SE800知识要点及配置管理.doc

se800知识要点及配置管理se800知识要点phase1一.硬件组成se 800 hardware components 1.chassis2.controller cards - xcrp & xcrp3 & xcrp43.traffic cards - atm & ethernet & gigabit ethernet & pdh & sonet/sdh & channelized sonet/sdh二、冗余性hardware redundant redundant dual route processorredundant power for every slotredundant coolinghot swap for every card1.fully distributed and modular design with no single point of failure!2.full mesh connect to be built for every card in backplane.software redundant 3.software modularity with restartable protocols improves system and network availability 4.each protocol is a separate process (running in its own protected memory)5.dual xcrp and redundancy名词解释ism : uses ipc between active and standby ismppa:continue to forwording traffic and goes through stale mark，sync ，stale cleanup processthe sb xc must be ready before a xc switch is hitless三、查看系统状态clishow hardware card * detail & show chassis & reload card 3 （重启某个板卡）/ standby （重启备用scrp）/ switch-over（切换主备） /fpga（升级板卡fpga）自居诊断 show diag pod & show backplane-statusshow crashfiles 查看板卡错误logshow red must be all yes 冗余状态show system status should be ok 系统状态四、se800文件系统构成1.wd0 vxworks internal top 无法使用cli访问2.wd1 bsd 第一个分区wd1a mount 在 / internal bottom 分为三个分区 p01 p02 /flash p01和p02 为主备分区用于存放操作系统文件。/flash 一般用于存放config file 、core dump 、and others system file 3.wd2 microdrive mount at /md external /md 分区用来存储core dump 等 五、密码的恢复password recoveryfirst , you connect your pc to craft2 on active xcrp 1.reload se800 in cli modereloadwhen you see the following message:auto-boot in 0 seconds - press se* to abort , enter to bootat this moment press se* to access-loader interface ,and the prompt (ok)2. use follow boot loader commmand to disable user authenticationok setenv user-auth ? false3.reset the hardware and boot the system ok bootsys六、恢复初始配置使用上面方法进入boot-loader modefirst , you connect your pc to craft2 on active xcrp1. ignore config file by entering the following boot loader commandok setenv ignore-cfgfile? ture2 .ok bootsys七、进程恢复process recoveryprocess coredump dhcp show proc dhcpshow crashfilesprocess restart dhcp重启bsd进程start shellps auxww | grep inetdkill -emt pid exit/usr/siara/bin/inetd &exit八、网管、安全管理、账户管理、配置文件管理1.se800安全访问 admin_acl的配置 ip access-list admin_acl seq 10 permit ip 55 any seq 20 permit ip 55 any seq 30 permit ip 92 5 any seq 31 permit ip 8 5 any seq 32 permit ip host 2 any seq 40 deny tcp any any eq telnet seq 50 deny tcp any any eq ssh seq 60 deny tcp any any eq ftp seq 70 deny tcp any any eq ftp-data seq 80 deny tcp any any eq 161 seq 90 deny udp any any eq tftp seq 91 deny udp any any eq snmp seq 100 permit ip any any!admin-access-group admin_acl in count log2.se800 系统镜像和配置文件的管理系统镜像和配置文件可以存储在内部存储卡的/flash 分区上，也可以存储在外部存储卡的/md分区中，或者存储在远处server 通过ftp，sftp，scp ，rcp，tftp进行访问。和配置相关的3个命令：boot configuration filenameconfigure urlsave configuration 3.初次使用console登陆设备配置时钟、系统名称、时区clock set clock timezone pst -8 localsystem hostname 配置用户exampleconfigurecontext local administrator super password icandoanythingfullname “test”privilege start 10privilege max 15配置管理接口context localinterface mgmt ip address /30port ethernet 7/1! xcrp management ports on slot 7 and 8 are configured through 7/1 no shutdown bind interface mgmt localservice multiple-contexts九、系统升级见se升级pdfse800知识要点phase2一、tcp、ip基础知识见公司ip foundation培训课件二、se800 路由协议基础配置及相关概念1。