銀行網(wǎng)絡(luò)應(yīng)急策劃方案

1、銀行網(wǎng)絡(luò)應(yīng)急方案XX股份有限公司網(wǎng)絡(luò)與安全服務(wù)部2012年2月目錄TOC o 1-3 HYPERLINK N:整理后一、銀行網(wǎng)絡(luò)結(jié)構(gòu)拓?fù)?PEE _Tc3166 h 3HYPERLINK N:整理后l二、骨干網(wǎng)通信故障 PAREF oc316893997h 3HYPERLINK N:整理后l1.故障處理人員 PAEREF _Tc1683998 HYPRLINl _Toc893999 2.電信、聯(lián)通網(wǎng)絡(luò)通信故障 PAGER _Tc3683999 h 3 YPELIN l To31694003.通信故障恢復(fù) PGEREF_To368900 h 3HYPERLINK N:整理后4.到總行路由器故障

2、PAEREF 68941 h HYPERLINK l _Toc3684002 路由器故障處理PAEF _To84002 h 4 HYPRLIN l_To38940 三、核心交換機(jī)故障應(yīng)急 PAGER _T31689400 h 5 HYPERLNKl _Tc31689404 1.一臺(tái)506交換機(jī)故障應(yīng)急P(pán)AGEREF_c169404 5 YPERLINK l _c3689405 2.當(dāng)核心交換同時(shí)癱瘓?jiān)?分鐘內(nèi)保證業(yè)務(wù)正常運(yùn)作 PAGERE _oc16894005 h 7HYPERLINK N:整理后l四、第三方外聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急 PAGEREF _Toc31680h 19HYPERLINK N:整

3、理后 l To31694071第三方業(yè)務(wù)銀聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急 PGEREF _Tc31684007 h 19HYPERLINK N:整理后l2其它第三方業(yè)務(wù)區(qū)網(wǎng)絡(luò)應(yīng)急AGE_Toc369400 h 4HYPERLINK N:整理后l五、聯(lián)系方式:AGER _Toc168900 6銀行網(wǎng)絡(luò)結(jié)構(gòu)拓?fù)涔歉删W(wǎng)通信故障故障處理人員 參與人:XX、XX、電信、聯(lián)通網(wǎng)絡(luò)通信故障依照到總行的兩臺(tái)cisc 706路由器的日志以及實(shí)際登陸設(shè)備使用s AM/0. 、ping對(duì)端地址、sho ip rout、sh og，查看上述相關(guān)設(shè)備和線(xiàn)路是否有反復(fù)重起、誤碼率高、異常路由、錯(cuò)誤連接等情況即可確認(rèn)故障。通信故障恢復(fù)恢復(fù)步

4、驟:1)重啟故障新路相連路由器,看是否能夠自動(dòng)恢復(fù)2) 斷電重起無(wú)法解決故障的，停止使用故障設(shè)備和線(xiàn)路，防止其阻礙網(wǎng)絡(luò)其他部分。3） 如系線(xiàn)路故障通知各有關(guān)方面(逐項(xiàng)對(duì)比處理):如為中國(guó)電信線(xiàn)路故障，向310000 報(bào)修,并通知分行辦公室相關(guān)人員。 如為中國(guó)聯(lián)通線(xiàn)路故障,向XXX 報(bào)修，并通知分行辦公室相關(guān)人員。到總行路由器故障查看日志,檢查設(shè)備故障前的異常日志信息;登陸路由器使用ho lg,sh bie , cescu h ,hwipoute , pig對(duì)端地址等命令來(lái)確認(rèn)故障。路由器故障處理一旦發(fā)覺(jué)到總行7206路由器故障可按以下步驟來(lái)處理：聯(lián)系XX公司,并啟動(dòng)原廠商保修服務(wù)備件更換程序。

5、因?yàn)閮膳_(tái)720路由器是互為備份的,一臺(tái)發(fā)生故障不阻礙實(shí)際業(yè)務(wù)，不調(diào)用庫(kù)房備件和集成商備件更換,等待原廠商備件到達(dá)。 關(guān)于能夠在線(xiàn)插拔的接口模塊、有sadby 的引擎和電源,優(yōu)先使用在線(xiàn)更換方式。在線(xiàn)更換的具體操作流程如下：a) 用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Cnsoe 上,啟動(dòng)onl監(jiān)控和記錄;) 預(yù)備好存檔的系統(tǒng)配置，備用。如有可能,同時(shí)保存當(dāng)前系統(tǒng)配置；c)對(duì)故障模塊上連接的線(xiàn)纜做好標(biāo)記,小心拔下;d) 做好安全接地,拔下故障模塊;e）檢查設(shè)備和模塊狀態(tài)，確認(rèn)是否阻礙整個(gè)設(shè)備或其他模塊正常運(yùn)行,stady模塊是否正常接管；f)做好安全接地,插上更換的備件模塊;g) 檢查設(shè)備和模塊狀態(tài)，確認(rèn)是

