已阅读5页,还剩28页未读, 继续免费阅读
版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
红塔烟草(集团)万兆以太网建设项目 红塔烟草(集团)万兆以太网建设项目数据中心防火墙部署改造方案(V1.4)北京联信永益信息技术有限公司2010年2月- 31 -目 录一、概述- 1 -二、人员及时间- 2 -1、参与人员- 2 -2、操作时间- 2 -三、业务影响- 2 -四、前期准备工作- 2 -五、网络拓扑图- 3 -六、数据中心设备配置- 6 -1.数据中心两台6509E设备VSS部署及设备配置- 6 -2.数据中心两台6509E防火墙 FWSM透明模式配置- 28 -七、防火墙失效切换测试- 30 -八、应急方案- 30 -一、概述数据中心网络现状:一台部署在商务楼4楼机房数据中心汇聚交换机6509E与一台部署在技术中心机房数据中心汇聚交换机6509E分别通过1条10GE上联到核心6509E交换机,两台汇聚交换机之间通过一条10GE链路Trunk互联;放置在商务楼的数据中心服务器和放置在技术中心的数据中心服务器通过单链路,分别连接到对应区域的数据中心交换机上,所有服务器网关指向部署在商务楼4楼数据中心交换机上对应的vlan实地址。两台数据中心交换机上分别部署一块FWSM防火墙模块,通过Failover技术实现对数据中心网络安全保护。本次工程将部署在技术中心的数据汇聚6509E交换机搬迁到商务楼1楼新机房,在两台数据中心6509E设备上部署VSS,采用Virtual Switching Supervisor 720 10GE引擎板卡上的万兆以太网上行链路端口进行互联,同时使用两条万兆链路进行捆绑,保证VSS系统的可靠性。采用两条10GE链路捆绑与核心设备互联,同时对防火墙模块部署透明模式。二、人员及时间1、参与人员序号姓名职责手机1卢立杰项目经理(整体协调)138012682022何沿平割接操作(设备调试)132400506333扎西割接操作(配合设备调试)135291496284朱洺奇监督协调138877556795代宁厂商技术支持135770255942、操作时间2010年2月9日 2010年2月9日三、业务影响本次割接操作将对数据中心6509E设备部署VSS,同时,防火墙FWSM模块部署透明模式,对数据中心网络进行规划和调试。因此会影响数据中心服务器与集团网络间的互相访问。四、前期准备工作以下为联信永益需要准备的工作1、软件版本测试通过;2、核对设备配置、端口类型、端口状态;3、文件序号文件名称数量1割接方案3份2测试报告3份4、工具序号物品名称数量1静电带12十字、一字螺丝刀2以下为红塔集团信息网络科需要准备的工作1、配合割接人员进入机房;2、提供console配置权限登陆口令;五、网络拓扑图现状:数据中心FWSM路由模式拓扑图备注:1、HT_SWLDA_4F_6509E_01、HT_SWLDA_1F_6509E_01设备上的Interface Vlan411接口为OSPF路由协议报文传递使用。2、Vlan402为服务器业务使用(inside接口);Vlan413、Vlan414为两台6509E设备上防火墙模块的Failover协议使用,HT_SWLDA_4F_6509E_01上的防火墙模块为Primary,HT_SWLDA_1F_6509E_01上的防火墙模块为Secondary;Vlan412为两台6509E与其防火墙模块的Outside接口连接使用,两台6509E的 Interface Vlan412接口启用HSRP协议,HT_SWLDA_4F_6509E_01为Active,HT_SWLDA_1F_6509E_01为Standby。改造后:数据中心FWSM透明模式拓扑图备注:1、Gi1/3/48、Gi2/3/48接口为BFD使用。2、vlan402为服务器业务使用;vlan402为inside接口;Vlan413、Vlan414为两台6509E设备上防火墙模块的Failover协议使用,商务楼4楼6509E设备上的防火墙模块为Primary,商务楼1楼6509E上的防火墙模块为Secondary;Vlan412为两台6509E与其防火墙模块的Outside接口连接使用,vlan402服务器的网关指向vlan412的接口ip地址。六、数据中心设备配置 1.数据中心两台6509E设备VSS部署及设备配置割接内容:两台数据中心6509E设备调试割接时间:2010.02.07割接地点:商务楼4楼、商务楼1楼操作人:配置:联信永益:卢立杰 电话联信永益:何沿平 电话联信永益:扎西 电话合人:信息科:朱洺奇 电话:138877556791、备份设备配置copy running bootflash:wr2、两台数据中心6509E设备间互联链路及VSS调试!switch virtual domain 100 switch 1!interface port-channel 110switch virtual link 1no shut!interface range Ten 5/4-5channel-group 110 mode onno shut!platform hardware vsl pfc mode pfc3cswitch convert mode virtual!switch virtual domain 100 switch 2 !interface port-channel 120switch virtual link 2no shut!interface range Ten 5/4-5channel-group 120 mode onno shut!platform hardware vsl pfc mode pfc3cswitch convert mode virtual!switch accept mode virtual!interface gigabitethernet 1/3/48 description VSS_FOR_BFD no switchport ip address 10.96.63.77 255.255.255.252 bfd interval 100 min_rx 100 multiplier 3 no shutinterface gigabitethernet 2/3/48 description VSS_FOR_BFDno switchportip address 10.96.63.81 255.255.255.252bfd interval 100 min_rx 100 multiplier 3no shut!switch virtual domain 100dual-active detection bfddual-active pair interface g 1/3/48 interface g 2/3/48 bfd!3、核心6509E设备基础信息配置调试!hostname HT_SWLDA_4F_6509E_01!service timestamps debug datetime localtimeservice timestamps log datetime localtime!clock timezone GMT 8!no ip domain-lookup!interface Loopback1 ip address 10.96.60.252 255.255.255.255 no shut!logging facility local6logging source-interface Loopback1logging 10.96.47.66logging 10.96.49.87!snmp-server community hongtpublic ROsnmp-server community hongtprivate RW!line con 0 exec-timeout 5 0 logging synchronous password 0 adminht loginline vty 0 4 exec-timeout 5 0 password 0 adminht login!ntp server 10.96.60.253!4、设备接口及路由调试HT_BONE_4F_6509E_01:!interface Port-channel6 no switchport