XX大楼网络实施设计方案

XX新大楼网络系统工程实施方案XX新大楼网络工程实施方案XX新大楼网络工程实施方案PAGEPAGE4目 录第一章、XX新大楼网络系统的总体结构 2XX新大楼网络系统的拓扑结构 2XX新大楼网络系统的逻辑结构 4网络设备的互连及端口划分 5机房布局 7网络系统路由设计 7第二章、网络系统设备的详细配置及设备命名规则 8信息中心设备间 8网络设备的命名规8网络设备的软件版8Catalyst6509的详细配8Catalyst4003二级交换机的详细配16Cisco7507核心路由器的详细配17Cisco3662备份路由器的详细配18Cisco2628的详细配21PIX525防火墙详细配22第三章、XX新大楼网络管理系统 24网管工作站操作系统的安装与配置 24CISCOWORKS2000网管软件的安装与使用 24ResourceManagerEssentials的安装 24CWSICampus的安装 24CWSICampus的使用 25附件：机房环境准备 27第一章、XX新大楼网络系统的总体结构XX新大楼网络系统的拓扑结构XX新大楼网络系统包括公司内部网络、Internet接入网络和与中国XX总局之间的内联网络。Catalyst6509分别连接中心路由器、备份路由器、主服务器、网管工作站、二级交换设备、信InternetCatalyst4003交换机，连接各个楼层内的信息点。Catalyst650924G的通路用于交换机之间的通信。6509Catalyst6509MSFCHSRP到中心路由器的双交叉连接，可以保证万一当一台6509还是可以继续不间断运行，只是仅由一台6509作。65091300W电源，另外分别配置一块8口的千兆模块为4828/280M器及工作站接入。Catalyst40034003CiscoUplinkFastSpanningTree28SpanningTree的汇聚速50802.1QVLANSpanningTreeInstancePathCost802.1QTRUNKVLANVLAN4GB。如下图所示：选用Cisco7507作为中心广域网路由器，选用Cisco3662作为中心广域网备份路由器，及拨号访问服务器。扑图我们可以看到，7507DDN3662PSTNDDNDDN生故障，PSTN3662路由器同时还作为贵州XX（集团）公司拨号用户的拨号接入。Cisco75071模块，分别上连网络中心的两台中心结点交换机Catalyst6509，提供两条高速份，同时使用，提高网络效率。InternetPIX525Internet的隔离。我DDN专线（FrameRelay）CISCO2628Internet相InternetPIX防火墙进行隔离，PIX280M交WWWFTPPIX防火墙OUTSIDEIPInternetPIX动态分IP地PIX的访问则可通过PIX内部以太网接口所在交换以太网端InternetPIXInternetPIX的代理服务之后还必须再次经过内部中心路由器控制之后才能进入内部网络。使用Cisco2628访问服务器，通过DDN专线实现同Internet的连接。XXCISCO7507线路实现。CiscoWorks2000网络管理软件对网络产品进行基于图形的管理。XX新大楼网络拓扑图。XX新大楼网络系统的逻辑结构XX新大楼通过设置虚网（VLAIP子网，使各个虚Catalyst6509交换机实现减小投资，一部门为一独立的子网。VLANVLAN1VLANVLA（VLAN2。用户VLANVLAN5VLAN1-4作为管理和服VLANVLAN号备用。根据实际情况，我们把整个系统分成19个VLAN表1 IP网络地址分配序号单位地址范围掩码1网管中心服务器网段vlan1-2552网络设备管理网段-255553财务部vlan3-2554计划部vlan4-2555经济运行部vlan5-2556人事部vlan6-2557劳资部vlan7-2558科教部vlan8-2559办公室vlan9-25528预留网段vlan28-25511预留网段vlan11-25512预留网段vlan12-25513预留网段vlan13-25514预留网段vlan14-25515预留网段vlan15-25516预留网段vlan16-25517预留网段vlan17-255286509PIXvlan26-1952196509与路由器互联vlan28\vlan19－1548206509与北京总部的互联vlan2024XX新大楼网络工程实施方案XX新大楼网络工程实施方案1919路由设备互联地址-25 525表2 网络设备的IP地址分配序号设备名DNS名IP地址子网掩码1Catalyst6509(1)S-gz12Catalyst6509(2)S-gz23Catalyst6509(1)R-gz1554Catalyst6509(2)R-gz2553Catalyst4003-1S-gz34Catalyst4003-2S-gz45Catalyst4003-3S-gz56Catalyst4003-4S-gz6557Cisco7507R-gz3558Cisco3662R-gz4559Cisco2600R-gz65528PIX525R-gz555网络设备的互连及端口划分CISCO7507

CISCO3662VIPRSPRSPVoicemoduleAnalogmoduleS0S1S2S3S4S5S62/47-48vlan2(6509-1VIPRSPRSPVoicemoduleAnalogmoduleS0S1S2S3S4S5S62/47-48vlan2(6509-1toýæ(6509-1)Òæ(6509-2)3/7,3/8TRUNK(6509-1to6509-2)2/47-48vlan3(6509-2to4003)2/46vlan4(6509-2to2/47-48vlan3(6509-2to4003)PIX5253/3-4TRUNK(6509-2to3/5vlan20(6509-1to3/6vlan20(6509-2to3/1-4TRUNK(6509-1toHPServerHPServer3/1-2TRUNK(6509-2to4003)Catalyst6509,4003ÄË¿´ÅÏ£é´Å/ËÚ´Å£äкÄé´Å´1ª¼¬Ô϶ڴÅÓ1ª¼¬Ôó½»ýæ»ãÅÚÚ»öÛαŪ£¶ÚÄéÒÕùÚÛ»ö¨´Spantreetrunk2/33-34Spantreetrunk2/33-34Òæ(4003-1)Òæ(4003-2)Òæ(4003-3)Spantreetrunk2/33-34ÒÇ(403-4)Spantreetrunk2/33-34Ï£ÁÓ£é¡XX新大楼网络工程实施方案XX新大楼网络工程实施方案PAGEPAGE54Catalyst6509-1 端口配置工作记录表槽/端口号模块类型 名称VLAN号端口速率2/47Catalyst600048-port28/280,Enh Tocisco7507VLAN228/280M2/48QoS,InlinePower,RJ-45 Tocisco3662VLAN228/280M2/1-46ToxxzxVLAN2028/280M3/1CCatalyst 6000 8-port