电厂网络设备调试报告

1、XXXX电厂网络设备调试报告一、网关加密设备根据国网公司全国电力二次系统安全防护总体方案要求，在山东省电力公司安排部署下，山东XXX有限公司于2012年6月在XXXX电厂部署纵向加密认证装置及调试。在完成本阶段的工作后现将工程实施情况做出说明。一、工程介绍根据国网公司全国电力二次系统安全防护总体方案要求，计划在XXX电厂部署纵向加密认证装置，保证实时业务的加密传输，非实时、保护业务的明文传输。根据现场环境及客户的要求本次装置部署在路由器与交换机之间，保证所有业务VPN都通过纵向加密装置传输。具体网络拓扑结构请参见下图：XXXX电厂节点网络拓扑图实现在部署完成的节点对纵向加密装置进行远程监控、配

2、置、管理。二、本阶段实施情况本阶段工程于XXXX电厂部署百兆RJ45电口纵向加密设备一台。完成XXX电厂两台百兆RJ45电口纵向加密设备的部署，实现实时业务加密通信；非实时、保护业务明文通信。转发给公司的业务数据传输正常。并在配置中考虑了在未来非实时、保护业务接入密通的需要，能够较快的实现业务的明密通转换。在设备接入的情况下充分考虑到现有网络中交换机与路由器的互连，中心节点网管机对交换机、路由器的远程管理。在设备的配置中保证厂站端交换机的网管正常。通过现场测试与阶段性运行，设备接入后厂站端交换机、路由器网管功能全部正常。完成一台纵向加密的安装调试，设备运行状况正常。三、调试报告首先通过网线连接

3、设备的eth4接口，打开纵向加密管理工1对设备的基本参数进行配置2配置vlan装置冠B配置33配置路由髒定取消髒定取消44配置隧道戏iff石從価Jt戏iff石從価Jt证卡IP4址戎:皆IfM浴CF科恭干F-iren町議百用F昏冃00WffLJl-rt037.153.1魁L203?.L55.ILL202525.256.9UuLLU.01.10JWU.屮4rtLJT.263.】甌L3037.LE3.H.LSI翡&2關356,0山MCI0,102kc-mfi-itLOO3TT.1G3.】邯.l2u0.d.Clji.0.u.DUuLLU.01.t帖bMifn.ctML71.IH-】和20gQ.CLED

4、iQ.QiPPrOiD.QQNLKkcaifi-ISjSLOS51.163.曲弘120曲Q.0L3D.0.0i0a.LLUiO山1Ll_d词迫K1冊己号5配置策略salt*W6i主*畑p3+HI5SU-碗imi.g也長呂加W6i主*畑p3+HI5SU-碗imi.g也長呂加址題培D3T.5S.SSLL2j3?.L53.0.1SD3T.&3.&fiu3T.LS3.L沾.L253T.3E3.D.in.HZTq.g3T.J5.J&3LL2OLoa.QuiEi37.临JML11.LSI.L3GLZST.欣.D.3n.F不訓3T.3M.D.D.D.EJI.IM.IMo】JT.LM.ISfi3T.D.3T.

5、IM.I5&.L2ODDO.2】T.JH.ISL2I1.L&I.N5.LZS37.131.IBS.ESTL!4T.JD3.3Mi.LjDDDO.117.IDIIffi.IT.L51.13S.LM37.103-EG.13Sn.iE3T.HXHLL2aD.D.D.137.15J.1ML31,L5J.I.3S.I2G37.1E3.D.2En.E不日田3T.1&VIMLLKinnn.i37.111.IML】37.LS.IJd.L3SID.3T-5.3iT3T.1y.I3SLL2QD-D-O.237.IM.I3E.31.L&l.L35.1ID.3T.3-了B不用.用3T.J&=.I8&.L2iC8D.D

6、-D.137.153.】3T.L5J.L3S.12SID.37.3B.B3T.18SLLKin_D_o.237.JE4.ISCLZT.LEJ.1蚯12SID.31.EE.i.T.Sffl3T.IE4.1Sf.L2a.a.a.231.IM.IK.Jyr.li.Mi.usID.JH.T4.1iJJT6.fi3T.J55.1ii,l-Tl(i心l2D.(UH12D.D.D.32n?再TSfflSTJSJ.lK.lJtiOnOr0.337.l5MK,n耳-厉2-1浙JU31.152.Iff.11Er139T,lBJ.i8t.1L,?：l37.ISM&6.IH却L52.L3fl.9U91S.73.3j-

