2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊_第1頁
2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊_第2頁
2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊_第3頁
2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊_第4頁
2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊_第5頁
已閱讀5頁,還剩78頁未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

鄂爾多斯電信2023年城域網(wǎng)優(yōu)化建設(shè)工程維護(hù)手冊向心力技術(shù)股份版權(quán)所有侵權(quán)必究擬制:日期:目錄1.網(wǎng)絡(luò)介紹31.1.鄂爾多斯電信城域網(wǎng)現(xiàn)狀31.2.路由現(xiàn)狀42.NE80E/NE40E常用維護(hù)命令62.1.基本運(yùn)行情況及管理性檢查62.2.硬件運(yùn)行情況112.3.接口運(yùn)行情況152.4.路由協(xié)議運(yùn)行情況182.5.路由器安全檢查363.ME60常用維護(hù)命令423.1.基本運(yùn)行情況及管理性檢查423.2.硬件運(yùn)行情況463.3.接口運(yùn)行情況513.4.路由協(xié)議運(yùn)行情況543.5.BRAS安全檢查603.6.ME60業(yè)務(wù)數(shù)據(jù)查看644.8905常用維護(hù)命令774.1.基本運(yùn)行情況及管理性檢查774.2.硬件運(yùn)行情況804.3.接口運(yùn)行情況834.4.8905業(yè)務(wù)數(shù)據(jù)查看865.內(nèi)蒙古電信NE80E、ME60、NE40E、8905簡解896.BAS業(yè)務(wù)規(guī)劃916.1.Radius規(guī)劃916.2.PPPOE模板規(guī)劃916.3.認(rèn)證域建立和命名方案916.4.域建立流程927.新業(yè)務(wù)開放流程947.1.PPPOE業(yè)務(wù)947.2.WLAN業(yè)務(wù)977.3.專線業(yè)務(wù)100網(wǎng)絡(luò)介紹鄂爾多斯電信城域網(wǎng)現(xiàn)狀在中心機(jī)房和火車站機(jī)房各有1臺NE80E、1臺NE40E、1臺ME60-16和1臺8905;在中心局還有1臺Eudemon1000防火墻;在達(dá)旗有1臺NE40-8、1臺ME60-8、1臺8905;在準(zhǔn)旗有1臺NE40E、1臺ME60-8、1臺8905;在伊旗有1臺MA5200G-4、1臺8905;在棋盤井有1臺MA5200G-2、1臺8905;在民聯(lián)B區(qū)、郵政機(jī)房、宏銀機(jī)房、地稅機(jī)房、人防辦、創(chuàng)業(yè)大廈、園丁小區(qū)、佳宏機(jī)房、安廈、康巴什、烏審旗、沙圪堵、鄂旗、鄂前旗、杭錦旗各有一臺8905;2臺NE80E作為鄂爾多斯電信城域網(wǎng)的出口路由器,每臺NE80E以2*2.5G分別上行到呼市M320和通遼Cisco12416的骨干網(wǎng)設(shè)備。2臺NE80E設(shè)備分別以1*GE鏈路連接鄂爾多斯CN2網(wǎng)絡(luò)2臺PE設(shè)備,承載國際差異化業(yè)務(wù);兩臺NE40E設(shè)備以2*GE鏈路分別雙上行至2臺NE80E設(shè)備,2條GE鏈路以負(fù)載分擔(dān)方式承載城域網(wǎng)流量,其中東勝2臺NE40E設(shè)備兼做城域網(wǎng)內(nèi)部的ASBR設(shè)備,以1*GE鏈路分別上行至CN2網(wǎng)絡(luò)2臺PE設(shè)備形成口字型組網(wǎng),承載VPN業(yè)務(wù);IDC服務(wù)器通過E1000防火墻雙上行至出口NE80E設(shè)備;中心局、民聯(lián)B區(qū)、郵政機(jī)房、宏銀機(jī)房、地稅機(jī)房、人防辦、創(chuàng)業(yè)大廈、園丁小區(qū)、佳宏機(jī)房、安廈8905以2*GE分別上行至中心機(jī)房NE40E和ME60-16;火車站、康巴什、烏審旗、沙圪堵、鄂旗、鄂前旗、杭錦旗8905以2*GE分別上行至火車站機(jī)房NE40E和ME60-16;達(dá)旗8905以2*GE分別上行至達(dá)旗NE40和ME60-8;準(zhǔn)旗8905以2*GE分別上行至準(zhǔn)旗NE40E和ME60-8;伊旗8905以2*GE分別上行至火車站機(jī)房NE40E和伊旗MA5200G-4;棋盤井8905以2*GE分別上行至火車站機(jī)房NE40E和棋盤井MA5200G-2;S8016和NE08E因帶有DCN的業(yè)務(wù),暫時(shí)先不退網(wǎng)。具體組網(wǎng)圖如下:本期鄂爾多斯電信城域網(wǎng)優(yōu)化項(xiàng)目新增3臺NE40E,共配置60個(gè)GE端口;新增2臺ME60-16,共配置40個(gè)GE光口;新增2臺ME60-8,共配置40個(gè)GE光口;新增1臺Eudemon1000,共配置4個(gè)GE光口;新增21臺8905,共配置254個(gè)GE光口、850個(gè)FE光口及1008個(gè)10/100/1000電口。路由現(xiàn)狀現(xiàn)網(wǎng)存在如下路由協(xié)議部署情況。1、 MP-BGP路由協(xié)議部署鄂爾多斯城域網(wǎng)4臺SR及6臺BRAS作為MPLSVPN網(wǎng)絡(luò)的PE設(shè)備,采用MP-IBGP協(xié)議分發(fā)VPNv4路由,鑒于鄂爾多斯城域網(wǎng)存在DCN、NGN業(yè)務(wù),對于MP-BGP路由協(xié)議部署如下:)。