GigabitTocatalyst4003-1TRUNK2800M3/2EthernetModuleTocatalyst4003-2TRUNK2800M3/3Tocatalyst4003-3TRUNK2800M3/4Tocatalyst4003-4TRUNK2800M3/5ToHP-1VLAN202800M3/6ToHP-2VLAN202800M3/7Tocatalyst6509-2TRUNK2800M3/8Tocatalyst6509-2TRUNK2800MCatalyst6509-2 端口配置工作记录表槽/端口号模块类型名称VLAN号端口速率2/47Catalyst600048-port28/280,EnhTocisco7507VLAN328/280M2/48QoS,InlinePower,RJ-45Tocisco3662VLAN328/280M2/46ToPIX525VLAN428/280M2/1-45ToxxzxVLAN2028/280M3/1CCatalyst 6000 8-port GigabitTocatalyst4003-1TRUNK2800M3/2EthernetModuleTocatalyst4003-2TRUNK2800M3/3Tocatalyst4003-3TRUNK2800M3/4Tocatalyst4003-4TRUNK2800M3/5ToHP-1VLAN202800M3/6ToHP-2VLAN202800M3/7Tocatalyst6509-1TRUNK2800M3/8Tocatalyst6509-1TRUNK2800M槽/端口号2/33槽/端口号2/332/342/1-323/1-48模块类型Catalyst4000E/FE/GEModule,2-GE(GBIC),32-28/280(RJ-45)CCatalyst400028/280AutoModule,48-Ports(RJ-45)名称 VLAN号Tocatalyst6509-1Tocatalyst6509-2Tocaiwu VLAN5Tojihua VLAN6端口速率2800M2800M28/280M28/280M槽/端口号 槽/端口号 模块类型2/33 Catalyst4000E/FE/GEModule,2-2/34 GE(GBIC),32-28/280(RJ-45)名称 VLAN号Tocatalyst6509-1 Tocatalyst6509-2 端口速率2800M2800M2/1-322/1-32Tojingjiyunxing3/1-24 CCatalyst400028/280AutoModule, 3/25-48 48-Ports(RJ-45) TolaoziVLAN7VLAN8VLAN928/280M28/280M28/280M槽/端口号 槽/端口号 模块类型 名称 VLAN2/33 Catalyst4000E/FE/GEModule,2- Tocatalyst6509-1 2/34 GE(GBIC),32-28/280(RJ-45) Tocatalyst6509-2 2/1-32 Tokejiao VLAN28端口速率2800M2800M28/280M槽/端口号 槽/端口号 模块类型 名称 VLAN2/33 Catalyst4000E/FE/GEModule,2- Tocatalyst6509-1 2/34 GE(GBIC),32-28/280(RJ-45) Tocatalyst6509-2 2/1-32 Tooffice VLAN11端口速率2800M2800M28/280M机房布局Catalyst4003Catalyst4003Catalyst6509µ´Catalyst4003Catalyst4003Catalyst6509µCatalyst4003Catalyst4003Catalyst6509µ´Catalyst4003Catalyst4003Catalyst6509µ´Cisco2610PIX525Cisco3662Cisco7507µ´网络系统路由设计整个系统运行OSPF路由协议。骨干OSPF包含大楼网络系统内部及各远程节点连接省网内部，全部在Area0。DDNPSTN态路由技术，当主信道出现故障时，自动启用备用信道。第二章、网络系统设备的详细配置及设备命名规则信息中心设备间Catalyst6509多层交换机，用来连接二级交换设备，并进行VLANPIX525Cisco7507中心路Cisco3662Internet网络设备的命名规则使用国家XX管理总局的有关命名规则。网络设备的软件版本设备的软件版本初步定义如下，有可能根据实际情况重新定义：设备描述Catalyst65091三层交换模块1Catalyst65092三层交换模块2Cisco7507Cisco3662Cisco2628Catalyst4003-1Catalyst4003-2Catalyst4003-3Catalyst4003-4

设备命名cat6000-sup.6-3-3a.binc6msfc2-jsv-mz.121-6.E.bincat6000-sup.6-3-3a.binc6msfc2-jsv-mz.121-6.E.binrsp-jsv-mz.121-12cc3660-js-mz.121-12a.binc2600-is-mz.121-12a.bincat4000.6-3-3a.bincat4000.6-3-3a.bincat4000.6-3-3a.bincat4000.6-3-3a.binCatalyst6509的详细配置Catalyst6509多层交换机的硬件配置：型号描述数量WS-C6509Catalyst6509机箱2WS-CAC-1300WCatalyst60001300WAC电源2WS-CAC-1300W/2Catalyst60001300WAC备分电源2WS-X6408A-GBICCatalyst60008-portGigabitEthernet(Req.GBICs)Module2WS-X6348-RJ45VWS-X6348-RJ45VCatalyst600048-port28/280,EnhQoS,InlinePower,RJ-45Catalyst6000SupervisorEngine1-A,2GE,MSFC-2&PFC2WS-X6K-S1A-MSFC22WS-G54842800BASE-SX "Short(Multimodeonly)Wavelength" GBIC16其中，千兆以太网端口用来连接内部二层交换机和中心服务器，百兆RJ-45Internet接入设备，引擎中的多层交换模块用来做VLAN间的路由。VLAN，VLAN2VLAN3VLAN,VLAN4PIXVLAN,VLAN5VLAN11为用户网段,/24/24，VLAN20信息中心服务器、工作站网段。核心交换机1的二层配置:1．设置系统信息Console>(enable)setprompt2．设置系统口令C6509>(enable)setpasswordEnteroldpassword:Enternewpassword:HBLHRetypenewpassword:Passwordchanged.C6509>(enable)setenablepassEnteroldpassword:Enternewpassword:HBLHRetypenewpassword:3．