6、否能夠正常識(shí)不新模塊,是否阻礙其他模塊運(yùn)行；h） 按原樣插上線(xiàn)纜；i)檢查線(xiàn)纜連接狀態(tài)正常；j) 確認(rèn)備件更換成功。l 關(guān)于機(jī)箱、不能在線(xiàn)插拔的接口模塊、或者沒(méi)有sanb 的引擎和電源，采納下電更換方式。下電更換的具體操作流程如下：) 預(yù)備好存檔的系統(tǒng)配置,備用。如有可能,同時(shí)保存當(dāng)前系統(tǒng)配置;b)預(yù)備好原先使用的系統(tǒng)軟件,備用;c)故障設(shè)備下電；d) 對(duì)需要拔除的線(xiàn)纜做好標(biāo)記,小心拔下。假如機(jī)箱或引擎更換,需拔除所有連接線(xiàn)纜;e)更換備件；f)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Cnsoe 上，啟動(dòng)onsole監(jiān)控和記錄；g) 設(shè)備上電；h) 檢查系統(tǒng)自檢情況，確認(rèn)無(wú)硬件故障;i) 安裝系統(tǒng)軟件;j

7、)恢復(fù)系統(tǒng)配置；) 冷啟動(dòng),確認(rèn)軟硬件正常工作; l) 按原樣插上其他線(xiàn)纜;m）檢查線(xiàn)纜連接狀態(tài)正常;)確認(rèn)備件更換成功。核心交換機(jī)故障應(yīng)急一臺(tái)456交換機(jī)故障應(yīng)急查看日志,檢查設(shè)備故障前的異常日志信息；登陸交換機(jī)使用sho lo,show pit brie ，ces cpuhi , show ip rout， ing對(duì)端地址,sho vn brie， sow vtp stat ， show prcs me, show modl , show dig ,show eirp ne， shw cd nei等一系列命令來(lái)查找、確認(rèn)故障。因?yàn)閮膳_(tái)4506核心交換機(jī)完全是熱備的雙機(jī),因此一臺(tái)發(fā)生故障并不

8、阻礙業(yè)務(wù)運(yùn)行。關(guān)于配置問(wèn)題要制定正確的更改配置腳本，備份當(dāng)前配置以后實(shí)施更改；關(guān)于線(xiàn)路問(wèn)題的要制作新網(wǎng)線(xiàn),替換故障的網(wǎng)線(xiàn);關(guān)于硬件問(wèn)題要練習(xí)X公司,申請(qǐng)硬件故障維修。關(guān)于能夠在線(xiàn)插拔的接口模塊、有sadby 的引擎和電源，優(yōu)先使用在線(xiàn)更換方式。在線(xiàn)更換的具體操作流程如下:a) 用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Cosole 上,啟動(dòng)Cnsole 監(jiān)控和記錄；b） 預(yù)備好存檔的系統(tǒng)配置，備用。如有可能，同時(shí)保存當(dāng)前系統(tǒng)配置；) 對(duì)故障模塊上連接的線(xiàn)纜做好標(biāo)記，小心拔下；d)做好安全接地，拔下故障模塊;e) 檢查設(shè)備和模塊狀態(tài)，確認(rèn)是否阻礙整個(gè)設(shè)備或其他模塊正常運(yùn)行，sandby 模塊是否正常接管；f)

9、 做好安全接地,插上更換的備件模塊；g) 檢查設(shè)備和模塊狀態(tài)，確認(rèn)是否能夠正常識(shí)不新模塊,是否阻礙其他模塊運(yùn)行；h) 按原樣插上線(xiàn)纜;i） 檢查線(xiàn)纜連接狀態(tài)正常；) 確認(rèn)備件更換成功。 關(guān)于機(jī)箱、不能在線(xiàn)插拔的接口模塊、或者沒(méi)有stadby 的引擎和電源，采納下電更換方式。下電更換的具體操作流程如下:a） 預(yù)備好存檔的系統(tǒng)配置,備用。如有可能，同時(shí)保存當(dāng)前系統(tǒng)配置;) 預(yù)備好原先使用的系統(tǒng)軟件,備用；c）故障設(shè)備下電;d）對(duì)需要拔除的線(xiàn)纜做好標(biāo)記，小心拔下。假如機(jī)箱或引擎更換,需拔除所有連接線(xiàn)纜;e) 更換備件；f)用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的Consl 上,啟動(dòng)Consle監(jiān)控和記錄；)設(shè)備