另外省公司還專門設(shè)置兩臺C7206和C12410路由器做為DCN業(yè)務(wù)的VPNRR路由反射器,與省內(nèi)所有承載DCN業(yè)務(wù)的PE路由器建立MP-IBGP鄰居關(guān)系,反射省內(nèi)DCN業(yè)務(wù)的VPN路由(兩臺DCNVPNRR地址:、)。2、 MPLS部署鄂爾多斯城域網(wǎng)內(nèi)部及兩臺NE80E與省干設(shè)備的所有互聯(lián)鏈路互聯(lián)端口均啟用MPLSLDP標(biāo)簽分發(fā)協(xié)議,使能MPLSLDP,路由器全局啟動MPLS轉(zhuǎn)發(fā)功能,設(shè)置MPLSlsr-id為Loopback0地址,華為設(shè)備配置標(biāo)簽倒數(shù)第二跳彈出行為(PHB),所有設(shè)備上只對32位掩碼路由分配MPLSLDP標(biāo)簽。3、IBGP路由協(xié)議部署鄂爾多斯電信城域網(wǎng)2臺核心路由器NE80E與呼市M320()及通遼Cisco12416()兩臺省干設(shè)備建立IBGP鄰居關(guān)系,用于承載城域網(wǎng)內(nèi)部的公網(wǎng)匯總路由;3、 ISIS路由協(xié)議部署鄂爾多斯電信城域網(wǎng)2臺出口路由器NE80E與呼市M320及通遼Cisco12416互聯(lián)采用ISIS協(xié)議作為省干網(wǎng)絡(luò)的IGP協(xié)議,省干網(wǎng)絡(luò)所有路由器共同組成Level2區(qū)域,ISIS路由協(xié)議僅承載省干網(wǎng)絡(luò)設(shè)備Loopback地址和內(nèi)部互聯(lián)地址路由。4、 OSPF路由協(xié)議部署鄂爾多斯電信城域網(wǎng)的4臺SR、6臺BRAS及1臺防火墻設(shè)備與2臺出口路由器之間采用OSPF作為城域網(wǎng)內(nèi)部IGP協(xié)議,用于承載網(wǎng)城域網(wǎng)內(nèi)部設(shè)備的loopback地址、互聯(lián)地址及業(yè)務(wù)地址路由。鄂爾多斯電信城域網(wǎng)2臺核心路由器NE80E強(qiáng)制下發(fā)OSPF默認(rèn)路由,用于引導(dǎo)城域網(wǎng)內(nèi)部流量至NE80E設(shè)備;NE80E/NE40E常用維護(hù)命令基本運(yùn)行情況及管理性檢查1、查看設(shè)備軟件版本,VRP軟件版本是華為公司正式發(fā)布的版本或者已申請的受控版本(試驗(yàn)局除外)。執(zhí)行命令:displayversion輸出舉例:[NM-EE-ZXJ-SR-1.MAN]dispverHuaweiVersatileRoutingPlatformSoftwareVRP(R)software,Version5.50(V300R003C02B608)Copyright(C)2000-2023HuaweiTechnologiesCo.,Ltd.QuidwayNetEngine40Euptimeis67days,6hours,38minutesBKP0versioninformation:1.PCBVersion:CR52BKPBREVA2.MPUSlotQuantity:03.SRUSlotQuantity:24.SFUSlotQuantity:25.LPUSlotQuantity:8MPU9(Master):uptimeis67days,6hours,38minutesStartupTime2023/06/0317:24:33SDRAMMemorySize:2048MbytesFlashMemorySize:32MbytesNVRAMMemorySize:512KbytesCFCard1MemorySize:487MbytesCFCard2MemorySize:489MbytesMPUversioninformation:1.PCBVersion:CR52SRUAREVC2.EPLD1Version:1063.EPLD2Version:1084.FPGAVersion:0095.BootROMVersion:74.06.BootLoadVersion:216.07.SoftwareVersion:Version5.50RELEASE00MIFversioninformation:1.PCBVersion:CR52MIFBREVC2.FPGAVersion:009MonitorBUSversioninformation:1.PCBVersion:CR31MBSAREVA2.EPLDVersion:0193.SoftwareVersion:3.8MPU10(Slave):uptimeis67days,6hours,37minutesStartupTime2023/06/0317:25:12SDRAMMemorySize:2048MbytesFlashMemorySize:32MbytesNVRAMMemorySize:512KbytesCFCard1MemorySize:487MbytesCFCard2MemorySize:489MbytesMPUversioninformation:……2、查看日志信息,正常情況下,日志中不應(yīng)該有大量重復(fù)的信息。