设置Inbound管理端口setinterfacesco1setiproutedefault54setmlsenable5VLANaVTPsetvtpdomainHBLHmodeserverpassHBLH2002bVLANsetvlan2nametopixsetvlan3namesetvlan4namejihuasetvlan5namesetvlan6namerenshisetvlan7namelaozisetvlan8namesetvlan9namebangongshisetvlan28namebaoliu28setvlan11namebaoliu11setvlan12namebaoliu12setvlan13namebaoliu13setvlan14namebaoliu14setvlan15namebaoliu15setvlan16namesetvlan17namesetvlan28namesetvlan19namesetvlan282/47,2/48 ;tocisco7507andcisco3662c、设置VlanTrunkcleartrunk3/11-2800cleartrunk3/21-2800settrunk3/1on1,2,3,4…,8,9,28,11,20typedot1q;40031settrunk3/2on1,2,3,4…,8,9,28,11,20typedot1q;40032settrunk3/2on1,2,3,4…,8,9,28,11,20typedot1q;40033settrunk3/2on1,2,3,4…,8,9,28,11,20typedot1q;40034settrunk3/7on1,2,3,4…,8,9,28,11,20typedot1q;etherchannelsettrunk3/8on1,2,3,4…,8,9,28,11,20typedot1q;etherchannelsetportchannel3/7-8desirable ;setspantreeroot1,2,3,4…,8,9,28,11,20dVlansetvlan202/1-467．设置SNMP管理setsnmpcommunityread-onlypublicsetsnmpcommunityread-writesetsnmpcommunityread-write-alladmin核心交换机2二层配置:setvtpdomainHBLHmodeserverpassHBLH2002setinterfacesco1setiproutedefault54setmlsenableset vlan3 3/47,3/48 ;tocisco7507andcisco3662setvlan43/46 ;toPIXcleartrunk3/11-2800cleartrunk3/21-2800settrunk3/1on1,2,3,4…,8,9,28,11,20 typedot1q ;到此为4003交换机settrunk3/2on1,2,3,4…,8,9,28,11,20 typedot1q ;到此为4003交换机settrunk3/2on1,2,3,4…,8,9,28,11,20 typesettrunk3/2on1,2,3,4…,8,9,28,11,20 typesettrunk3/7on1,2,3,4…,8,9,28,11,20 typesettrunk3/8on1,2,3,4…,8,9,28,11,20typedot1qsetportchannel3/7-8desirablesetspantreerootsecond1,2,3,4…,8,9,28,11,201三层配置:、连接到多层交换模块C6509>(enable)session15b、进入配置状态router>enablerouter#configureterminald、设置模块名称router(config)#hostHBLH6509-MSM-1e、设置enable口令HBLH6509-MSM-1(config)#enablepasswordHBLHfvlaninterfacemlsiprpinterfacevlan 1ipaddress53 standby1ip54standby1 priority128standby1preemptmlsrpvtp-domainHBLH

4003340034;etherchannel;etherchannelmlsrpipmlsrpmanagement-interfaceinterfacevlan5ipaddress53 standby8ip54standby8 priority128standby8preemptmlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan6ipaddress53 standby9ip54standby9 priority128standby9preemptmlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan2ipaddress48ipospfmessage-digest-key1HBLH2002mlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceg、设置OSPF路由routeropsf88net55area0net55area0net55area0net55area0area0authenticationmessage-digest2三层配置:、连接到多层交换模块C6509>(enable)session15b、进入配置状态router>enablerouter#configureterminald、设置模块名称router(config)#hostHBLH6509-MSM-2e、设置enable口令HBLH6509-MSM-2(config)#enablepasswordHBLHfvlaninterfacemlsrpipinterfacevlan 1ipaddress52 standby1ip54standby1 priority120standby1preemptmlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan5ipaddress52 standby8ip54standby8 priority120standby8preemptmlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan6ipaddress52 standby9ip54standby9 priority120standby9preemptmlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan3ipaddress48ipospfmessage-digest-key1HBLH2002mlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceinterfacevlan4ipadd748mlsrpvtp-domainHBLHmlsrpipmlsrpmanagement-interfaceg、设置OSPF路由routeropsf88net55area0net55area0net55area0net55area0area0authenticationmessage-digestdefault-informationoriginateh、设置默认路由iproute