10、上電;) 檢查系統(tǒng)自檢情況,確認(rèn)無(wú)硬件故障;)安裝系統(tǒng)軟件;j)恢復(fù)系統(tǒng)配置；k) 冷啟動(dòng),確認(rèn)軟硬件正常工作;l） 關(guān)于交換機(jī)要將VP設(shè)置為Client模式,首先連接上行線(xiàn)纜，確認(rèn)V 復(fù)制正確；m) 按原樣插上其他線(xiàn)纜;n) 檢查線(xiàn)纜連接狀態(tài)正常；o） 確認(rèn)備件更換成功。當(dāng)核心交換同時(shí)癱瘓?jiān)?0分鐘內(nèi)保證業(yè)務(wù)正常運(yùn)作現(xiàn)有2臺(tái)備用的ciso355,在兩臺(tái)核心ciso506同事癱瘓后,將其作為核心交換來(lái)保證業(yè)務(wù)的正常運(yùn)作，同時(shí)保持原有的網(wǎng)絡(luò)拓?fù)浼熬W(wǎng)絡(luò)核心的安全策略和qos。350核心交換配置定義設(shè)備命名hotnme poction設(shè)備軟件版本使用支持動(dòng)態(tài)路由協(xié)議的IOS：c3550-i5k2l2

11、q3-z.121-13.A1a.bnan定義1 efault tive Fa01， Fa02， Fa0/3， F0/6 a0/7, F038, Fa0/39, a0/40 Fa/, Fa04,Fa/43, a0/44 Fa0/4, a46，a047, a0/2 vlan0002 atv Fa10, F/2, Fa/25， F0/4 Gi0/1, Gi/3 vn0003 acte Fa/5， 08,Fa0/1, Fa0/12 Fa0/7,F0/1， a020, Fa0/2 a/28， F0/2,a030, F0324 vln004 ctive Fa/3, Fa/8， a/25 vlan005 a

12、tive a/76 van000 tive 10 vlan0010 atve Fa0/,a0/6，01420van0020 cie 30 n30 ativ 40 vlan40 active 50 VAN00 acve 60 VLAN006 acve 6 lan03 ctive 128 vlan018 ative 0/3， F， F06,Fa/1 Fa0/3315 van195 cie a0/16, Fa0/316 vlan1 atve 5 VLAN025 cte a09,Fa/1Ip地址分配及srpterfc Va1 npaddres no redrec shutdown stay 0pror

13、ity 100 sa 10preempt!interface Vlan2 i address 10.0191.2 p acces-op 101 in n p diects sanby 20 p 10.2.191.1 tndby0piity 1 tanby 20 preemt! iterface Vlan3 i dess 10.20.189. 55.255.i acs-gru 101 in no i redrects standby ip0.20.189. tadby 0 prry 50 stndby 30 preemt！nterface Vlan4 ip ddress 10.01876 55.

14、25.25.192 o ipreirect stnb 40 p 10.2187.65 andb 0priority50tandby 40rept!ierace Vlan addess 1.20.182255.255.25519reiect adby 50 ip 0.20.1871 stndby50 pririty 150 sady 50 preempt!interface Van6no ip res n ip redircts shutwnanb0 ip 1.2018.3standby 6 prority 150 stanb 60 preempt！nterfae la1 ip ddrss 10

15、.202255.55255. p ce-gop 103 in no ieirecs standb10 p staby 100 mer 5 15ady 100priity 200stadby 10 preemt stanby 00 acVla1 0！intrfac lan2no p addre noip redirects sandb 10 timer 15standby10 pirty 150 stab 0 preemp stadby 110tra Vlan0 5!intefce ln30no p addres ip acess-rou 1 in no p eiectssutdwnsandy

16、10 i 10.2.8.100 andby12 tims 5tanb 120 priorty 200standby 10 prempt standby 12 trak Van30 5!interfae lan0o ip addess iccsgrp101 i n i drect stownsadby 0 i 2097.10 stady 10 imers 15 tandby130prity 15 standby 10 reempt stndb10 rck an40 5!nterace Vln0 ip ades0.20.12 25.25.255.0 ipeperaddres 1020.10no i