description connect to HT_SWLDA_4F_6509E_01 ip address 10.96.63.13 255.255.255.252 no shut!interface TenGigabitEthernet1/4/1 no switchport no ip address description connect to HT_SWLDA_4F_6509E_01 channel-group 6 mode on no shut!interface TenGigabitEthernet2/4/1 no switchport no ip address description connect to HT_SWLDA_4F_6509E_01 channel-group 6 mode on no shut!router ospf 877 no passive-interface Port-channel6 no network 10.96.63.8 0.0.0.3 area 0!HT_SWLDA_4F_6509E_01:!interface Port-channel6 no switchport description connect to HT_BONE_4F_6509E_01 ip address 10.96.63.14 255.255.255.252 no shut!interface TenGigabitEthernet1/1/1 no switchport description connect to HT_BONE_4F_6509E_01 channel-group 6 mode on no shut!interface TenGigabitEthernet2/1/1 no switchport description connect to HT_BONE_4F_6509E_01 channel-group 6 mode on no shut!Vlan 402Vlan 403Vlan 404Vlan 405Vlan 406Vlan 411Vlan 412Vlan 413Vlan 414Vlan 500 name sniffer!interface Vlan403 ip address 10.96.45.1 255.255.255.192 ip flow ingress ip flow egress no shut!interface Vlan404 ip address 10.96.45.65 255.255.255.192 ip flow ingress ip flow egress no shut!interface Vlan405 ip address 10.96.45.129 255.255.255.192 ip flow ingress ip flow egress no shut!interface Vlan406 ip address 10.96.45.193 255.255.255.192 ip flow ingress ip flow egress no shut!interface Vlan412 ip address 10.96.0.1 255.255.255.0 ip flow ingress ip flow egress no shut!router ospf 877 router-id 10.96.60.252 log-adjacency-changes passive-interface default no passive-interface TenGigabitEthernet1/1/1 no passive-interface TenGigabitEthernet2/1/1 no passive-interface port-channel 6network 10.96.45.0 0.0.0.63 area 0 network 10.96.45.64 0.0.0.63 area 0 network 10.96.45.128 0.0.0.63 area 0 network 10.96.45.192 0.0.0.63 area 0 network 10.96.60.252 0.0.0.0 area 0 network 10.96.63.12 0.0.0.3 area 0 network 10.96.0.0 0.0.0.255 area 0!interface GigabitEthernet1/3/1 switchport switchport access vlan 402 switchport mode access load-interval 30 no shut!interface GigabitEthernet1/3/2 description connect to HT_SWLDA_1F_3750_01 switchport switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast no shut!interface GigabitEthernet1/3/3 description connect to HT_JSZXDA_2F_3750_01 switchport switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast no shut!interface GigabitEthernet1/7/1 switchport switchport access vlan 403 switchport mode access no shut!interface GigabitEthernet1/7/2 switchport switchport access vlan 403 switchport mode access no shut!interface range gi1/7/3 10 no shut!interface GigabitEthernet1/7/11 switchport switchport access vlan 403 switchport mode access no shut!interface GigabitEthernet1/7/12 switchport switchport access vlan 402 switchport mode access load-interval 30 no shut!interface GigabitEthernet1/7/13 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/14 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/15 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/16 switchport switchport access vlan 402 switchport mode access load-interval 30 no shut!interface GigabitEthernet1/7/17 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/18 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/19 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/20 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/21 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/22 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/23 switchport switchport access vlan 402 switchport mode access load-interval 30 storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/24 