執(zhí)行命令:displaylogbuffer輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displogb[NM-EE-ZXJ-SR-1.MAN]displogbufferLoggingbufferconfigurationandcontents:enabledAllowedmaxbuffersize:1024Actualbuffersize:1024Channelnumber:4,Channelname:logbufferDroppedmessages:0Overwrittenmessages:27689Currentmessages:1024Aug10202300:04:24NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=3)Aug10202300:04:20NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=2)Aug10202300:04:19NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=3)Aug10202300:04:17NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=2)Aug10202300:04:17NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=1)Aug10202300:04:17NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=3)Aug10202300:04:17NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=3)Aug10202300:04:14NM-EE-ZXJ-SR-1.MAN%%01SHELL/4/TELNETFAILED(l):Failedtologinthroughtelnet.(Ip=3,Times=2)……3、查看調(diào)試信息開關(guān),正常工作情況下,所有Debug開關(guān)關(guān)閉。執(zhí)行命令:displaydebugging輸出舉例:正常情況下如果沒有開啟debuging功能,返回結(jié)果應(yīng)該為空。[NM-EE-ZXJ-SR-1.MAN]disdebugging[NM-EE-ZXJ-SR-1.MAN]4、查看系統(tǒng)時(shí)間,時(shí)間設(shè)置應(yīng)與北京時(shí)間一致(時(shí)間差不大于0.5小時(shí))。執(zhí)行命令:displayclock輸出舉例:[NM-EE-ZXJ-SR-1.MAN]disclock2023-08-1000:07:03MondayTimeZone:DefaultZoneNameadd00:00:00[NM-EE-ZXJ-SR-1.MAN]5、查看設(shè)備與NTP服務(wù)器的連接。執(zhí)行命令:displayntp-servicestatus輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displayntp-servicestatusclockstatus:unsynchronizedclockstratum:16referenceclockID:nonenominalfrequency:100.0000Hzactualfrequency:100.0000Hzclockprecision:2^18clockoffset:0.0000msrootdelay:0.00msrootdispersion:0.00mspeerdispersion:0.00msreferencetime:00:00:00.000UTCJan11900(00000000.00000000)6、查看系統(tǒng)補(bǔ)丁。執(zhí)行命令:displaypatch-info輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displaypatch-infoServicepackVersion:V300R003SPH012Packfilename:cfcard:/patch.patThepatchinformationofslot1TotalPatchUnit:6RunningPatchUnit:1-6ActivePatchUnit:DeactivePatchUnit:Thepatchinformationofslot3TotalPatchUnit:6RunningPatchUnit:1-6ActivePatchUnit:DeactivePatchUnit:Thepatchinformationofslot9TotalPatchUnit:20RunningPatchUnit:1-20ActivePatchUnit:DeactivePatchUnit:Thepatchinformationofslot10TotalPatchUnit:20RunningPatchUnit:1-20ActivePatchUnit:DeactivePatchUnit:[NM-EE-ZXJ-SR-1.MAN]7、查看配置文件,現(xiàn)網(wǎng)運(yùn)行配置文件。執(zhí)行命令:displaycurrent-configuration輸出略。8、查看配置文件,設(shè)備保存配置文件。執(zhí)行命令:displaysaved-configuration輸出略。硬件運(yùn)行情況1、收集設(shè)備硬件信息。執(zhí)行命令:displaydevice輸出舉例:[NM-EE-ZXJ-SR-1.MAN]disdeviceNE40E'sDevicestatus:Slot#TypeOnlineRegisterStatusPrimary--------------------------------------1LPUPresentRegisteredNormalNA3LPUPresentRegisteredNormalNA9MPUPresentNANormalMaster10MPUPresentRegisteredNormalSlave11SFUPresentRegisteredNormalNA12SFUPresentRegisteredNormalNA13SFUPresentRegisteredNormalNA14SFUPresentRegisteredNormalNA15CLKPresentRegisteredNormalMaster16CLKPresentRegisteredNormalSlave17PWRPresentNANormalNA18PWRPresentNANormalNA19FANPresentRegisteredNormalNA2、設(shè)備告警檢查。