17、p redrects standb 150 ip 10.11 tandb 150 timrs 5 sadby50 rioriy 5tdy 150 preempt sadby 150 rlan150!iterfaceVlan6 oip ars o rediets！intefceVlan128 ipdress 10.2024 255255250 ip acss-grop 101 ino ip reets standy0 p 10.20.12.8 stndb 160 timers 5 standby 16 rioy 150 standb 160 preempt tandb 60 trak Va12

18、5！trfce Vlan50 nip adress shuton！intrace Vlan195ip adres 10.20. 55.55.2no i redirecs tandby19 p 10.01951stanb 195 priority 150 standb15preempt!intefcVlan196 no ddrso ip rirecs sutdontnby 9 p1.0.196.1 sndy 196pririty 100 stanby196 preempt!ntrfaceVlan255 ip addrss 10.2025.2 25.255250 n ediretssand 255

19、 ip 100.5. standb 25 rioriy 200 stnb 55 pree路由策略router eigrp 20rediibute static twork 1.20.000.0.255.55 no auto-umm nrplog-neighor-chanesi rute 0.00.0.0.00.20.91.ipte10.291255.255.2555102.191.18p oue 09.111 255.25.55.25 1009.18ip rou10.20.14.0 255.25.255.0 1.20.191.8i out10.20.18.0 10.20.91.8ip roue

20、 10.186.245 255.255.255.5 0.2.11.18p route 10.213 5525.5555 1.255.1ip roue102020.25.25.255255 10.20.25516prte120210.5 25.255.5.25510.20.255.7iprot10.020.11 51020.91.1i roue 10.0.12 255255.25.25 10.20.918ip rout 1020210.13255.2.255.25 10.20.1118p oue 20.21.42.25255.25 0.20.191inerfae Vn ip addes120.1

21、1.2 255255.55.0iaccess-gro 101 inierface Vln ipdress10.2189 55.552550 ip css-group101 ininterface Vl30 no ipaddess ip accesgrup101 itefa Vlan40 no ip dr iacess-goup 0 inintefce la18 ip adress 10.20.18.425.55.25.0 ip access-grou 101inaccess-ls 01 permitiphost 40os 10.2.186.246cces-ist101permii ht00.0

22、4 host 0.20.18645ccess-lis 101dey i 12168.0.0 00.255.55 10.0.18.0 0255.6325access-list 01 dny ip 192.6.0 0.0.2.5 71600 .0.2525acess-it 01 deny i 12.16.0.0 .0255.25 10.19.00.255.63255access-lit 10 dn i 10.0.0 0.25563.255 10.128.0.563.255ccess-lis 101 dny ip 0.0.0. 0.255.3.55 7216.0.0 55ae-lt 101 eny

23、ip .0.0 055.635 .0. 0.25.63255accslt 11prmit ip anyanytefacVn0 p addres1020.0.2 255.255.2550 ipccess-group13 inacess-list 103 permit ip hst 10.2.0.45 o 1.20.84.10ccess-it 03prmitip hot 1000240hos 1020.110ass-lst103 permtip st 102040ost 1.0.18624accsslist 103 permt ip ot 40 host100.186245aces-lis 03

24、per iphs100.24 hot100.4.18ace-s ermt p host0.20.240 host 10.20.1418cs-lst 103 permit host 10.20.245 host .20184.2aesli 10 pemit ip st 020.0.20 hst 1020.14.5access-lis103permit iost 0.20.0.1st10.20.420accessls10 prmt ip 1.20.00 .0.55hot 10.2.14.3acces-li 1 pemit p 1.200 .0.25 ost 10.2.184accss-ls 10

25、peri .20.0.055 hos 10.20.8.7access-list 10perit p .0.0 00.25 hst0.201430acces-lst 103 prmi p 10.200.0.0.55 ost 10.20.1413cces-t 103peri ip 0.20.00 0.255 o10.20.18.ccs-lis 13 prmiip02.0 .0.0.255 ost 10.201816aces-st 0 permi ip1020.0025 hst 0.04.0acces-list103 permiip 020.0 0.0.0.5 host 102.181accss-l

26、is 103 ri i0.2.3.0 00.5 host0.0.184.acs-list 10 pem i 10.2000 0.0.255 ot 0.17acces-s 103permt ip hos 10.0.5hs0.20.84.19acess-lst 103ermit ihost 10.0.0.4host.218419acceslt 13eny i 921.0. .0.25255 1.0.128.00.25.3.5cces-is 3 dny i19.68.00 .02.25512.16.0. 0.255255aes-li 103dny i 19.1.00 0.055.5510.0.0 0