bgpibgp&ebgp、mbgp的概念ibgp route reflector概念bgp基本配置实例the following example show the minimum commands needed to configure bgp:localredback#configlocalredback(config)#context locallocalredback(config-ctx)#router bgp 64001 localredback(config-bgp)#router-id 1 localredback(config-bgp)#address-family ipv4 unicast localredback(config-bgp-af)#redistribute static localredback(config-bgp-af)#exitlocalredback(config-bgp)#peer-group ibgp internal localredback(config-bgp-peer-group)#next-hop-selflocalredback(config-bgp-peer-group)#update-source loopback0localredback(config-bgp-peer-group)#address-family ipv4 unicastlocalredback(config-bgp-peer-af)#exitlocalredback(config-bgp-peer-group)#exitlocalredback(config-bgp)#peer-group customer-routes external localredback(config-bgp-peer-group)#address-family ipv4 unicastlocalredback(config-bgp-peer-af)#route-map rmap1 outlocalredback(config-bgp-peer-af)#exitlocalredback(config-bgp-peer-group)#exitlocalredback(config-bgp)#neighbor internal localredback(config-bgp-neighbor)#peer-group ibgplocalredback(config-bgp-neighbor)#exitlocalredback(config-bgp)#neighbor externallocalredback(config-bgp-neighbor)#remote-as 200localredback(config-bgp-neighbor)#peer-group customer-routeslocalredback(config-bgp-neighbor)#address-family ipv4 unicastlocalredback(config-bgp-peer-af)#prefix-list bar inlocalredback(config-bgp-peer-af)#route-map foo2 inlocalredback(config-bgp-peer-af)#exitlocalredback(config-bgp-neighbor)#exitlocalredback(config-bgp)#neighbor externallocalredback(config-bgp-neighbor)#remote-as 300localredback(config-bgp-neighbor)#address-family ipv4 unicastlocalredback(config-bgp-peer-af)#prefix-list bar inlocalredback(config-bgp-peer-af)#route-map foo3 out2、ospfarea 概念以及常见的区域类型normal and backbonestubnot so stubby areaospf中路由器的角色如下：internal routerbackbone routerabr&asbrdr&bdrospf 路由选择过程ospf数据包的类型：hello、database description、link-state request、link-state update、link-state acknowledgment。lsa type 11种 常见7种ospf配置实例（见ospf拓扑图）this section contains the basic ospf configuration for the three routers, se1, se2, and se3, illustrated infigure 3. examples in proceeding sections contain only the configuration sections different from theexamples here.the basic configuration for se1 is as follows. because no router id is explicitly configured, the loopbackaddress is used as the ospf router id for se1:localse1(config)#context locallocalse1(config-ctx)#ip domain-lookuplocalse1(config-ctx)#interface onelocalse1(config-if)#ip address /16localse1(config-if)#exitlocalse1(config-ctx)#interface twolocalse1(config-if)#ip address /16localse1(config-if)#exitlocalse1(config-ctx)#interface threelocalse1(config-if)#ip address /16localse1(config-if)#exitlocalse1(config-ctx)#interface lo1 loopbacklocalse1(config-if)#ip address /32localse1(config-if)#exitlocalse1(config-ctx)#router ospf 1localse1(config-ospf)#area localse1(config-ospf-area)#interface localse1(config-ospf-if)#exitlocalse1(config-ospf-area)#interface localse1(config-ospf-area)#exitlocalse1(config-ospf)#area localse1(config-ospf-area)#interface twolocalse1(config-ospf-if)#exitlocalse1(config-ospf-area)#interface threelocalse1(config-ospf-if)#exitlocalse1(config-ospf-area)#exitlocalse1(config-ospf)#exitlocalse1(config-ctx)#exitlocalse1(config)#port pos 5/1localse1(config-port)#bind interface one locallocalse1(config-port)#no shutdownlocalse1(config-port)#exitlocalse1(config)#port pos 5/2localse1(config-port)#bind interface two locallocalse1(config-port)#no shutdownlocalse1(config-port)#exitlocalse1(config)#port pos 5/3localse1(config-port)#bind interface three locallocalse1(config-port)#no shutdownthe basic configuration for se2 is as follows:localse2(config)#context locallocalse2(config-ctx)#ip domain-lookuplocalse2(config-ctx)#interface onelocalse2(config-if)#ip address /16localse2(config-if)#exitlocalse2(config-ctx)#interface twolocalse2(config-if)#ip address /16localse2(config-if)#exitlocalse2(config-ctx)#router ospf 1localse2(config-ospf)#router-id 2localse2(config-ospf)#area localse2(config-ospf-area)#interface localse2(config-ospf-if)#exitlocalse2(config-ospf-area)#interface localse2(config-ospf-if)#exitlocalse2(config-ospf-area)#exitlocalse2(config-ospf)#exitlocalse2(config-ctx)#exitlocalse2(config)#port