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/25 switchport switchport access vlan 406 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/26 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/27 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/28 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/29 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/30 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/31 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/32 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/33 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/34 switchport switchport access vlan 402 switchport mode access load-interval 30 storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/35 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/36 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/37 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/38 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/39 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/40 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/41 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/42 switchport switchport access vlan 406 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/43 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/44 switchport switchport access vlan 403 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/45 switchport switchport access vlan 403 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/46 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/47 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/7/48 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/1 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/2 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/3 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/4 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/5 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/6 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/7 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/8 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/9 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/10 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/11 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/12 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/13 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/14 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/15 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/16 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/17 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/18 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/19 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/20 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/21 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interface GigabitEthernet1/8/22 switchport switchport access vlan 402 switchport mode access storm-control broadcast level 0.10 storm-control multicast level 0.10 no shut!interf
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 掺混肥相关行业投资规划报告
- 五千以内加减混合两步运算综合监控口算题
- 2024年四川住院医师-四川住院医师外科学笔试考试历年高频考点试题摘选含答案
- 2024年卫生资格(中初级)-职业病主治医师笔试考试历年高频考点试题摘选含答案
- 2024年医学高级职称-口腔内科(医学高级)笔试考试历年高频考点试题摘选含答案
- 智能化物业管理质量手册
- 孕妇糖尿病的早期发现
- 建筑工程品牌推广协议书
- 制药厂产品质量监测指标
- 《历史馆后勤保障方案》
- 四川省扶贫和移民工作局移民安置独立评估细则-范文
- 三菱通用变频器f700应用手册篇
- (完整版)员工个人档案表
- 市政道路施工总平面布置图(共2页)
- O型密封圈标准 ISO 3601-12008[E]中文
- 铁塔安全应急预案
- 教学能力大赛三相异步电动机的基本控制+教案
- 田型调整农业措施设计方案
- 以量效关系为主经典名方相关基础研究ppt课件
- 中小学科学学科分项等级评价操作手册
- 优秀毕业设计毕业论文PLC控制电机正反转
评论
0/150
提交评论