執(zhí)行命令:displayalarmall輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displayalarmallNOalarm[NM-EE-ZXJ-SR-1.MAN]3、主備倒換狀態(tài)檢查,設(shè)備軟硬件正常,VRP一致的情況下主備板應(yīng)該一直處于Realtimeandroutinebackup狀態(tài)。執(zhí)行命令:displayswitchstate輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displayswitchstateMasterMPU:Realtimeandroutinebackup.SlaveMPU:Receivingrealtimeandroutinedata.[NM-EE-ZXJ-SR-1.MAN].4、查看主控板CPU占有率。執(zhí)行命令:displaycpu-usage輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displaycpu-usageCPUUsageStat.Cycle:60(Second)CPUUsage:9%Max:42%CPUUsageStat.Time:2023-08-1000:10:53CPUUsageStat.Tick:0xafcc(CPUTickHigh)0x4f7aActualStat.Cycle:0x0(CPUTickHigh)0x78421329(CPUTickLow)TaskNameCPURuntime(CPUTickHigh/CPUTickLow)BUFM0%0/1ea377VIDL91%0/6dc699f6TICK0%0/5daee0Ecm0%0/b128dIPCR0%0/f2e67VPR0%0/1ed5a3VPS0%0/eeb50ARQ0%0/422aacRTMR0%0/76e39dIPCQ0%0/48acVP0%0/1dfRPCQ0%0/36bc7VMON0%0/788cSTND0%0/3dd2ecCFA0%0/40155INFO0%0/6bf9LCS0%0/328RPR0%0/3d8a……5、查看主控板內(nèi)存占有率。執(zhí)行命令:displaymemory-usage輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displaymemory-usageMemoryutilizationstatisticsat2023-08-1000:11:41340msSystemTotalMemoryIs:1993978128bytesTotalMemoryUsedIs:315119000bytesMemoryUsingPercentageIs:15%[NM-EE-ZXJ-SR-1.MAN]6、查看業(yè)務(wù)板CPU占有率。執(zhí)行命令:displaycpu-usageslot<slot-id>輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displaymemory-usageMemoryutilizationstatisticsat2023-08-1000:11:41340msSystemTotalMemoryIs:1993978128bytesTotalMemoryUsedIs:315119000bytesMemoryUsingPercentageIs:15%[NM-EE-ZXJ-SR-1.MAN]displaycpu-usageslot1CPUUsageStat.Cycle:60(Second)CPUUsage:6%Max:20%CPUUsageStat.Time:2023-08-1000:12:16CPUUsageStat.Tick:0xafcb(CPUTickHigh)0xbd053ba9(CPUTickLow)ActualStat.Cycle:0x0(CPUTickHigh)0x77c183d0(CPUTickLow)TaskNameCPURuntime(CPUTickHigh/CPUTickLow)BUFM0%0/1782f7VIDL94%0/70bfafe4TICK0%0/47aca0VT0%0/130b3IPCR0%0/2621fVPR0%0/6bde4VPS0%0/2698dECM0%0/42cBEAT0%0/88878RTMR0%0/2ac855IPCQ0%0/3b55c2RPCQ0%0/2d60dVMON0%0/59c2STND0%0/a37eaINFO0%0/1cbb……7、查看業(yè)務(wù)板內(nèi)存占有率。執(zhí)行命令:displaymemory-usageslot<slot-id>輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displaymemory-usageslot1Slot1MemoryutilizationInfo:Memoryutilizationstatisticsat2023-08-1000:13:01543msSystemTotalMemoryIs:425471248bytesTotalMemoryUsedIs:197704208bytesMemoryUsingPercentageIs:46%[NM-EE-ZXJ-SR-1.MAN]8、查看風(fēng)扇工作狀態(tài)檢查。執(zhí)行命令:displayfan輸出舉例:[NM-EE-ZXJ-SR-1.MAN]displayfanSlotid:19Present:YESRegistered:YESStatus:MANUALFanSpeed:[No.]Speed[1]100%[2]100%[3]100%[4]100%[5]100%[6]100%[7]100%[8]100%[9]100%接口運(yùn)行情況1、檢查端口的狀態(tài),系統(tǒng)中沒有使用的接口狀態(tài)為shutdown狀態(tài),避免出現(xiàn)鏈路振蕩。