pos 3/1localse2(config-port)#bind interface one locallocalse2(config-port)#no shutdownlocalse2(config-port)#exitlocalse2(config)#port ethernet 4/1localse2(config-port)#bind interface two locallocalse2(config-port)#no shutdownthe basic configuration for se3 is as follows:localse3(config)#context locallocalse3(config-ctx)#ip domain-lookuplocalse3(config-ctx)#interface onelocalse3(config-if)#ip address /16localse3(config-if)#exitlocalse3(config-ctx)#interface twolocalse3(config-if)#ip address /16localse3(config-if)#exitlocalse3(config-ctx)#interface threelocalse3(config-if)#ip address /24localse3(config-if)#exitlocalse3(config-ctx)#router ospf 1localse3(config-ospf)#router-id 3localse3(config-ospf)#area localse3(config-ospf-area)#interface localse3(config-ospf-if)#exitlocalse3(config-ospf-area)#exitlocalse3(config-ospf)#area localse3(config-ospf-area)#interface localse3(config-ospf-if)#exitlocalse3(config-ospf-area)#interface localse3(config-ospf-if)#exitlocalse3(config-ospf-area)#exitlocalse3(config-ospf)#exitlocalse3(config-ctx)#exitlocalse3(config)#port pos 3/1localse3(config-port)#bind interface one locallocalse3(config-port)#no shutdownlocalse3(config-port)#exitlocalse3(config)#port ethernet 1/1localse3(config-port)#bind interface two locallocalse3(config-port)#no shutdownlocalse3(config-port)#exitlocalse3(config)#port pos 3/2localse3(config-port)#bind interface three locallocalse3(config-port)#no shutdown3。rip rip特性见ip foundation培训rip配置实例the following example configures one rip instance, adjusts the maximum number of equal-cost paths to 4, originates a default route, and redistributes static routes into rip with metric of 10. it then enables ripon interface fe1:localredback#configurelocalredback(config)#context locallocalredback(config-ctx)#router rip edgelocalredback(config-rip)#maximum-paths 4localredback(config-rip)#default-information originatelocalredback(config-rip)#redistribute static metric 10localredback(config-rip)#interface fe1localredback(config-rip-if)#endthe following example configures two rip instances in the local context. next, it enables one ripinstance edge and a rip instance backbone on interface fe1. an ip prefix list, prefixlist1, is alsoapplied on the outbound updates on interface fe1:localredback#configurelocalredback(config)#context locallocalredback(config-ctx)#router rip edgelocalredback(config-rip)#redistribute static metric 10localredback(config-rip)#interface fe1localredback(config-rip-if)#exitlocalredback(config-rip)#exitmodify ripng timers for the specified interface. timers basic table 5 rip and ripng operations taskstask root commandenable the generation of rip debug messages. debug ripdisplay the current rip configuration for the current context. show configuration ripdisplay enabled rip debug settings. show rip debugdisplay information for all rip instances, or only for a particular rip instance. show rip instancedisplay information for all rip interfaces, or only for interfaces within a particular rip instance. show rip interfacedisplay routing information protocol next generation (ripng) information. show ripngdisplay information about all rip routes, or only for routes within a particular rip instance. show rip routelocalredback(config-ctx)#router rip backbonelocalredback(config-rip)#distribute-list prefixlist1 out fe1localredback(config-rip)#interface fe1localredback(config-rip-if)#end4。