终于可以松口气了
2009-11-06 22:11
363 查看
[align=center]终于可以松口气了[/align]
[align=left] 十月二十号接到通知,最近公司要做一个项目,是一个比较大的项目,我们公司是一个小公司,能接到这样一个大的项目老板是高兴万分,我们这些做技术的也希望一展身手了。[/align]
[align=left] 历时16天,终于可以松口气了。[/align]
[align=left] 公司的项目是这样的:天地源房地产有限公司搬到新建的盛唐大厦16楼全层,我们公司为其做网络,门禁,电话,广播系统。由于公司人手不多,每天就只有两个人做,我从一开始就在这个地方做其它的人都轮流着做。我的担子就重了,每天是出门身上都是厚厚的灰尘。闲话不多了,做过工程的人应该明白这种滋味了。[/align]
[align=left] 说正题[/align]
[align=left] 项目中此公司有网络节点60多个,共用一根4M的ADLS,每个领导办公室有一台无线AP ,根据用户的需求,我们采用的网络产品是H3C的,分别是一台H3C SecPath F100-S防火墙,一台H3C S5100-SI&EI系列以太网交换机做为核心交换机,三台24口H3C 1224R做为二接入层交换机,无线AP采用netgare。简单拓扑图如下。 [/align]
[align=left][/align]
[align=left] [/align]
[align=left] 三层交换机的配置及简单说明如下:[/align]
[align=left][H3C]disp cur
#
sysname H3C //交换机名称
#
radius scheme system
#
domain system
#
local-user admin //管理员帐号admin admin123 (web telnet)
password simple admin123
service-type telnet terminal
level 3
#
vlan 1
#
interface Vlan-interface1 //管理地址
ip address 192.168.1.2 255.255.255.0
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60 //网关地址
#
user-interface aux 0
authentication-mode scheme //console认证方式
user-interface vty 0 4
authentication-mode scheme //telnet认证方式
#
return
[H3C]
[H3C]disp save
#
sysname H3C
#
radius scheme system
#
domain system
#
local-user admin
password simple admin123
service-type telnet terminal
level 3
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.1.2 255.255.255.0
#LOCCFG. MUST NOT DELETE
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#TOPOLOGYCFG. MUST NOT DELETE
#GLBCFG. MUST NOT DELETE
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return
[H3C]
[H3C]sa
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
...
<H3C>sys
System View: return to User View with Ctrl+Z.
[/align]
[align=left] 防火墙配置如下:[/align]
[align=left][H3C]disp cur
#
sysname H3C //防火墙名称
#
firewall packet-filter enable
firewall packet-filter default permit //默认允许流量通过
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
dialer-rule 1 ip permit //定义拨号的感兴趣流量
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin //管理帐号admin admin123
password simple admin123
service-type telnet terminal
level 3
#
dhcp server ip-pool lanpool //dhcp地址池
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.166 202.96.134.133
#
acl number 2000 //定义内网流量
rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Dialer1 //定义虚拟拨号口
link-protocol ppp
ppp pap local-user 8837046@163.gd password simple BWGBTLTJ //定义上网的帐号密码。要更改时,在命令前加undo,然后再输入新的帐号
ip address ppp-negotiate //从拨号自动获得IP地址
dialer user 8837046@163.gd
dialer bundle 1 //绑定到拨号的感兴趣流量
nat outbound 2000 //定义内网NAT转换地址
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0 //内网ip地址
#
interface Ethernet0/1
pppoe-client dial-bundle-number 1 //定义拨号口
nat outbound 2000
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
dhcp server forbidden-ip 192.168.1.1 192.168.1.99 // 排除不要DHCP分配的地址
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 //定义默认路由
#
firewall defend ip-spoofing //定义防攻击列表
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con 0
authentication-mode scheme //定义console认证方式
user-interface aux 0
user-interface vty 0 4 //定义telnet认证方式
authentication-mode scheme
#
return
[H3C] disp save
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
dialer-rule 1 ip permit