interfacevlan4 ;toiSNMP连接字串snmp-servercommunityropublicsnmp-servercommunityrwj、设置虚拟终端线路连接口令linevty04passwordHBLHk、退出设置模式并保存设置(config)#exitwritememoryCatalyst4003二级交换机的详细配置Catalyst4003二级交换机的硬件配置：型号描述数量WS-C4003-S1Cat4000Chassis(3-slot),Supervisor,1ACPS,FanTray4WS-X4008/2Catalyst4000DualACPowerSupplyOption4WS-X4148-RJCatalyst400028/280AutoModule, 48-Ports(RJ-45)2WS-X4232-GB-RJCatalyst4000E/FE/GEModule,2-GE(GBIC),32-28/280(RJ-45)4WS-G54842800BASE-SX"ShortWavelength"GBIC(Multimodeonly)82cisco4003的配置Cisco4003setvtpdomainHBLHmodeclientpassHBLH2002setinterfacesco1setiproutedefault54settrunk1/33ontypedot1q ;geportuplinktocatalyst6509settrunk1/34ontypedot1q ;geportuplinktocatalystsetspantreeportvlanpri1/331,3,5,7,9,11,2016 ;loadbalanceandbackupsetspantreeportvlanpri1/342,4,6,8,2816 ;betweensetvlan52/1-48第二台Cisco4003setvtpdomainHBLHmodeclientpassHBLH2002setinterfacesco1setiproutedefault54settrunk1/33 ontypedot1q ;geportuplinktocatalyst6509settrunk1/34ontypedot1q ;geportuplinktocatalystsetspantreeportvlanpri1/341,3,5,7,9,11,2016;loadbalanceandbackupsetspantreeportvlanpri1/332,4,6,8,2816 ;betweenvlanssetvlan62/1-24setvlan7Cisco7507核心路由器的详细配置型Catalyst7507核心路由器的硬件配置：号描述数量CISCO7507/8X2-MXCisco7507,7Slot,MIX-Enabled,DualBus,2RSP8,2PS1PWR-7507/4X2Cisco7507/4x2DualACPowerSupplyOption(Default)1CAB-7KACAACPowerCord(Australia)2RSP8Cisco7505/7507/7513/7576RouteSwitchProcessor(Default)1MEM-RSP8-128MRSP8128MBDRAMOption1MEM-RSP8-FLC20MRSPFlashCard:20MBOption(Default)1RSP8Cisco7505/7507/7513/7576RouteSwitchProcessor(Default)1MEM-RSP8-128MRSP8128MBDRAMOption1FEIP2-DSW-2TX2PortFastEthernetIPwithDist.Switching(280TX)1VIP4-80VersatileInterfaceProcessor4,Model801MEM-VIP4-64M-SD64MBSDRAMOptionforVIP4(Default)1PA-4T+4PortSerialPortAdapter,Enhanced1PA-MC-2E1/1202portmultichannelE1portadapterwithG.703120ohminterf1CAB-ADPT-75-120Adaptercable-converts75ohmto120ohm2CAB-V35MTV.35Cable,DTE,Male,28Feet2CISCO7507配置:Interfaceloopback0Ipaddress855Interfacefa4/0 ;tooneofciscocatalystIpaddress48Ipospfmessage-digest-key1HBLH2002Interfacefa4/1 ;tooneofciscocatalystIpaddress848Ipospfmessage-digest-key1HBLH2002Interfaces3/0 ;tooneofbranchesIpaddress5 52area0Ipospfmessage-digest-key1HBLH2002Routerospf88Router-id8Network8area0Network55area0Networkarea0Area0authenticationmessage-digestCisco3662Cisco3662备份路由器的硬件配置：型型号描述CISCO3662-ACCAB-ACAS366CP-12285TMEM3600-8U32FSMEM3660-32U64DNM-2VVIC-2E/MDual28/280ECisco36606-slotModularRouter-ACwithIPPlug,PowerCord,Australian,28A8-to-32MBFlashFactoryUpgradefortheCisco360032-to-64MBDRAMFactoryUpgradefortheCiscoTwo-SlotNetworkModuleTwo-portVoiceInterfaceCard-E&M16PortAnalogModemNetworkModule数量1111112router(config)#hostHBLH3662-1adduserHBLH2628-1passwordInterfaceloopback0Ipaddress155Interfacefa4/0 ;tooneofciscocatalystIpaddress48Ipospfmessage-digest-key1HBLH2002Interfacefa4/1 ;tooneofciscocatalystIpaddress148Ipospfmessage-digest-key1HBLH2002interfaceGroup-Async1ipunnumberedFastEthernet4/0keepalive28dialerin-banddialerrotary-group1asyncdefaultroutingasyncdynamicasyncmodededicatedgroup-range18!interfaceDialer1ipunnumberedFastEthernet0/0encapsulationpppiptcpheader-compressionnoipmroute-cachedialerin-banddialeridle-timeout3600dialer-group1pppauthenticationchap!