電廠網(wǎng)絡(luò)設(shè)備調(diào)試報告

XXXX電廠網(wǎng)絡(luò)設(shè)備調(diào)試報告一、網(wǎng)關(guān)加密設(shè)備根據(jù)國網(wǎng)公司《全國電力二次系統(tǒng)安全防護(hù)總體方案》要求，在山東省電力公司安排部署下，山東XXX有限公司于2012年6月在XXXX電廠部署縱向加密認(rèn)證裝置及調(diào)試。在完成本階段的工作后現(xiàn)將工程實施情況做出說明。一、工程介紹根據(jù)國網(wǎng)公司《全國電力二次系統(tǒng)安全防護(hù)總體方案》要求，計劃在XXX電廠部署縱向加密認(rèn)證裝置，保證實時業(yè)務(wù)的加密傳輸，非實時、保護(hù)業(yè)務(wù)的明文傳輸。根據(jù)現(xiàn)場環(huán)境及客戶的要求本次裝置部署在路由器與交換機之間，保證所有業(yè)務(wù)VPN都通過縱向加密裝置傳輸。具體網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)請參見下圖：XXXX電廠節(jié)點網(wǎng)絡(luò)拓?fù)鋱D實現(xiàn)在部署完成的節(jié)點對縱向加密裝置進(jìn)行遠(yuǎn)程監(jiān)控、配置、管理。二、本階段實施情況本階段工程于XXXX電廠部署百兆RJ45電口縱向加密設(shè)備一臺。完成XXX電廠兩臺百兆RJ45電口縱向加密設(shè)備的部署，實現(xiàn)實時業(yè)務(wù)加密通信；非實時、保護(hù)業(yè)務(wù)明文通信。轉(zhuǎn)發(fā)給公司的業(yè)務(wù)數(shù)據(jù)傳輸正常。并在配置中考慮了在未來非實時、保護(hù)業(yè)務(wù)接入密通的需要，能夠較快的實現(xiàn)業(yè)務(wù)的明密通轉(zhuǎn)換。在設(shè)備接入的情況下充分考慮到現(xiàn)有網(wǎng)絡(luò)中交換機與路由器的互連，中心節(jié)點網(wǎng)管機對交換機、路由器的遠(yuǎn)程管理。在設(shè)備的配置中保證廠站端交換機的網(wǎng)管正常。通過現(xiàn)場測試與階段性運行，設(shè)備接入后廠站端交換機、路由器網(wǎng)管功能全部正常。完成一臺縱向加密的安裝調(diào)試，設(shè)備運行狀況正常。三、調(diào)試報告首先通過網(wǎng)線連接設(shè)備的eth4接口，打開縱向加密管理工1對設(shè)備的基本參數(shù)進(jìn)行配置2配置vlan裝置冠B配置33配置路由髒定取消髒定取消44配置隧道戲iff石從価Jt戲iff石從価Jt證卡IP■4址戎:皆IfM浴CF科恭干F-iren町議百用［F昏冃00Wff'LJl-rt037.153.1魁L203?.L55.ILL2025^2^5.256.9UuLLU.0[1.10J■WU.屮￡4rtLJT.263.】甌L3037.LE3.H.LSI翡&2關(guān)356,0山MCI0,102kc-mfi-itLOO3TT.1G3.】邯.l2u0.d.Clji>.0.u.DUuLLU.0[1.t帖b'Mifn.ctML71.IH-】和20gQ.CLEDiQ.QiPPrOiD.QQNLKkcaifi-ISjSLOS51.163.曲弘120曲Q.0L3D.0.0i0a.LLUiO山1Ll_ d詞迫K1冊己號5配置策略salt*W6i±主*■畑p3+HI5SU-碗imi.g也長呂加W6i±主*■畑p3+HI5SU-碗imi.g也長呂加址題培D3T.]5S.]SSLL2j3?.L53.0.1SD3T.]&3.]&fiu]3T.LS3.L沾.L253T.3E3.D.]in.]HZTq.g3T.J5>.J&3LL2OLoa.QuiEi37.」臨JML]11.LSI.L3G?LZS□T.欣.D.3■n.F不訓(xùn)3T.3M.D.D.D.EJI.IM.IMo】JT.LM. ISfi3T. D.]]3T.IM.I5&.L2ODDO.2】T.JH.IS￡L]2I1.L&I.N5.LZS37.131.IBS.]ESTL]!4]T.JD3.3Mi.LjDDDO.117.IDIIffi.]IT.L51.13S.LM37.103-]EG.13Sn.i'E3T.HX]HLL2aD.D.D.137.15J.1ML]31,L5J.I.3S.I2G37.1E3.D.2En.E不日田3T.1&VIMLLKinnn.i37.111.IML】37.LS.IJd.L3SID.3T-5.3iT3T.1y.I3SLL2QD-D-O.237.IM.I3E.]31.L&l.L35.1ID.3T.3-]了B不用.用3T.J&?=.I8&.L2iC8D.D-D.137.153. 】3T.L5J.L3S.12SID.37.3B.]B3T.] .18SLLKin_D_o.237.JE4.ISCL]ZT.LEJ.1蚯12SID.31.EE.]]i.■'"T.Sffl3T.IE4.1Sf.L2^a.a.a.231.IM.IK.Jyr.l^i.Mi.usID.JH.T4.1iJJT6.fi3T.J55.1i￥i,l-Tl(i心?l2D.(UH12D.D.D.32n?再TSfflSTJSJ.lK.lJtiOnOr0.337.l5MK,n耳-厲2-1浙「JU31.152.Iff.11Er139T,lBJ.i8t.1L,?：l0.0.0.337.ISM&6.IH卻L52.L3fl.9U91S.73.]3j-ire.ffl5T.i55i.jt6.LdjIj.fl.0.3"97.W圖i冊■加?=川"3T冋冊林rFUffQjreS"!????e+L起口耳』耳口6將隧道對應(yīng)的證書導(dǎo)入至此，縱向加密配置完成。XXXXXXXXXX（安裝）調(diào)試工程師;XXXXXXXXXXXXXXX（記錄）人員；XXXXX二、交換機、路由器配置調(diào)試文檔1.現(xiàn)場溝通在客戶現(xiàn)場經(jīng)過于客戶負(fù)責(zé)人進(jìn)行方案溝通，了解到用戶購買設(shè)備的用途及網(wǎng)絡(luò)的基本架構(gòu)情況，并向項目負(fù)責(zé)人處要取獲得網(wǎng)絡(luò)調(diào)試所需要的網(wǎng)絡(luò)規(guī)劃數(shù)據(jù)，并根據(jù)網(wǎng)絡(luò)規(guī)劃數(shù)據(jù)現(xiàn)場對設(shè)備進(jìn)行調(diào)試和安裝。