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password simple admin123
service-type telnet terminal
level 3
#
dhcp server ip-pool lanpool
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.166 202.96.134.133
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Dialer1
link-protocol ppp
ppp pap local-user sz88317046@163.gd password simple BWGBTLTJ
ip address ppp-negotiate
dialer user sz88317046@163.gd
dialer bundle 1
nat outbound 2000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/1
pppoe-client dial-bundle-number 1
nat outbound 2000
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
dhcp server forbidden-ip 192.168.1.1 192.168.1.99
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
authentication-mode scheme
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[H3C]
[/align]
[align=left] [/align]
[align=left] 成果分享:[/align]
[align=left] (中途的时候,看起来有点乱)[/align]
[align=left] 这个时候看起来就好点了。[/align]
[align=left] [/align]
[align=left] (近看)[/align]
[align=left][/align]
[align=left] (远观)[/align]
[align=left] [/align]
[align=left] 期待技术人的指点。[/align]
[align=left] [/align]
[align=left] *本来有很多图片,但是有限制,太大传不上来。只选了其中几个做了一下才传上来。[/align]
[align=left] 完成之后此公司不满意,说网速慢,我是很郁闷,那么多人用4M的ADLS,你还想快到那里去啊?不说下载之类的。[/align]
[align=left] 总结:1做项目是很累的,但是也能学到很多东西。2,在引次项目中我们遇到了很多问题,总结一下是事先没有做一个详细的计划;3很多公司是不重示网络或者是信息技术的,比如说这个公司,是一个房地产公司,据我的了解实力很强,但是却不愿意在信息方面做功夫,这其实是很可悲的。[/align]
[align=left] [/align]
附件:http://down.51cto.com/data/2354468
[align=left] 十月二十号接到通知,最近公司要做一个项目,是一个比较大的项目,我们公司是一个小公司,能接到这样一个大的项目老板是高兴万分,我们这些做技术的也希望一展身手了。[/align]
[align=left] 历时16天,终于可以松口气了。[/align]
[align=left] 公司的项目是这样的:天地源房地产有限公司搬到新建的盛唐大厦16楼全层,我们公司为其做网络,门禁,电话,广播系统。由于公司人手不多,每天就只有两个人做,我从一开始就在这个地方做其它的人都轮流着做。我的担子就重了,每天是出门身上都是厚厚的灰尘。闲话不多了,做过工程的人应该明白这种滋味了。[/align]
[align=left] 说正题[/align]
[align=left] 项目中此公司有网络节点60多个,共用一根4M的ADLS,每个领导办公室有一台无线AP ,根据用户的需求,我们采用的网络产品是H3C的,分别是一台H3C SecPath F100-S防火墙,一台H3C S5100-SI&EI系列以太网交换机做为核心交换机,三台24口H3C 1224R做为二接入层交换机,无线AP采用netgare。简单拓扑图如下。 [/align]
[align=left][/align]
[align=left] [/align]
[align=left] 三层交换机的配置及简单说明如下:[/align]
[align=left][H3C]disp cur
#
sysname H3C //交换机名称
#
radius scheme system
#
domain system
#
local-user admin //管理员帐号admin admin123 (web telnet)
password simple admin123
service-type telnet terminal
level 3
#
vlan 1
#
interface Vlan-interface1 //管理地址
ip address 192.168.1.2 255.255.255.0
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60 //网关地址
#
user-interface aux 0
authentication-mode scheme //console认证方式
user-interface vty 0 4
authentication-mode scheme //telnet认证方式
#
return
[H3C]
[H3C]disp save
#
sysname H3C
#
radius scheme system
#
domain system
#
local-user admin
password simple admin123
service-type telnet terminal
level 3
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.1.2 255.255.255.0
#LOCCFG. MUST NOT DELETE
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
shutdown
#
interface GigabitEthernet1/0/26
shutdown
#
interface GigabitEthernet1/0/27
shutdown
#
interface GigabitEthernet1/0/28
shutdown
#TOPOLOGYCFG. MUST NOT DELETE
#GLBCFG. MUST NOT DELETE
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
#
return
[H3C]
[H3C]sa
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
...
<H3C>sys
System View: return to User View with Ctrl+Z.