執(zhí)行命令:displayipinterfacesbrief輸出舉例:<NM-EE-HCZ-SR-1.MAN>disipinterfacebrief*down:administrativelydown!down:FIBoverloaddown(l):loopback(s):spoofingThenumberofinterfacethatisUPinPhysicalis60ThenumberofinterfacethatisDOWNinPhysicalis8ThenumberofinterfacethatisUPinProtocolis50ThenumberofinterfacethatisDOWNinProtocolis18InterfaceIPAddress/MaskPhysicalProtocolAux0/0/1unassigned*downdownGigabitEthernet1/0/2unassignedupdown……2、檢查已使用端口的配置。執(zhí)行命令:displaycurrent-configurationinterface輸出舉例:<NM-EE-HCZ-SR-1.MAN>discuintGigabitEthernet1/0/0#interfaceGigabitEthernet1/0/0descriptionTONM-EE-ZXJ-C-1.MANGE4/0/5GEundoshutdownospfnetwork-typep2pmplsmplsldptrustupstreamdefaultport-queuebewfqweight10port-wredwred0outboundport-queueaf1wfqweight10shapingshaping-percentage80port-wredwred1outboundport-queueaf4pqshapingshaping-percentage20port-wredwred2outboundport-queueefwfqweight15shapingshaping-percentage80port-wredwred2outboundport-queuecs6pqshapingshaping-percentage2port-wredwred1outbound#3、檢查FE/GE端口工作模式,端口模式(包括速率、雙工模式)配置對接雙方必須一致;端口實(shí)際工作模式必須與對端一致;檢查端口收發(fā)統(tǒng)計(jì)數(shù)據(jù);檢查上行端口的流量。執(zhí)行命令:displayinterface輸出舉例:<NM-EE-HCZ-SR-1.MAN>disintg1/0/0GigabitEthernet1/0/0currentstate:UPLineprotocolcurrentstate:UPLastlineprotocoluptime:2023-07-2117:38:27Description:TONM-EE-ZXJ-C-1.MANGE4/0/5GERouteIPSendingFrames'FormatisPKTFMT_ETHNT_2,Hardwareaddressis0018-82d7-8fafTheVendorPNisMXPD-243SPortBW:1G,TransceivermaxBW:1G,TransceiverMode:SingleModeWaveLength:1310nm,TransmissionDistance:10kmRxPower:-8.38dBm,TxPower:-6.14dBmLoopback:none,full-duplexmode,negotiation:disable,PauseFlowcontrol:ReceiveEnableandSendEnableLastphysicaluptime:2023-07-2117:38:27Lastphysicaldowntime:2023-07-2117:38:22Statisticslastcleared:neverLast300secondsinputrate:23080816bits/sec,5961packets/secLast300secondsoutputrate:59897368bits/sec,8564packets/secInput:3995497323749bytes,8685833902packetsInput:Unicast:8685044151packets,Multicast:780926packetsBroadcast:8825packets,JumboOctets:0packetsCRC:0packets,Symbol:0packetsOverrun:0packetsInRangeLength:0packetsLongPacket:0packets,Jabber:0packets,Alignment:0packetsFragment:0packets,UndersizedFrame:0packetsRxPause:0packetsOutput:Broadcast:20packets,JumboOctets:0packetsLost:0packets,Overflow:0packets,Underrun:0packetsTxPause:0packetsUnknownVlan:0packets路由協(xié)議運(yùn)行情況1、檢查設(shè)備Routerid,Routerid應(yīng)該配置為設(shè)備LoopBack0的ip地址。執(zhí)行命令:displayrouteriddisplaycurrent-configurationinterfaceLoopBack0輸出舉例:<NM-EE-HCZ-SR-1.MAN>disrouteridRouterID:<NM-EE-HCZ-SR-1.MAN>discuintloopback0#interfaceLoopBack0descriptionForManagerment#2、檢查BGP配置。