设置认证方式aaanew-modelaaaauthenticationlogindefaultaaaauthenticationpppdefaultlocal设置拨号访问a、设置异步端口interfacegroup-async2ipunnumberedfa4/0asyncmodededicatedencapsulationpppiptcpheader-compressionpppautehticationchappeerdefaultipaddresspoolgroup-range18exitb、设置IP地址池iplocalpooldialinxxx.xxx.xxx.xxxc、设置异步线路line18modeminoutmodemautoconfigurediscoveryautohangupflowcontrolhardwaretransportinputallexitRouterospf88Router-id1Network8area0Network55area0Networkarea0Area0authenticationmessage-digest远端路由器配置:黑体字部分为拨号备份配置，在路由器上加用户名dialer3640,password:cisco.被叫号码为XXXXXX2600-1>enPassword:2600-1#showrunBuildingconfiguration...hostname2600-1usernameHBLH-3662-1password0cisco!ipsubnet-zeronoipdomain-lookup!chat-scriptnew1"""ATDTxxxxxx"TIMEOUT60"CONNECT"!interfaceFastEthernet0/0ipaddressxxx.xxx.xxx.xxxnoshutdown!interfaceSerial0/0bandwidth512backupdelay228backupinterfaceSerial0/1ipunnumberedf0/0encapsulationpppinterfaceSerial0/1physical-layerasyncdescriptiondialer-backupipunnumberedencapsulationpppiptcpheader-compressionpassivedialerin-banddialeridle-timeout3600dialermapipnameHBLH3662-1broadcastdialer-group1asyncdefaultroutingasyncdynamicaddressasyncdynamicroutingasyncmodededicatedpppauthenticationchapinecon0transportinputnoneline4scriptdialernew1modemInOuttransportinputallstopbits1speed115200flowcontrolhardwarelineaux0linevty04passwordciscologinCisco2628的详细配置型号描型号描述CISCO2628WIC-2TCAB-SS-V35MTEthernetModularRouterw/CiscoIOSIPSoftware2-PortSerialWANInterfaceCardV.35Cable,DTEMaletoSmartSerial,28Feet数量111IOS软件的具体配置如下：1．设置主机名称Router(config)#hostHBLH2628-12．设置enable口令HBLH-2628-1(config)#enablepasswordHBLHIP地址HBLH-2628-1(config)#interfaceethernet0HBLH-2628-1(config-if)#ipaddressxxx.xxx.xxx.xxxHBLH-2628-1(config-if)#noshutdownHBLH-2628-1(config-if)#exit设置认证方式HBLH-2628-1(config)#aaanew-modelHBLH-2628-1(config)#aaaauthenticationlogindefaultlocalHBLH-2628-1(config)#aaaauthenticationpppdefaultlocal远程访问配置HBLH-2628-1(config)#interfaceSerial0/0HBLH-2628-1(config-if)#ipaddressxxx.xxx.xxx.xxx52HBLH-2628-1(config-if)#encapsulationppp!iprouteSerial0/06．设置虚拟终端线路口令HBLH-2628-1(config)#linevty04HBLH-2628-1(config-line)#passwordqlnicHBLH-2628-1(config-line)#exitSNMP管理HBLH-2628-1(config)#snmp-servercommunityqlroroHBLH-2628-1(config)#snmp-servercommunityqlrwrwDNS服务器HBLH-2628-1(config)#ipname-serverxxx.xxx.xxx.xxx退出并保存配置HBLH-2628-1(config)#exitHBLH-2628-1#writePIX525防火墙详细配置PIX520的硬件配置如下：型型号描述PIX-525CAB-ACAPIX-1FEPIXFirewall525ChassisPlug,PowerCord,Australian,28AONE28/280MbpsETHERNETINTERFACES,RJ45数量112PIX520Catalyst换机端口。设备将在实际环境中配置。第三章、XX新大楼网络管理系统网管工作站操作系统的安装与配置网管工作站安装WindowNTServer4.0中文版操作系统，安装为独立的服务器，并安装ServicePack5，IE5和OptionPack4。