27、.25563.accss-lis103 ny ip 1.0. .25.63.255 55acces-l 0 n ip .255.255 172.00.25525ces-ist 03 den ip 10.0.00.25563255 1.192.0 0.5.6.255cesslist13ert ip ny aQos作為核心交換機(jī)無(wú)需在此配置qos安全策略aan-odlaa athcationlginspdb-csrou ac+enableaa accuting xe spdb-acs start-top group taa+aaa acounting comman 0 spd-acs start-

28、stogou tacas+mand 1 spdb-acs tart-top taa+aa accontin commands2 spdbas sart-to oup tca aounting cmand 3 sdbacs sartstop gro acaaa cutig commnd spdcs statstop grouptaacs+aaa acconing commnds 5 pdacstrt-stp grotacacs+aaa ccounting comands 6 spb-asstart-top group taaaa acntn commnd7 sdacsrt-sp roup tac

29、acsaa cotgcomands 8 pdbacstrt-stpgroup cacs+aa cconing omands pb-acs startso gop tacac+aa ntin cmmands 10 spdb-as strttop gruptacacsaa accnting ommand 11 spb-acstar-stp ou taca+aa unig cmmads 1 spdb-ac start-stp ro aacsaa acconting commands13spd-acs sat-top gro tacacsaaa acounting comnd 14 spdbacs s

30、tart-stopgoup acacs+aaa accouting cond 1 spdbacs rt-stp grup accs+ip tcs surce-inerface ock0tacac-serve hot 0.10.64.5tacs-serverhst 10.1004.4tacaceverkeysy8gng trap bgginglogin source-ierfa oobak0oggin 1.20.9.2loggig10.100.465line vy 0 4 e-timeout 0 ccounting comands 0 spdb-acsaountgmd 1spd-ac mads

31、2 pd-cs acutng commands3 spd-acs acunti cmnds sp-acs accounting cmmands sdb-cs accountin comans d-acs accounting omads7 sdb-acs acouning commands8sd-acs mands spdb-ac accounting cmmands 0spd-acs accountn commads 11 pb-acscontingconds 12 spasaccountig comman 13 spb-acs cntincommands 14 spdbacsccouti

32、commands 5 spd-acs cuntingxecspd-cs ogin autenticatin spd-acs網(wǎng)管配置acess-list 10 emit10.648access-lst 10 permit 0.100.646acess-s10rmt 10.10.466accesslis 10 pei 10.10.64.6accels10rm10.0.6.65snp-ver cmnity ublic Osnmp-seer comnit rea RO 10snmp-serr trpsouce Loopbak0snmp-see ena tas smp athetiction amsta

33、rsnmp-erver eble trap confisnmp-server able traps entitynmp-ser nbl rs rtrnmserer enable tras vpsnp-sver hst10.2.19.24 puc nm-evehst 0.10.64.5 rd其他配置serve timestamps debug dateime locame show-tiezonesrvice tiesamp log daetime localie shw-mezonsrvi psswordencrypionnoidomn-lookupief load-saringalorith

34、m oginalclock timezneBJTntp soure Loopacktp erve10.10064.70onitor sssion 1 ource van 1, 1,192rxmonitor sson 1 desination interfae Fa/5網(wǎng)絡(luò)實(shí)施前期預(yù)備一、8條交叉線(xiàn)（條做tnk，6條連向樓層交換機(jī)）二、將樓層交換機(jī)的fa4和48口空出來(lái)，并做好相應(yīng)的配置實(shí)施步驟第一步：兩臺(tái)3550上架并加電啟用（可能分鐘）第二步:將連接h小機(jī)的光纖接口連到3550上（可能1分鐘） csco4506主的gigbit/1對(duì)應(yīng)550主的ggabit/1 cisco406主的ggabt

35、2/2對(duì)應(yīng)3550主的gigabit0/2 cisco450備的gigi1/1對(duì)應(yīng)355主的gigi0/ cic4506備的gigait/2對(duì)應(yīng)350主的igbit0/2第三步:將現(xiàn)成的交叉線(xiàn)在550主備之間互連做eer-canne(可能1分鐘） 50主的f0/7對(duì)應(yīng)350備的fa/47 350主的fa0/4對(duì)應(yīng)3550備的fa04第四步：將連在ico06上所有的電口都挪向35上(可能分鐘) csc4506主的a2/對(duì)應(yīng)55主的a03 csco40主的fa2/4對(duì)應(yīng)50主的fa/ 以此類(lèi)推 io46主的fa2/3對(duì)應(yīng)350主的fa34 ciso56備的a2/對(duì)應(yīng)355備的a0 isc4備的f對(duì)