isis isis 4种pdu is-is hello (iih) pdus、lsps、csnps、psnpsisis route processisis配置实例localredback(config)#context locallocalredback(config-ctx)#interface first-isis-intflocalredback(config-if)#ip address /24localredback(config)#exitlocalredback(config-ctx)#router isis my-backbonedisplay is-is routes. show isis routesdisplay a history of the is-is spf calculation results. show isis spf-logdisplay is-is traffic information. show isis statisticsdisplay information about is-is ip summary addresses. show isis summary-addressdisplay is-is topology information. show isis topologylocalredback(config-isis)#net 47.0001.1111.2222.3333.00localredback(config-isis)#interface first-isis-intflocalredback(config-isis-if)#exitlocalredback(config-isis)#exitlocalredback(config-ctx)#exitlocalredback(config)#port ethernet 14/2localredback(config-port)#no shutdownlocalredback(config-port)#bind interface first-isis-intf local5。route policy路由策略介绍：routing policies allow you to enforce routing policy decisions onto incoming, outgoing, and redistributedroutes. the tools to configure routing policies include border gateway protocol (bgp) autonomous system(as) path lists, bgp community lists, bgp extended community lists, ip prefix lists, ip version 6 (ipv6)prefix lists, and route maps with match and set conditions.simple ip prefix list配置the following example configures a simple ip prefix list that allows routes from networks/24, /24, and /24. the last prefix list entry (sequence 40)is optional, because denial is the default action for any prefix not explicitly specified:localredback(config-ctx)#ip prefix-list simple-prefix-listlocalredback(config-prefix-list)#seq 10 permit /24localredback(config-prefix-list)#seq 20 permit /24localredback(config-prefix-list)#seq 30 permit /24localredback(config-prefix-list)#seq 40 deny /0the following example applies the ip prefix list, simple-prefix-list, to bgp neighbor,, as a bgp inbound route filter:localredback(config-ctx)#router bgp 100localredback(config-bgp)#neighbor externallocalredback(config-neighbor)#address-family ipv4 unicastlocalredback(config-addrfamily)#prefix-list simple-prefix-list incomplex ip prefix list配置this section contains an example of a more complex ip prefix list that allows routes from the followingsubnetworks:? any subnet in the class a network 10 with a prefix length greater than 16 and less than 20? any subnet in the class a network 11 with a prefix length exactly equal to 24? any subnet or host address in the class a network 12the ip prefix list configuration is as follows:localredback(config-ctx)#ip prefix-list complex-prefix-listlocalredback(config-prefix-list)#seq 10 permit /8 ge 16 le 20localredback(config-prefix-list)#seq 20 permit /8 eq 24localredback(config-prefix-list)#seq 30 permit /8 le 32localredback(config-prefix-list)#seq 40 deny /0the following example applies the complex-prefix-list ip prefix list to bgp neighbor,, as a bgp outbound route filter:localredback(config-ctx)#router bgp 100localredback(config-bgp)#neighbor externallocalredback(config-neighbor)#address-family ipv4 unicastlocalredback(config-addrfamily)#prefix-list complex-prefix-list outsimple route map配置the following protocol redistribution example configures a simple route map that sets metrics based onnetwork destination address:localredback(config-ctx)#ip prefix-list select-network-20localredback(config-prefix-list)#seq 10 permit /8localredback(config-prefix-list)#exitlocalredback(config-ctx)#ip prefix-list select-network-30localredback(config-prefix-list)#seq 10 permit /8localredback(config-prefix-list)#exitlocalredback(config-ctx)#route-map proto-redist permit 10localredback(config-route-map)#match ip address prefix-list select-network-20localredback(config-route-map)#set metric 100localredback(config-route-map)#exitlocalredback(config-ctx)#route-map proto-redist permit 20localredback(config-route-map)#match ip address prefix-list select-network-30localredback(config-route-map)#set metric 200the following example applies the proto-redis route map to bgp neighbor, 00, asa bgp inbound route filter:localredback(config-ctx)#router bgp 100localredback(config-bgp)#neighbor