主机名（计算机名） 主机名（计算机名） IP地址子网掩码默认网关Nms 54DNS128.151.x.xCiscoWorks2000网管软件的安装与使用ResourceManagerEssentials的安装1、将Essentials光盘放入光驱；2、光盘运行自动运行程序，弹出安装界面；3InstallInstallingEssentialsWelcome4NextRegistration对话框；5、输入用户名和公司名称，点击Next，出现SetupType对话框；6、选择Custominstallation，点击Yes，出现SelectComponents对话框；7、如果不使用默认路径，可将其改为其他路径；8InstallAllSelectProgramFolder对话框；9Next，接受默认名称，或输入自定义名称（如果系统中有在安装过以便安装程序的进行StartCopyingFiles28Next，开始安装，出现SetupSetupComplete对话框；11、点击Finish，出现一个对话框，询问是否重新启动计算机；12、点击Yes，重新启动计算机。CWSICampus的安装1、将CWSICampus光盘放入光驱；2、运行WindowsNT资源管理器；3、双击光驱图标；4、双击setup.exe图标，出现Welcome窗口；5NextSoftwareLicenseAgreement6UserInformation窗口；7、输入用户名和公司名称，点击Next，出现SelectInstallationOption窗口；8、选择StandAlone，点击Next，出现DeviceInstallation窗口；9260036007500Catalyst4003PIXCatalyst6000SelectComponents窗口；28、选择TrafficDirector，点击Next，出现ChooseFolderDestination窗口；ChooseDatabaseDestination窗口；12、接受默认安装路径或选择自定义路径，点击Next，出现EnterInformation窗口；13ip（Catalyst6509inboundNextNextSelectProgramFolder窗口；14Installation当程序文件安装完成后将安装选择的设备；15TrafficDirectorEmbeddedSQLdatabaseNextSetupComplete窗口；16、选择Restartcomputernow，点击Finish，结束安装。CWSICampus的使用CWSI的使用：<CWSIROOT>\etc\cwsi目录下的communities.datSNMP连接字串改为网络设备上设置的值（publicprivat。1、选择开始>程序>CWSI>StartCwsi，弹出ANILogin对话框；2LoginCWSICampus-Map连接状况；3、选择File>SaveLayout可以保存视图；4Edit>RediscoverDevice，或用鼠标右键Rediscover5Edit>SNMPCommunitiesSNMP6View>Rediscover7、选择Options>Properties，在Map栏可以修改视图的属性，在Discovery栏可以修改查找间隔、查询间隔、添加或删除种子设备；8Tools>VlanDirectorVlanDirectorVlan设置；9Tools>UserTrackingUserTrackingUserTracking程序；28、用鼠标左键单击设备图标，选择Tools>Telnet，或点击工具栏上的Telnet图标，均可对设备进行远程访问；11、用鼠标左键单击设备图标，选择Tools>CiscoView，或点击工具栏上的CiscoView图标，或用鼠标右键单击设备图标，从弹出菜单中选择CiscoView，均可在CiscoView中打开设备视图；12、选择Tools>TrafficDirector，或点击工具栏上的TrafficDirectorTrafficDirector程序。UserTracking的使用：1、选择开始>程序>CWSI>StartUserTrackingUserTracking话框；2、点击Login，进入UserTracking窗口；3QuerySelectorItemsQuery，即可进行查询。CiscoView的使用：1>程序>CWSIStartCiscoViewCiscoViewCiscoView-Main窗口；2、选择File>OpenDevice，弹出CiscoView-OpenDevice窗口；3HostipReadCommunitySNMP连接WriteCommunitySNMPOK图；4ConfigureConfigureConfigure>PortConfigPortCATEGORY处选择配置项，可对端口进行配置；5ConfigureConfigureConfigCardCATEGORY处选择配置项，可对模块进行配置；6ConfigureConfigureConfigure>Device，均可弹出ConfigDeviceCATEGORY置项，可对设备进行配置；7MonitorMonitor图标，或MonitorMonitorsPortCATEGORY可对端口进行监测；8MonitorMonitor图标，或选择Monitor>DevicMonitorsDeviceCATEGORY可对设备进行监测；附件：机房环境准备机房电源、地线及同步要求提供稳压的标准交流电源（含UPS）的输入中心线和输出中心线不能相联，需分别接地，各自构成回路，不能交叉。地线：机房设备机架全部接地，要求接地电阻不大于4欧姆；同时要求从程控电话交换机接出的E1中继所在机架接地。照明、办公设备不得与设备电源相联。电源：电源为单相220伏稳压交流电源。电源输出距设备位置不应超过3设备场地、通信、工具设备场地在每一处地点的设备包括如下内容：机架。容纳操作工作站的工作台。打印机工作台。机房应配备计算机地板，或相应的布线槽位及走线。通用的工具、工作桌、工作椅应准备好。通信需有电话支持。对于工程电话线，至少有一条，用于远距故障排除和远程对路由器的访问。工具需要改锥等必要的工具。机房环境机房设计的环境如下表所示。表1-1机房的环境条件No.12345678928111213141516172819

房间尺寸空气条件振动有害气体楼层高度墙壁和天花板窗户门防火静电照明