7、ire.ffl5T.i55i.jt6.LdjIj.fl.0.397.W圖i冊加=川3T冋册林rFUffQjreS!?e+L起口耳耳口6将隧道对应的证书导入至此，纵向加密配置完成。XXXXXXXXXX（安装）调试工程师;XXXXXXXXXXXXXXX（记录）人员；XXXXX二、交换机、路由器配置调试文档1.现场沟通在客户现场经过于客户负责人进行方案沟通，了解到用户购买设备的用途及网络的基本架构情况，并向项目负责人处要取获得网络调试所需要的网络规划数据，并根据网络规划数据现场对设备进行调试和安装。2、数据网络路由器配置如下：SD-JiaHongZhan.R1discu#version5.20,Re

8、lease2209P15,Standard#sysnameSD-JiaHongZhan.R1#superpasswordlevel3cipher$c$3$CTWtbnxTybrdIiVNPI7ssukmA7w=#configure-usercount5#domaindefaultenablesystem#routerid86#telnetserverenable#darp2psignature-filecfa0:/p2p_default.mtd#port-securityenable#mplslsr-id86#ipvpn-instancevpn-rtroute-distinguisher237

9、21:1vpn-target23721:101export-extcommunityvpn-target23721:100import-extcommunity#ipvpn-instancevpn-nrtroute-distinguisher23721:2vpn-target23721:201export-extcommunityvpn-target23721:200import-extcommunity#vlan1#mplsttlpropagatevpnundottlexpirationpop#mplsldp#domainsystemaccess-limitdisablestateactiv

10、eidle-cutdisableself-service-urldisable#user-groupsystemgroup-attributeallow-guest#local-useradminpasswordcipher$c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aVauthorization-attributelevel3service-typetelnet#interfaceAux0asyncmodeflowlink-protocolppp#interfaceCellular0/0asyncmodeprotocollink-protocolppp#interf

11、aceSerial4/0descriptionto-RZDD-R-NE40-1link-protocolpppipaddress52ospfcost500mplsmplsldp#interfaceSerial4/1descriptionto-RZDD-R-NE40-2lin-kprotocolpppipaddress652ospfcost500mplsmplsldp#interfacNeULL0#interfacLeoopBack0ipaddress82655#interfacGeigabitEthernet0/0portlin-kmoderoute#interfacGeigabitEther

12、net0/0.10descriptiocne-managevlan-typedot1qvid10ipaddress040#interfacGeigabitEthernet0/0.199descriptioVnPN-RTvlan-typedot1qvid199ipbindingvpn-instancevpn-rtipaddress2628#interfacGeigabitEthernet0/0.299descriptioVnPN-NRTvlan-typedot1qvid299ipbindingvpn-instancevpn-nrtipaddress2628#interfacGeigabitEth

13、ernet0/1portlin-kmoderoute#bgp23721undosynchronizationtimerkeepalive5hold15grouprzddinternalpeerrzddconnect-interfacLeoopBack0peer5g4rouprzddpeer54grouprzdd#ipv4-familyvpn-instancevpn-rtimport-routedirect#ipv4-familyvpn-instancevpn-nrtimport-routedirect#ipv4-familyvpnv4peerrzddenablepeer54enablepeer

14、54grouprzddpeer54enablepeer54grouprzdd#ospf1import-routedirectareanetworkareanetwork#snmp-agentsnmp-agentlocal-engineid800063A2035866BA7FAA48snmp-agentcommunitywriteraddrwsnmp-agentcommunityreadrzddrosnmp-agentcommunitywriterzddrwsnmp-agentsys-infoversionallundosnmp-agenttrapenablevoicedial#loadxml-

15、configuration#loadtr069-configuration#user-interfacecon0user-interfacetty13user-interfaceaux0user-interfacevty04setauthenticationpasswordcipher$c$3$wjDircwXvMELIqIp/gS9nLzGdO#return3、数据网络交换机配置如下SD-JiaHongZhan.S1discu#sysnameSD-JiaHongZhan.S1#superpasswordlevel3cipher1D.L#-Ml_,UMD0PV(YO1!#radiusschem

16、esystem#domainsystem#vlan1#vlan10descriptionCE-Manage#vlan199descriptionVPN-RT#vlan299descriptionVPN-NRT#interfaceVlan-interface10descriptionCE-Manageipaddress740#interfaceVlan-interface199descriptionVPN-RT#interfaceVlan-interface299descriptionVPN-NRT#interfaceAux1/0/0#interfaceEthernet1/0/1portacce

17、ssvlan199#interfaceEthernet1/0/2portaccessvlan199#interfaceEthernet1/0/3portaccessvlan199#interfaceEthernet1/0/4portaccessvlan199#interfaceEthernet1/0/5portaccessvlan199#interfaceEthernet1/0/6portaccessvlan199#interfaceEthernet1/0/7portaccessvlan199#interfaceEthernet1/0/8portaccessvlan199#interfaceE