執(zhí)行命令:displaycurrent-configurationconfigurationbgp輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaycurrent-configurationconfigurationbgp#bgp17923groupvpn_rrinternalpeervpn_rrconnect-interfaceLoopBack0peeras-number17923peergroupvpn_rrpeerdescriptionNM-HH-HCZ-S-1.163peer6as-number17923peer6groupvpn_rrpeer6descriptionNM-TL-HP-S-1.163#ipv4-familyunicastundosynchronizationundopeervpn_rrenableundopeerenableundopeer6enable#ipv4-familyvpnv4policyvpn-targetpeervpn_rrenablepeerenablepeergroupvpn_rrpeer6enablepeer6groupvpn_rr#ipv4-familyvpn-instanceCTVPN3200000-JiaoHuanJiGuanLinetworknetwork……3、檢查OSPF配置。執(zhí)行命令:displaycurrent-configurationconfigurationospf輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaycurrent-configurationconfigurationospf#ospf1silent-interfaceLoopBack0silent-interfaceGigabitEthernet1/0/2.53silent-interfaceGigabitEthernet1/0/3.53silent-interfaceGigabitEthernet1/0/4.53silent-interfaceGigabitEthernet1/0/5.53silent-interfaceGigabitEthernet1/0/6.53silent-interfaceGigabitEthernet3/0/1.53silent-interfaceGigabitEthernet3/0/2.53silent-interfaceGigabitEthernet3/0/3.53silent-interfaceGigabitEthernet3/0/4.53silent-interfaceGigabitEthernet3/0/5.53silent-interfaceGigabitEthernet1/0/4.201silent-interfaceGigabitEthernet1/0/4.202silent-interfaceGigabitEthernet1/0/5.201bandwidth-reference40000are.0network.0network6.3network2.3network6.3network8.3network2.3network6.3network0.3network4.3network8.3network2.3network0.3network4.3network8.3network60.3network48.3#4、檢查IS-IS配置。執(zhí)行命令:displaycurrent-configurationconfigurationisis輸出舉例:<NM-EE-ZXJ-C-1.MAN>displaycurrent-configurationconfigurationisisisis1is-levellevel-2cost-stylewidenetwork-entity8import-routedirectroute-policy1import-routeospf1cost50route-policyimport-isis5、檢查BGP運(yùn)行狀態(tài),所有規(guī)劃使用的鄰居狀態(tài)為Established。執(zhí)行命令:displaybgppeer輸出舉例:<NM-EE-ZXJ-C-1.MAN>dispbgppeeLocalASnumber:17923Totalnumberofpeers:2Peersinestablishedstate:2PeerVASMsgRcvdMsgSentOutQUp/DownStatePrefRcv41792379804858164202108h30mEstablished19791441792364882231671803959h33mEstablished197976、檢查BGP路由收發(fā)。執(zhí)行命令:disbgprouting-tablepeerX.X.X.Xadvertised-routesdisbgprouting-tablepeerX.X.X.Xreceived-routes輸出舉例:<NM-EE-ZXJ-C-1.MAN>disbgprouting-tablepeerreceived-routesTotalNumberofRoutes:19791BGPLocalrouterStatuscodes:*-valid,>-best,d-damped,h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?-incompleteNetworkNextHopMEDLocPrfPrefValPath/Ogn*>i.01580010004134i<NM-EE-ZXJ-C-1.MAN>disbgprouting-tablepeeradvertised-routesTotalNumberofRoutes:8Statuscodes:*-valid,>-best,d-damped,h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?