参考值0.3mg/m3机房内部地面低于0.25G气体浓度不能高于危害操作员健康和机器寿命的限度.500kg/2(相当于一般写字楼地面)防静电材料防尘封材料防静电材料防尘封材料阻燃材料吸音和隔音材料为防止阳光对设备损害,应加窗帘1.2m能防火、防洪水与地震和操作员及设备安全能防鼠患和昆虫安装自动火警装置和灭火器≤120dB(1V/m)，频率范围从28KHZ到1GHZ≤50Oe（显示器要求为0.015Oe）≤6KV（试验设备的要求为150PF/330Ohm)300到700流明（luX）高于地顿85cmC推荐500流明15~28摄氏度，每小时变化不超过28%。30%-80%，不结露附录：产品产品CISCOCATALYST6509CISCOCATALYST4003CISCOPIXCISCO7507CISCO3662最大功率(Watt)2500120022019002503设备实际配置7507的实际配置：Currentconfiguration1557!!Lastconfigurationchangeat12:40:14CCTTueOct292002!NVRAMconfiglastupdatedat12:49:23CCTTueOct292002!version12.1servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimeshow-timezoneservicepassword-encryption!hostnamer-gz3!enablesecret5$1$XDAl$8b2YYmd5zUgCQPX9rptew.!!!!!clocktimezoneCCTipsubnet-zeronoipfingernoipdomain-lookup!ipcef!!controllerE11/0/0!controllerE11/0/1!!interfaceLoopback0ipaddress55!interfaceLoopback1noipaddress!interfaceSerial1/1/0noipaddressnoiproute-cachedistributedshutdownnofair-queue!interfaceSerial1/1/1noipaddressnoiproute-cachedistributedshutdown!interfaceSerial1/1/2noipaddressnoiproute-cachedistributedshutdown!interfaceSerial1/1/3noipaddressnoiproute-cachedistributedshutdown!interfaceFastEthernet4/0/0ipaddress48noiproute-cachedistributedfull-duplex!interfaceFastEthernet4/1/0ipaddress248noiproute-cachedistributedfull-duplex!routerospf88router-idlog-adjacency-changesnetwork55area0!ipclasslessnoiphttpserver!loggingsource-interfaceLoopback0logging88snmp-servercommunityHBLHROsnmp-servercommunityHBLH2002RW!!linecon0transportinputlineaux0linevty04password7121E1F0E11login!ntpsourceLoopback0ntpmaster1ntpupdate-calendarend路由器3660的实际配置：version12.1servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimeshow-timezoneservicepassword-encryption!hostnamer-gz4!enablesecret5$1$W0wI$NAJV/qLh1gwODlDUhwboV1!!!!!clocktimezoneCCTipsubnet-zeronoipfingernoipdomain-lookup!!!!voice-port1/0/0!voice-port1/0/1!!!interfaceLoopback0ipaddress55!interfaceLoopback1noipaddress!interfaceFastEthernet0/0ipaddress92ipnatoutsideduplexautospeedauto!interfaceFastEthernet0/1ipaddress348ipnatduplexautospeedauto!routerospf88router-idlog-adjacency-changesredistributestaticsubnetsnetwork55area0!ipnatpoolgjgznetmask92ipnatinsidesourcelist1poolgjgzoverloadipclasslessiprouteiprouteiproutenoiphttpserver!loggingsource-interfaceLoopback0logging88access-list1permit55access-list1permit55access-list1permit55access-list1permit55snmp-servercommunityHBLHROsnmp-servercommunityHBLH2002RW!linecon0transportinputlineaux0linevty04password72849130006login!ntpclock-period17282878ntpserverend交换机6509（1）的配置：begin!#*****NON-DEFAULTCONFIGURATION*****!!#time:WedOct302002,11:44:27CCT!#version7.1(2)!setpassword$2$SOyC$uu17cT0NezNmlZ1sxdD5//setenablepass$2$BH33$Pru5FTJ0dNRsooEZI3aE51setprompts-gz1>!#!#snmpsetsnmpcommunityread-only HBLHsetsnmpcommunityread-write HBLH2002!#vtpsetvtpdomainsetvtppasswdHBLHsetvlan1namedefaulttypeethernetmtu1500said280001stateactivesetvlan2name6509topixtypeethernetmtu1500said280002stateactivesetvlan3namefinacialdeptypeethernetmtu1500said280003stateactivesetvlan4nameplandeptypeethernetmtu1500said280004stateactivesetvlan5nameeconomicdeptypeethernetmtu1500said280005stateactivesetvlan6namehumanresourcedeptypeethernetmtu1500said280006stateactivesetvlan7namelabordeptypeethernetmtu1500said280007stateactivesetvlan8namesciencetechdeptypeethernetmtu1500said280008stateactivesetvlan9nameofficedeptypeethernetmtu1500said280009stateactivesetvlan28namereservevlan28typeethernetmtu1500said280028stateactivesetvlan11namereservevlan11typeethernetmtu1500said