[/align]
[align=left] 防火墙配置如下:[/align]
[align=left][H3C]disp cur
#
sysname H3C //防火墙名称
#
firewall packet-filter enable
firewall packet-filter default permit //默认允许流量通过
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
dialer-rule 1 ip permit //定义拨号的感兴趣流量
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin //管理帐号admin admin123
password simple admin123
service-type telnet terminal
level 3
#
dhcp server ip-pool lanpool //dhcp地址池
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.166 202.96.134.133
#
acl number 2000 //定义内网流量
rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Dialer1 //定义虚拟拨号口
link-protocol ppp
ppp pap local-user 8837046@163.gd password simple BWGBTLTJ //定义上网的帐号密码。要更改时,在命令前加undo,然后再输入新的帐号
ip address ppp-negotiate //从拨号自动获得IP地址
dialer user 8837046@163.gd
dialer bundle 1 //绑定到拨号的感兴趣流量
nat outbound 2000 //定义内网NAT转换地址
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0 //内网ip地址
#
interface Ethernet0/1
pppoe-client dial-bundle-number 1 //定义拨号口
nat outbound 2000
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
dhcp server forbidden-ip 192.168.1.1 192.168.1.99 // 排除不要DHCP分配的地址
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 //定义默认路由
#
firewall defend ip-spoofing //定义防攻击列表
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
#
user-interface con 0
authentication-mode scheme //定义console认证方式
user-interface aux 0
user-interface vty 0 4 //定义telnet认证方式
authentication-mode scheme
#
return
[H3C] disp save
#
sysname H3C
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
dialer-rule 1 ip permit
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password simple admin123
service-type telnet terminal
level 3
#
dhcp server ip-pool lanpool
network 192.168.1.0 mask 255.255.255.0
gateway-list 192.168.1.1
dns-list 202.96.128.166 202.96.134.133
#
acl number 2000
rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
async mode flow
#
interface Dialer1
link-protocol ppp
ppp pap local-user sz88317046@163.gd password simple BWGBTLTJ
ip address ppp-negotiate
dialer user sz88317046@163.gd
dialer bundle 1
nat outbound 2000
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/1
pppoe-client dial-bundle-number 1
nat outbound 2000
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/1
add interface Dialer1
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
dhcp server forbidden-ip 192.168.1.1 192.168.1.99
#
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
authentication-mode scheme
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[H3C]
[/align]
[align=left] [/align]
[align=left] 成果分享:[/align]
[align=left] (中途的时候,看起来有点乱)[/align]
[align=left] 这个时候看起来就好点了。[/align]
[align=left] [/align]
[align=left] (近看)[/align]
[align=left][/align]
[align=left] (远观)[/align]
[align=left] [/align]
[align=left] 期待技术人的指点。[/align]
[align=left] [/align]
[align=left] *本来有很多图片,但是有限制,太大传不上来。只选了其中几个做了一下才传上来。[/align]
[align=left] 完成之后此公司不满意,说网速慢,我是很郁闷,那么多人用4M的ADLS,你还想快到那里去啊?不说下载之类的。[/align]
[align=left] 总结:1做项目是很累的,但是也能学到很多东西。2,在引次项目中我们遇到了很多问题,总结一下是事先没有做一个详细的计划;3很多公司是不重示网络或者是信息技术的,比如说这个公司,是一个房地产公司,据我的了解实力很强,但是却不愿意在信息方面做功夫,这其实是很可悲的。[/align]
[align=left] [/align]
附件:http://down.51cto.com/data/2354468
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- RH131考试题 (终于可以松口气了)
- 终于可以松口气了~~~
- 终于可以松口气了~~~
- ios 终于可以在html5的video控件中自动播放了
- 终于解决了一个动画的问题:setFillAfter(true)后不可以隐藏
- RaceWeb终于可以在oracle中快速建表了
- 终于又可以上网啦!
- 这个,终于可以写博客了
- flash player 10 终于可以写文件了
- 父母终于可以放心啦 安全上学 智慧校园电子班牌系统方案
- 周末终于可以休息了
- 终于可以使用BLOG了
- 全志A20 android4.4双屏异显 双屏同显终于可以了
- Chrome 4.0发布,终于可以用扩展了
- 今天电信宽代终于装上光纤了,升级或安装光纤需购光猫,可以自购。我来扫盲一下
- cnweb20的pic版终于可以上新的beta了
- 结束辛苦的9月,终于可以好好地休整一下了,期望未来更精彩。
- 终于可以了吧
- 审计厅的项目终于可以告一段落了
- int,float等基础类型终于可以赋为null了