-incompleteNetworkNextHopMEDLocPrfPrefValPath/Ogn.000i.000i.000i.000i.000i.000i*>.000i.000i7、檢查MP-IBGP運(yùn)行狀態(tài),所有規(guī)劃使用的鄰居狀態(tài)為Established。執(zhí)行命令:displaybgpvpnv4allpeer輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaybgpvpnv4allpeerLocalASnumber:17923Totalnumberofpeers:2Peersinestablishedstate:2PeerVASMsgRcvdMsgSentOutQUp/DownStatePrefRcv4179232215813241100486h06mEstablished856417923340333722400486h06mEstablished858、檢查MP-IBGP路由。執(zhí)行命令:displaybgpvpnv4vpn-instancexxrouting-table輸出舉例:<NM-EE-HCZ-SR-1.MAN>dispbgpvpnv4vpn-instanceCTVPN3200000-JiaoHuanJiGuanLirouting-tableTotalNumberofRoutes:173BGPLocalrouterIDisStatuscodes:*-valid,>-best,d-damped,h-history,i-internal,s-suppressed,S-StaleOrigin:i-IGP,e-EGP,?-incompleteNetworkNextHopMEDLocPrfPrefValPath/Ogn*i11000?*i11000?*i11000?*i11000?*i11000?*i11000?*i11000?9、檢查ISIS運(yùn)行狀態(tài)。執(zhí)行命令:displayisisinterfacedisplayisispeer輸出舉例:<NM-EE-ZXJ-C-1.MAN>displayisisinterfaceInterfaceinformationforISIS(1)InterfaceIdIPV4.StateIPV6.StateMTUTypeDISLoop0001UpDown1500L2--GE4/0/2002UpDown1545L2NoPos2/0/0003UpDown4470L2--Pos6/0/0004UpDown4470L2--<NM-EE-ZXJ-C-1.MAN>disisispeerPeerinformationforISIS(1)SystemIdInterfaceCircuitIdStateHoldTimeTypePRI2191.4816.4044GE4/0/22191.4816.4044.01Up8sL2642191.4816.4001Pos2/0/0003Up19sL2--2191.4816.4044Pos6/0/0004Up29sL2--TotalPeer(s):310、檢查OSPF運(yùn)行狀態(tài)。執(zhí)行命令:displayospfinterfacedisplayospfpee輸出舉例:<NM-EE-HCZ-SR-1.MAN>displayospfinterfaceInterfacesArea:.0(MPLSTEnotenabled)IPAddressTypeStateCostPriDRBDRBroadcastDR11.04P2PP-2-P401.0.08P2PP-2-P401.0.08P2PP-2-P401.0.03BroadcastDR4013.01BroadcastDR4011.09BroadcastDR4019.05BroadcastDR4015.0BroadcastDR401.09BroadcastDR4019.0BroadcastDR401.09BroadcastDR4019.0BroadcastDR401.03BroadcastDR4013.07BroadcastDR4017.05BroadcastDR4015.0<NM-EE-HCZ-SR-1.MAN>disospfpeerNeighborsAre.0interface4(GigabitEthernet1/0/0)'sneighborsRouterID:1Address:3State:FullMode:NbrisMasterPriority:1DR:NoneBDR:NoneMTU:0Deadtimerduein33secNeighborisupfor486:22:15AuthenticationSequence:[0]NeighborsAre.0interface8(GigabitEthernet3/0/0)'sneighborsRouterID:4Address:7State:FullMode:NbrisMasterPriority:1DR:NoneBDR:NoneMTU:0Deadtimerduein36secNeighborisupfor486:22:15AuthenticationSequence:[0]NeighborsAre.0interface8(GigabitEthernet1/0/1)'sneighborsRouterID:Address:7State:FullMode:NbrisSlavePriority:1DR:NoneBDR:NoneMTU:0Deadtimerduein30secNeighborisupfor486:22:15AuthenticationSequence:[0]11、檢查MPLS運(yùn)行狀態(tài),所有期望支持MPLS的接口狀態(tài)為Active。