280011stateactivesetvlan12namereservevlan12typeethernetmtu1500said280012stateactivesetvlan13namereservevlan13typeethernetmtu1500said280013stateactivesetvlan14namereservevlan14typeethernetmtu1500said280014stateactivesetvlan15namereservevlan15typeethernetmtu1500said280015stateactivesetvlan16namereservevlan16typeethernetmtu1500said280016stateactivesetvlan17namereservevlan17typeethernetmtu1500said280017stateactivesetvlan28name6509(1)torouterstypeethernetmtu1500said280028stateactivesetvlan19name6509(2)torouterstypeethernetmtu1500said280019stateactivesetvlan20nametobeijingcentertypeethernetmtu1500said280020stateactivesetvlan2802namefddi-defaulttypefddimtu1500said282802stateactivesetvlan2804namefddinet-defaulttypefddinetmtu1500said282804stateactivestpieeesetvlan2805nametrnet-defaulttypetrbrfmtu1500said282805stateactivestpibmsetvlan2803nametoken-ring-defaulttypetrcrfmtu1500said282803stateactivemodearemaxhop7stemaxhop7backupcrfoff!#ipsetinterfacesc01/55setiproute/!54#spantree#vlan<VlanId>setspantreepriority81921setspantreepriority81922setspantreepriority81923setspantreepriority163844setspantreepriority81925setspantreepriority163846setspantreepriority81927setspantreepriority163848setspantreepriority81929setspantreepriority1638428setspantreepriority819211setspantreepriority1638412setspantreepriority819213setspantreepriority1638414setspantreepriority819215setspantreepriority1638416setspantreepriority819217setspantreepriority819228setspantreepriority819219!#syslogsetloggingserverenablesetloggingserver88setloggingserverseverity7!#ntpsetntpclientenablesetntpserversettime#setbootcommandsetbootconfig-register0x2setbootsystemflashbootflash:cat6000-supk8.7-1-2.bin!#portchannelsetportchannel3/5-878!#defaultportstatusisenable!!#module1:2-port2800BaseXSupervisor!#module2:48-port28/280BaseTXEthernetsetvlan28 2/47-48setvlan20 2/46setportspeed 2/46 28setportspeed2/47280setportduplex2/47fullcleartrunk2/11-2805settrunk2/1 autonegotiate2825-4094!#module3:8-port2800BaseXEthernetcleartrunk3/1 20-2805settrunk3/1 ondot1q1-19,2825-4094cleartrunk3/2 20-2805settrunk3/2 ondot1q1-19,2825-4094cleartrunk3/3 20-2805settrunk3/3 ondot1q1-19,2825-4094cleartrunk3/4 20-2805settrunk3/4 ondot1q1-19,2825-4094cleartrunk3/5 1-2805settrunk3/5 autonegotiate2825-4094cleartrunk3/6 1-2805settrunk3/6 autonegotiate2825-4094cleartrunk3/7 20-2805settrunk3/7 ondot1q1-19,2825-4094cleartrunk3/8 20-2805settrunk3/8 ondot1q1-19,2825-4094setportchannel3/7-8modedesirable!#module4empty!#module5empty!#module6empty!#module7empty!#module8empty!#module9empty!#module15:1-portMultilayerSwitchFeatureCard!#module16emptyend交换机6509（1）的三层配置：version12.1servicetimestampsdebugdatetimemseclocaltimeservicetimestampslogdatetimemseclocaltimeshow-timezoneservicepassword-encryption!hostnamer-gz1!bootsystemflashbootflash:c6msfc2-psv-mz.121-11b.E.binenablepassword702011E4208!clocktimezoneCCTipsubnet-zero!!!!!!interfaceLoopback0ipaddress55!interfaceLoopback1noipaddress!interfaceVlan1ipaddress52noipredirectsstandby1ip54standby1priority128standby1preempt!interfaceVlan2noipaddress!interfaceVlan3ipaddr