36、應(yīng)3550備的a4 以此類(lèi)推 cc4506備的fa2/34對(duì)應(yīng)350備的fa034第五步：臺(tái)樓層交換機(jī)與55之間的互連（可能3分鐘） 550主的fa/4對(duì)應(yīng)255.5的fa/47 550主的fa0/4對(duì)應(yīng)25516的f0/7 550主的fa0/45對(duì)應(yīng)2517的/47 3550備的a/41對(duì)應(yīng)255.15的f048 550備的fa0/3對(duì)應(yīng)255.6的fa0/48 3550備的a0/45對(duì)應(yīng)255.1的fa0/48第三方外聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急第三方業(yè)務(wù)銀聯(lián)區(qū)網(wǎng)絡(luò)應(yīng)急線(xiàn)路故障：發(fā)生故障時(shí)，登陸ASA防火墻、交換機(jī)、路由器通過(guò)hwog ， so p it bi , show inrfce， ing， sh

37、owipu， show roe等命令來(lái)確認(rèn)相關(guān)接口在故障發(fā)生前和發(fā)生時(shí)的狀態(tài)，找出問(wèn)題線(xiàn)路。假如是內(nèi)部網(wǎng)絡(luò)線(xiàn)路，在線(xiàn)更換的具體操作流程如下：) 用筆記本電腦連接在網(wǎng)絡(luò)設(shè)備的nsol上,啟動(dòng)Consol 監(jiān)控和記錄;b） 預(yù)備好存檔的系統(tǒng)配置，備用。如有可能，同時(shí)保存當(dāng)前系統(tǒng)配置；) 對(duì)故障模塊上連接的線(xiàn)纜做好標(biāo)記,小心拔下；d)做好安全接地,插上更換的新網(wǎng)線(xiàn) e) 檢查線(xiàn)纜連接狀態(tài)正常；f) 確認(rèn)線(xiàn)纜更換成功。假如是外部線(xiàn)纜，則確認(rèn)故障后，由XX打保修電話(huà),聯(lián)系聯(lián)通、移動(dòng)公司人員前來(lái)維修。設(shè)備故障：由于銀聯(lián)區(qū)所有的設(shè)備差不多上雙機(jī)熱備,因此一臺(tái)發(fā)生故障并不阻礙業(yè)務(wù)運(yùn)行。關(guān)于配置問(wèn)題要制定正確的

38、更改配置腳本,備份當(dāng)前配置以后實(shí)施更改；關(guān)于硬件問(wèn)題要練習(xí)XX公司,申請(qǐng)硬件故障維修。兩臺(tái)設(shè)備故障：使用1臺(tái)ASA 5540防火墻備份ASA防火墻的配置、使用1臺(tái)cico 184路由器備份連接銀聯(lián)方路由器的配置,任意1臺(tái)交換機(jī)無(wú)需配置用來(lái)備份銀聯(lián)區(qū)交換機(jī)。防火墻配置：spdbsyasa# sh r: Sav:ASA Vrsio 8.2(1）！hostame spdbsyaseable asword KQnbNId.2OU encyptedpswd2KFnbNdI.KYOU enyptdnmes!interfce iabitthernt0/0 pee 100dupleful nmi otside

39、 ecurit-level 0 ip adre 10.20184. 55.55.25.!inrfce gabtEthern0/ nameif ins securtevel 100i address 102.18618 5.255.25 !ntea GiabiEhenet/ naeif dz securitleve50 adres 10.20188. 255255.255.0 ！intfae gbEthee0/3 escriptin LN Failver Inteface！inerfaceMnagent0/0 shutw noeifno seurit-lvl noipaddre!tp moe p

40、asivacs-list IP_PA extnded prmt ipost 10.20.19151 os 10.20.84.5 aces-listIPAT xendedermit ip ot 10.20191.2 host 10.20.18.25 ccess-ist IPPAT extedd permit p host1020.91.53 hot 10.20.182 cceslit PP_PAexen permt iphos 1020191.51 host 0.0.18428 acess-list PPPAT extendd permiti host1.20.1915 s 10.2.184.2