2、數(shù)據(jù)網(wǎng)絡(luò)路由器配置如下：[SD-JiaHongZhan.R1]discu#version5.20,Release2209P15,Standard#sysnameSD-JiaHongZhan.R1#superpasswordlevel3cipher$c$3$CTWtbnxTybrdIiVNPI7ssukmA7w==#configure-usercount5#domaindefaultenablesystem#routerid86#telnetserverenable#darp2psignature-filecfa0:/p2p_default.mtd#port-securityenable#mplslsr-id86#ipvpn-instancevpn-rtroute-distinguisher23721:1vpn-target23721:101export-extcommunityvpn-target23721:100import-extcommunity#ipvpn-instancevpn-nrtroute-distinguisher23721:2vpn-target23721:201export-extcommunityvpn-target23721:200import-extcommunity#vlan1#mplsttlpropagatevpnundottlexpirationpop#mplsldp#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystemgroup-attributeallow-guest#local-useradminpasswordcipher$c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aVauthorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceCellular0/0asyncmodeprotocollink-protocolppp#interfaceSerial4/0descriptionto-RZDD-R-NE40-1link-protocolpppipaddress52ospfcost500mplsmplsldp#interfaceSerial4/1descriptionto-RZDD-R-NE40-2link-protocolpppipaddress52ospfcost500mplsmplsldp#interfaceNULL0#interfaceLoopBack0ipaddress8655#interfaceGigabitEthernet0/0portlink-moderoute#interfaceGigabitEthernet0/0.10descriptionce-managevlan-typedot1qvid10ipaddress040#interfaceGigabitEthernet0/0.199descriptionVPN-RTvlan-typedot1qvid199ipbindingvpn-instancevpn-rtipaddress2628#interfaceGigabitEthernet0/0.299descriptionVPN-NRTvlan-typedot1qvid299ipbindingvpn-instancevpn-nrtipaddress2628#interfaceGigabitEthernet0/1portlink-moderoute#bgp23721undosynchronizationtimerkeepalive5hold15grouprzddinternalpeerrzddconnect-interfaceLoopBack0peer54grouprzddpeer54grouprzdd#ipv4-familyvpn-instancevpn-rtimport-routedirect#ipv4-familyvpn-instancevpn-nrtimport-routedirect#ipv4-familyvpnv4peerrzddenablepeer54enablepeer54grouprzddpeer54enablepeer54grouprzdd#ospf1import-routedirectareanetworkareanetwork#snmp-agentsnmp-agentlocal-engineid800063A2035866BA7FAA48snmp-agentcommunitywriteraddrwsnmp-agentcommunityreadrzddrosnmp-agentcommunitywriterzddrwsnmp-agentsys-infoversionallundosnmp-agenttrapenablevoicedial#loadxml-configuration#loadtr069-configuration#user-interfacecon0user-interfacetty13user-interfaceaux0user-interfacevty04setauthenticationpasswordcipher$c$3$wjDircwXvMELIqIp/gS9nLzGdO#return3、數(shù)據(jù)網(wǎng)絡(luò)交換機配置如下[SD-JiaHongZhan.S1]discu#sysnameSD-JiaHongZhan.S1#superpasswordlevel3cipher1D.L#'-M]l_,UMD0PV(YO1!!#radiusschemesystem#domainsystem#vlan1#vlan10descriptionCE-Manage#vlan199descriptionVPN-RT#vlan299descriptionVPN-NRT#interfaceVlan-interface10descriptionCE-Manageipaddress740#interfaceVlan-interface199descriptionVPN-RT#interfaceVlan-interface299descriptionVPN-NRT#interfaceAux1/0/0#interfaceEthernet1/0/1portaccessvlan199#interfaceEthernet1/0/2portaccessvlan199#interfaceEthernet1/0/3portaccessvlan199#interfaceEthernet1/0/4portaccessvlan199#interfaceEthernet1/0/5portaccessvlan199#interfaceEthernet1/0/6portaccessvlan199#interfaceEthernet1/0/7portaccessvlan199#interfaceEthernet1/0/8portaccessvlan199#interfaceEthernet1/0/9portaccessvlan299#interfaceEthernet1/0/10portaccessvlan299#interfaceEthernet1/0/11portaccessvlan299#interfaceEthernet1/0/12portaccessvlan299#interfaceEthernet1/0/13portaccessvlan299#interfaceEthernet1/0/14portaccessvlan299#interfaceEthernet1/0/15portaccessvlan299#interfaceEthernet1/0/16portaccessvlan299#interfaceEthernet1/0/17portaccessvlan299#interfaceEthernet1/0/18portaccessvlan299#interfaceEthernet1/0/19portaccessvlan299#interfaceEthernet1/0/20portaccessvlan299interfaceEthernet1/0/21portaccessvlan299#interfaceEthernet1/0/22portaccessvlan299#interfaceEthernet1/0/23portaccessvlan299#interfaceEthernet1/0/24portlink-typetrunkporttrunkpermitvlan110199299descriptiontoMSR3020-1#interfaceGigabitEthernet1/1/1#interfaceGigabitEthernet1/1/2#interfaceGigabitEthernet1/1/3#interfaceGigabitEthernet1/1/4#undoirf-fabricauthentication-mode#interfaceNULL0#voicevlanmac-address0001-e300-0000maskffff-ff00-0000#iproute-static0preference60#snmp-agentsnmp-agentlocal-engineid800063A280F62E48316E6877snmp-agentcommunityreadrzddrosnmp-agentcommunitywriterzddrwsnmp-agentsys-infoversionall#user-interfaceaux07user-interfacevty04setauthenticationpasswordcipher;"1ST$QA&[SQ"Q'MAF4vl!!#return4、數(shù)據(jù)網(wǎng)絡(luò)路由器端口分配情況interfaceSerial4/0和interfaceSerial4/1用來和市局的路由器進(jìn)行互聯(lián)interfaceGigabitEthernetO/O接口用來和局域網(wǎng)交換機互聯(lián)5、數(shù)據(jù)網(wǎng)絡(luò)交換機端口分配情況interfaceEthernet1/0/1--interfaceEthernet1/0/8屬于VLAN199interfaceEthernet1/0/9--interfaceEthernet1/0/23屬于VLAN299交換機的interfaceEthernet1/0/24用來上連路由器6、辦公內(nèi)網(wǎng)路由器配置如下[RZJHC-R1]discu#version5.2O,Release22O9P15,Standard#sysnameRZJHC-R1#superpasswordlevel3cipher$c$3$CTWtbnxxC1OpT7uUvrZHmk1YLrOe#ftpserverenable#domaindefaultenablesystem#routerid1O.37.2O7.197#telnetserverenable#darp2psignature-filecfaO:/p2p_default.mtd#port-securityenable#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-service-urldisable#user-groupsystemgroup-attributeallow-guest#local-userabcdpasswordcipher$c$3$1+SFRrfPojx/CBya4Jm68VTXlNRmo6Q=authorization-attributelevel3service-typeftplocal-useradminpasswordcipher$c$3$nH3DI7gxrRRbVjEB+lUxm5phiOczymvdauthorization-attributelevel3service-typetelnet#cwmpundocwmpenable#interfaceAux0asyncmodeflowlink-protocolppp#interfaceCellular0/0asyncmodeprotocollink-protocolppppppmpMp-group1ospfcost5000ospfauthentication-modemd510cipher$c$3$IqIpnvXcfL0Hwry18cHg==#interfaceSerial4/0fe1unframedlink-protocolppppppmpMp-group1#interfaceSerial4/1fe1unframedlink-protocolppp#interfaceMp-group1ipaddress852ospfcost5000ospfauthentication-modemd510cipher$c$3$dl8Nu2ESu3LBNXalzg==#interfaceNULL0#interfaceLoopBack0ipaddress9755#interfaceGigabitEthernet0/0portlink-moderouteipaddress848#interfaceGigabitEthernet0/1portlink-moderoute#ospf1import-routedirectarea7authentication-modemd5network97network2network6stubno-summary##voice-setup#sip#sip-server#call-rule-set#call-route#dial-programdefaultentityfaxprotocolstandard-t38defaultentityfaxprotocolstandard-t38hb-redundancy0defaultentityfaxprotocolstandard-t38lb-redundancy0#aaa-client#gk-client#snmp-agentsnmp-agentlocal-engineid800063A2035866BA7FAAD8snmp-agentcommunityread80126589snmp-agentcommunitywriteSednet02snmp-agentsys-infoversionallsnmp-agenttarget-hosttrapad