tacacs+

48、!aaa accounting commands 13 spdb-acs action-type start-stop group tacacs+action-type start-stopgroup tacacs+aaa accounting commands 15 spdb-acsaction-type start-stopgroup tacacs+aaa session-id commondotll syslogip source-routeip cefno ip domain lookupno ipv6 cef!multilink bundle-name authenticatedvo

49、ice-card 0archivelog confighidekeystrack 1 ip sla 1 reachabilityinterface Loopback0interface FastEthernet0/0 no ip address shutdown duplex auto speed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!interface FastEthernet0/3/0!interface FastEthernet0/3/1 !interface FastEthern

50、et0/3/2 !interface FastEthernet0/3/3 !interface Serial0/1/0description to Yinlianip nat insideip virtual-reassembly encapsulation pppno shutdownclock rate 2000000!interface Serial0/1/1no ip addressshutdownclock rate 2000000!interface Vlan1ip nat outsideip virtual-reassemblystandby 184 priority 105st

51、andby 184 preemptstandby 184 track 1 decrement 10!ip forward-protocol ndip route 10.0.0no ip http serverno ip http secure-server!ip nat outside source list 105 pool yinlianpoolip nat outside source list 106 pool pospool!ip sla 1frequency 5ip sla schedule 1 life forever start-time nowtacacs-server ke

52、y s9y8control-planeline con 0exec-timeout 0 0logging synchronousline aux 0line vty 0 4exec-timeout 0 0password ciscoaccounting commands 0 spdb-acs accounting commands 1 spdb-acs accounting commands 2 spdb-acs accounting commands 3 spdb-acs accounting commands 4 spdb-acsaccounting commands 5 spdb-acs

53、 accounting commands 6 spdb-acs accounting commands 7 spdb-acsaccounting commands 9 spdb-acsaccounting commands 10 spdb-acsaccounting commands 11 spdb-acsaccounting commands 12 spdb-acsaccounting commands 13 spdb-acsaccounting commands 14 spdb-acsaccounting commands 15 spdb-acsaccounting exec spdb-a

54、cslogging synchronouslogin authentication spdb-acs !scheduler allocate 20000 1000ntp source Loopback0endR1#R2#sh runBuilding configuration.Current configuration : 4533 bytes !version 12.4service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption !hostn

55、ame R2!boot-start-markerboot-end-markerlogging message-counter syslogenable password cisco!aaa new-model!aaa authentication login spdb-acs group tacacs+ enableaaa accounting exec spdb-acsaction-type start-stopgroup tacacs+!aaa accounting commands 0 spdb-acsaction-type start-stopgroup tacacs+!aaa acc

56、ounting commands 1 spdb-acsaction-type start-stopgroup tacacs+!aaa accounting commands 2 spdb-acsaction-type start-stopgroup tacacs+!aaa accounting commands 3 spdb-acsaction-type start-stopgroup tacacs+!aaa accounting commands 4 spdb-acsaction-type start-stopgroup tacacs+aaa accounting commands 5 sp

57、db-acsaction-type start-stopgroup tacacs+aaa accounting commands 6 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 7 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 8 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 9 spdb-acs action-t

58、ype start-stop group tacacs+!aaa accounting commands 10 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 11 spdb-acs action-type start-stop group tacacs+aaa accounting commands 12 spdb-acsaction-type start-stopgroup tacacs+!aaa accounting commands 13 spdb-acs action-type start-s

59、top group tacacs+!aaa accounting commands 14 spdb-acs action-type start-stop group tacacs+!aaa accounting commands 15 spdb-acs action-type start-stop group tacacs+aaa session-id commonclock timezone BJT 8dot11 syslogip source-routeip cefno ip domain lookupno ipv6 cefmultilink bundle-name authenticat

60、edvoice-card 0archivelog confighidekeysinterface Loopback0 !interface FastEthernet0/0no ip addressduplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!interface FastEthernet0/3/0!interface FastEthernet0/3/1 !interface FastEthernet0/3/2interface FastEthernet0/3/3i

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論