41、8acceslst IPAT xtenedrmit ip host 10.0.191.53 hst 10.20.142 access-lst OUTSIDE_ etenedpermit cmp ay anyacesslistUTIDE_IN extnded pert tc hot 9234.9.2 hst 1.20.18.8 eq 2148 ccessi OUTIDEINetended ermit tphst 9.2.9 e 21428 hst 10.2.184.8ccss-lst OUTSDEINetended permitcp st 9.239.21 host 1020.184.8 eq

42、23428cce-t OUTSIDE_IN extended permit tp host1 eq 328 host 10.0.188 ccess-itOUTSID_IN exedd mit tc ost 9.234.23 hst 120.84.8 eq 248 cess-listUTSD_ end permi t st9234.3 eq 1428 hos 00.148 aes-lst UTSIDEIN extedermit tcp ost .23.9.23 t 10.084.8 e 428 acs-list OTSI_N extned peri tc host eq 23428 ho 102

43、0.848 acces-lstOUSIDIN extendd pemittcphost 31 eq 606os 102018.22 css-list OID_IN etnded permit up 5.25.255.001.64.64 255.255.255248 enmpta ccs-t OTSIDE_I etendd permup10.0.2100 25.5.255.0 10.00.64.4 255.5.255.248 esylg accslst OUTSDE_ extededpermi u 0.2.21.0 255.255.5.0host 1.10.54 eqradusaccess-li

44、s OUTSIDE_IN exende permi ud 02.210.0 22.55.0ost 0.00.644 q rdiuscct ass-list OUID_IN extnde perit udp 10.21. .55.55.0 hot10.10.4.54 eq 1812acces-list OTSIDE_IN eteedpermitu10.0.2.0 255.2525.0 hos.00.6.54eq 113 acceslst OIDE_IN xtndeermtt1.20.210.025.55.25.0 s 1.106.5eq tacs acss-listTIDEIN extnd pe

45、rmit ud 0.210. .25.25.0 host10.10.64.57 e aiusacss-ist OUTSE_N xtended rmit dp 00.210.0255.5.25.0ot 10100.64.57 eq adiu-at acces-lit OUTSIDE_IN extendpemiudp 00.10. 55.255255ost 10100645 eq 1812aes-list OTSENextndedpmitudp 10.20.10.0255.25525.0 ost 0.10.64.5 eq181 access-lst OUTSIE_I exended permitp

46、00.20 55255.5.0 hos 0.1004.57 q tacsaces-lis SIE_I eendd prit udp10.2.20.0 255.25.55. hot 10.1064.0 acesslstOSDE_IN exteneperit tc 10.2.210. hst 10.0.6.70 acces-listINSIDEOUT xended permiticm any an accs-li NSDEOUT xtended permit tp ost 10.201911 os 10.2018425e 2128 ccess-list INSD_OUT extede erittc

47、p host 0.0.91.51eq 2128 host 1.20.184.5 ass-lisINSIE_OU extended permit ot 0.0.11.5 host 1.20.184.2eq 23428 accss-li ISID_OUT extendrmttcp os 10.20.915 e 328hos 10.2.1842 accslst INSIE_OUTextended emit tcp ho 10.20.5 hst0.2.184.2 eq21428 ccs-lt IND_OUT extendedprmi cphost 1.0.1.5 eq 21428 host 0.014

48、.28 access-isIDEOUetenedperttcp t .019151 hot 10.018.28 e 23428 accslitINSIDE_OU etd prmi p host10.21. eq 2342host10.20.184. accssls ISIDEOUTxenedpemi tp ho 102.191.52 hos 102.184.5 q 1428 sslis NSIDE_OUTxtned pei tcp host1.20.1.5 q 21428host 10.20.182 access-NSIDOUT exended prmt p ho 10.2.191.52 hs

49、t0.20.18. e238 accslit INSDE_OU extend pemi tcp host10.20.152 eq 2328 host 10.0.18425 ccsistNIE_OUT exedd pmt p hot100.191.52 host20.1428 eq21428 acesist NSI_OUT tendptp host1.20.19.52eq218hst 10.20184.28 acss-listS_OUxtended pem chos10.01952hst 10.0.184.2 eq248 aces-lst ISIU xtended permittcp ot 0.