18、thernet1/0/9portaccessvlan299#interfaceEthernet1/0/10portaccessvlan299#interfaceEthernet1/0/11portaccessvlan299#interfaceEthernet1/0/12portaccessvlan299#interfaceEthernet1/0/13portaccessvlan299#interfaceEthernet1/0/14portaccessvlan299#interfaceEthernet1/0/15portaccessvlan299#interfaceEthernet1/0/16p

19、ortaccessvlan299#interfaceEthernet1/0/17portaccessvlan299#interfaceEthernet1/0/18portaccessvlan299#interfaceEthernet1/0/19portaccessvlan299#interfaceEthernet1/0/20portaccessvlan299#interfaceEthernet1/0/21portaccessvlan299#interfaceEthernet1/0/22portaccessvlan299#interfaceEthernet1/0/23portaccessvlan

20、299#interfaceEthernet1/0/24portlink-typetrunkporttrunkpermitvlan110199299descriptiontoMSR3020-1#interfaceGigabitEthernet1/1/1#interfaceGigabitEthernet1/1/2#interfaceGigabitEthernet1/1/3#interfaceGigabitEthernet1/1/4#undoirf-fabricauthentication-mode#interfaceNULL0#voicevlanmac-address0001-e300-0000m

21、askffff-ff00-0000#iproute-static0preference60#snmp-agentsnmp-agentlocal-engineid800063A280F62E48316E6877snmp-agentcommunityreadrzddrosnmp-agentcommunitywriterzddrwsnmp-agentsys-infoversionall#user-interfaceaux07user-interfacevty04setauthenticationpasswordcipher;1ST$QA&SQQMAF4vl!#return4、数据网络路由器端口分配情

22、况interfaceSerial4/0和interfaceSerial4/1用来和市局的路由器进行互联interfaceGigabitEthernetO/O接口用来和局域网交换机互联5、数据网络交换机端口分配情况interfaceEthernet1/0/1-interfaceEthernet1/0/8属于VLAN199interfaceEthernet1/0/9-interfaceEthernet1/0/23属于VLAN299交换机的interfaceEthernet1/0/24用来上连路由器6、办公内网路由器配置如下RZJHC-R1discu#version5.2O,Release22O9P

23、15,Standard#sysnameRZJHC-R1#superpasswordlevel3cipher$c$3$CTWtbnxxC1OpT7uUvrZHmk1YLrOe#ftpserverenable#domaindefaultenablesystem#routerid1O.37.2O7.197#telnetserverenable#darp2psignature-filecfaO:/p2p_default.mtd#port-securityenable#vlan1#domainsystemaccess-limitdisablestateactiveidle-cutdisableself-

24、service-urldisable#user-groupsystemgroup-attributeallow-guest#local-userabcdpasswordcipher$c$3$1+SFRrfPojx/CBya4Jm68VTXlNRmo6Q=authorization-attributelevel3service-typeftplocal-useradminpasswordcipher$c$3$nH3DI7gxrRRbVjEB+lUxm5phiOczymvdauthorization-attributelevel3service-typetelnet#cwmpundocwmpena

25、ble#interfaceAux0asyncmodeflowlink-protocolppp#interfaceCellular0/0asyncmodeprotocollink-protocolppppppmpMp-group1ospfcost5000ospfauthentication-modemd510cipher$c$3$IqIpnvXcfL0Hwry18cHg=#interfaceSerial4/0fe1unframedlink-protocolppppppmpMp-group1#interfaceSerial4/1fe1unframedlink-protocolppp#interfa

26、ceMp-group1ipaddress852ospfcost5000ospfauthentication-modemd510cipher$c$3$dl8Nu2ESu3LBNXalzg=#interfaceNULL0#interfaceLoopBack0ipaddress9755#interfaceGigabitEthernet0/0portlink-moderouteipaddress848#interfaceGigabitEthernet0/1portlink-moderoute#ospf1import-routedirectarea7authentication-modemd5netwo

27、rk9networknetworkstubno-summary#voice-setup#sip#sip-server#call-rule-set#call-route#dial-programdefaultentityfaxprotocolstandard-t38defaultentityfaxprotocolstandard-t38hb-redundancy0defaultentityfaxprotocolstandard-t38lb-redundancy0#aaa-client#gk-client#snmp-agentsnmp-agentlocal-engineid800063A2035866BA7FAAD8snmp-agentcommunityread80126589snmp-agentcommunitywriteSednet02snmp-agentsys-infoversionallsnmp-agenttarget-hosttrapaddressudp-domainparamssecu