執(zhí)行命令:displaymplsldpinterface輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaymplsldpinterfaceLDPInterfaceInformationinPublicNetworkIF-NameStatusLAMTransport-AddressHello-Sent/RcvGE1/0/0ActiveDU350063/349440GE1/0/1ActiveDU350063/350196GE3/0/0ActiveDU350063/349366LAM:LabelAdvertisementModeIF-Name:Interfacename12、檢查LDP運(yùn)行狀態(tài),LDP接口數(shù)量、鄰居數(shù)量與規(guī)劃一致,所有鄰居的session狀態(tài)都為Operational。執(zhí)行命令:displaymplsldppeerdisplaymplsldpsession輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaymplsldppeerLDPPeerInformationinPublicnetworkPeer-IDTransport-AddressDiscovery-Source:0GigabitEthernet1/0/11:01GigabitEthernet1/0/04:04GigabitEthernet3/0/0TOTAL:3Peer(s)Found.<NM-EE-HCZ-SR-1.MAN>displaymplsldpsessionLDPSession(s)inPublicNetworkPeer-IDStatusLAMSsnRoleSsnAgeKA-Sent/Rcv:0OperationalDUActive020:06:23116735/1167351:0OperationalDUPassive020:06:23116735/1167364:0OperationalDUPassive020:06:23116735/116736TOTAL:3session(s)Found.LAM:LabelAdvertisementModeSsnAgeUnit:DDD:HH:MM13、查看FIB表的數(shù)目。執(zhí)行命令:displayfibstatistics輸出舉例:<NM-EE-HCZ-SR-1.MAN>displayfibstatisticsRouteEntryCount:832路由器安全檢查1、檢查Console/AUX/VTY登錄控制。執(zhí)行命令:displaycurrent-configurationconfigurationuser-interface輸出舉例:<NM-EE-HCZ-SR-1.MAN>displayfibstatisticsRouteEntryCount:832<NM-EE-HCZ-SR-1.MAN>displaycurrent-configurationconfigurationuser-interface#user-interfacecon0idle-timeout50user-interfaceaux0user-interfacevty04acl2999inboundauthentication-modeaaaidle-timeout600user-interfacevty16202、檢查本地賬戶管理策略。執(zhí)行命令:displaycurrent-configurationconfigurationaaa輸出舉例:<NM-EE-HCZ-SR-1.MAN>displaycurrent-configurationconfigurationaaa#aaalocal-usernmgdxpasswordcipherM`Y#/RCW57IQC-&C&"^8CQ!!local-usernmgdxservice-typetelnetlocal-usernmgdxlevel1local-usernmgtelepasswordcipher5D1;YM9/I[;Q=^Q`MAF4<1!!local-usernmgteleservice-typetelnetlocal-usernmgtelelevel1local-usernmgtemppasswordcipherCE/`RSOQ9/;ZY<_G5D<K+1!!local-usernmgtempservice-typetelnetlocal-usernmgtemplevel3local-userhuaweipasswordcipherPTKJ5++#[_/Q=^Q`MAF4<1!!local-userhuaweiservice-typeftptelnetlocal-userhuaweilevel3authentication-schemedefaultauthentication-schemenmgnocauthentication-modelocalhwtacacs#authorization-schemedefaultauthorization-schemenmgnocauthorization-modelocalhwtacacs#accounting-schemedefaultaccounting-schemenmgnocaccounting-modehwtacacsaccountingstart-failonline#domaindefaultauthentication-schemenmgnocauthorization-schemenmgnocaccounting-schemenmgnochwtacacs-servernmgnoc#recording-schemenmgnocrecording-modehwtacacsnmgnoc#systemrecording-schemenmgnocoutboundrecording-schemenmgnoccmdrecording-schemenmgnoc3、檢查SNMP服務(wù)的相關(guān)屬性,所有的community字符串要滿足復(fù)雜度要求,對于不需要SNMPRW權(quán)限的設(shè)備,建議關(guān)閉SNMPRW功能,Trap的源地址建議

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

最新文檔

評論

0/150

提交評論