50、9152 q 2342 ost acces-list INSIDEUT exended itp st 10.20.91.53ost 0.84. q142 acces-list INSIDE_OUexended peit cp os 10.20.13 2148 host 0.2.14. acs-lt NSDEOU xtended permi cp hot10.2019.53 hst 1020.85 eq 2328 accss-ist INS_OU xended ermit tc st10.953 eq23428 os 120.18.25 acceslistINSIEOUT tendd permi

51、tc ho 10201.3 hote142 access-lit INDE_UTextendeerittp hos 10.0.91.eq 21 ot10.8.28 acces-list NSIDE_OUT eenedrmit tpost hot0.20184.28 q 2348 ccess-lit NSIDE_OTexendeperit tphot 10.0.9.5eq 3428 host00.184.28accss-stINIDE_T xeded pemi cpost 10.2.18624 hst 1020.184.2 q 660 acces-list IIE_ xtnderit ip 10

52、064.4 55.255255248 any accesslstISIEOUT etene ermit i st 0104.5 an cess-list INSDE_OT exened rmit ip ot10100.64.57 ny ac-st INSIDE_OU etdprmit udphost 1.1.470 aeq ntp ass-ist INSIE_OUT exteded per uphot .100.64.52ny eq tp pae ines 24t ouside 500mtu iside 150mtudmz 100falovefailoverlan uniprimaryfilo

53、e a inerfac filoveranGgabtthrn0/3falover ollime uitmsc 500holdtime 5fiover interace p failoerlan1.1.3 2525.55.0 tadb 192.16.0im unechblerate-limi 1 burst-sizno asdm stoy enbear tieout 140la （otide) .184.8at (isi) acess-lit IPATtatic (insi,utsde) tp 21428 10.20.193 218 ntmsk 255.255.255.55satc (isie，

54、outd)tc10.0.184.8 38 10.2.11.3 238 netmak 252.55.25 sttic（insie,outsie) c10.2184.8 tene ent etmsk25.2.255.5 static （utsid,nsid) 10014.25 9.234.21netsk 25.25525.25 static（outside,inid) 10.20184.8 nemask255.25.25.255satic （inside,outsid) 0.2.1822 1.186.245netmak55tat (ousie,inse)0.20184.12 2.01.131 ne

55、tmask255.255.25.255static (inside，ouse） 10.100.470 10.00.6.70 netmak 255.255255.255 sta （inside，outsde） 000.64.5 1.100.64.52 nemsk 25.25.255.55satic (inside,oud) 10.104.65 10.1064.6 netmask 255.25.55.25 static (ise,outsie) 10.00.64.6606.66 netma 55.25.255.2 tati （insid，outside) 10.1.6.67 1000.6 netm

56、s 55.255255.25 t （inside，outside)0100.64.8 0.10.64.68 ntmk 255.255.5555 sttic（inse,otside) 1.00.646 1010669 netak55.5.25.5statc (inse,ouside） 0.100645410.0.64. netmsk 255.255.2.255 stti （inside,outside) 110.64.7 10.64.7ntmsk 5.25.255.55 access-rp OUTSIDE_IN erface osideaccess-groupINIDE_OUT nterface

57、 insieote outside9.23.9.21 255.255.25.255 .20.4.1 1routeosid 9.24.9.3 25.255.25.2 10.20.84.5 rute inde 10.20.0 2 10.2.16.0 1rout outside 020.2100 5.2.255.0 1.20.184.15 ute insde 10.00.6.425525.255.48 .2.6.0 1oe tsi 3 55.255.255 10.284.15 1imeotxt 3:0:00ieout conn :0:0 hlf-cloed 0:10:00 udp 0:02:0 ic

58、mp 0：0:02tieut sunrpc 0:00 h32 0:05:00 h225:00：0mgcp 0:5: mgcp-at 0：0:0mot sip 0:30:0 sip_meia 0:02:00 i-nvte 0:03:00sp-ioect:02:0timeoutsi-provialeia :02:00 auh:05:00 absoutetmeou tcp-oy-eembly:01:00ynmc-acces-policy-recordDltAccessPicya-sever AACS+ prtocol acas+aaa-ver RIUS rotol radiusa-severpd-s

59、 protool acas+aaa-server spdbas （ind) s 10100.64.57ky 9yasvrspb-ac (inside) host10.00.644 key99aa ahation shconoesdb-as snmp-sever ot insid 5 cmunit rednmp-serer hst inide 1.10064.66 cmmunity eadnpverhost inside 10.10064.67 poll commuity asp-serve ho inside 1.0.64.68 pll ounty radnm-server os insid

60、10.100.649 pll ommni eadno snm-ser loatonno snmpservrotsnpseve comnity *smp-serve enable trapsnmp authenticionlinupikdown coldtatsn-serer nabletrps sslogc se ecurity-asociation lftm second 2880roipsec securit-ascition lifete kilbs4608000tlnt 10.20.18. 255.255.50 insetelet 10.01.0 25.255.55.0inideele