网络工程师成长日记370-阿尔斯通

原创

cn20004 2018-03-07 14:33:39 ©著作权

©著作权归作者所有：来自51CTO博客作者cn20004的原创作品，请联系作者获取转载授权，否则将追究法律责任

网络工程师成长日记370-阿尔斯通

这是我的第370篇原创文章，记录网络工程师行业的点点滴滴，结交IT行业有缘之人

4月20日下午,我和老大一起去西高新的高科大厦去进行H3C防火墙的安装这是我第一次做on job training 之前虽然老大给我了一些H3C的文档,但是还是感觉心里没底.

这次我们要做的内容是一个F100-C的防火墙的安装,和一个CISCO无线AP的连接(这个是去了以后客户提出的). F100-C防火墙上面已经做好了配置,只要进行安装就行了,当时我们认为很简单,只要一会就能完成,结果出现了无数的问题. 把防火墙连到电脑上,dis cur(就是SHOW RUN)了防火墙上的配置. 客户告诉我们,电信给他们分配的拨号IP和密码,怎么弄都不通. 随后又进行了多方面的尝试.也是不通.

和北京方面的工程师沟通,告诉我们说他们和电信进行联系,因为他们也不太清楚电信给客户方进行的配置. 于是就联系了N长时间.随后,北京打过来电话进行询问,再试,还是不通,经过多次反复,只能自己打电话给电信询问. 开始以为是拨号的密码错误,遂打电话给电信,电信告诉我们说,要想知道密码,必须给他们提供企业的证件等物品, 没办法,再和客户进行沟通,这时他们才提供了一张19号他们装网线时电信给他们留下的IP地址,并告诉我们是电信安装的专线. 对防火墙的设置进行了修改,把WAN口和Dialer0进行重新配置,再一次进行尝试,这次终于能PING通网关了,再PING客户的内网,也通. 因为客户没有对网络比较了解的,经过与北京方面的沟通才知道他们昨天装的是×××专线,而不是客户一直号称的拨号上网. 被误导了,囧死.

然后就是进行无线的安装并绑密码,绑密码的时候还出了点小问题,客户要求5位的密码但是选择的密码协议只支持最少8位数的密码,进行了沟通,最后选择了8位的密码. 到此本次工程全部完工. 这次工程让我理解到,工程中进行沟通是非常重要的然后就是要根据自己已知的信息对工程进行了解,知道自己需要做什么这样才能成功快速的完成工作.

工程配置过程由我们配通,再由北京的工程师远程登录进行修改 dis cur结果如下,IP地址等相关内容进行了修改

Sysname F100-C

clock timezone GMT+8 add 08:00:00

encrypt-card fast-switch

firewall packet-filter enable firewall packet-filter default permit

insulate

bims enable//H3C的分支网点智能管理解决方案 bims device-id F100-C bims ip address 100.0.0.1 port 7000 bims interval 10 bims sharekey simple cec

dialer-rule 1 ip permit

firewall statistic system enable

pki entity mytest common-name F100-C organization-unit ts
organization CEC locality SX state XA country CN

pki domain myvpn ca identifier CEC certificate request url http://1.2.3.4/certsrv/mscep/mscep.dll //配证书 certificate request from ra certificate request entity mytest certificate request mode auto key-length 1024 root-certificate fingerprint sha1 12345 crl check disable

radius scheme system server-type extended

domain system

local-user 654321 password 123456 service-type telnet terminal level 3 service-type ftp

ike proposal 1 authentication-method rsa-signature

ike peer vpn exchange-mode aggressive pre-shared-key xxxxx id-type name remote-name vpn remote-address 1.2.3.4 certificate domain myvpn

ipsec card-proposal svpn use encrypt-card 1/0

ipsec proposal vpn

ipsec policy vpn 10 isakmp security acl 3000 ike-peer vpn proposal svpn

//北京工程师在远程登录后加入了

dhcp server ip-pool dhcppool network 10.1.0.2 mask 255.255.255.0
gateway-list 10.1.0.1 dns-list 10.1.1.1 10.1.1.3 10.1.1.8

acl number 2000 match-order auto rule 0 permit source 10.1.1.0 0.0.0.255 rule 1 permit

acl number 3000 rule 0 permit ip source 1.1.1.4 0 destination 1.1.1.1 0 rule 1 deny ip

interface Aux0 async mode flow

interface Dialer1 undo link-protocol ppp undo ppp pap local-user 7654321 password simple xxxxx undo ip address ppp-negotiate dialer user user dialer-group 1 dialer bundle 1 nat outbound 2000 ipsec policy vpn 原有配置,由于是专线,后全部删除

interface Ethernet0/0 description link to LAN ip address 10.1.1.1 255.255.255.0

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet0/4//修改为 interface Ethernet0/4 description link to WAN ip address 121.1.1.1 255.0.0.0 ntp-service broadcast-server

interface Encrypt1/0

interface Tunnel1 ip address 34.1.1.1 255.255.255.252 source 1.1.1.4 destination 1.1.1.1

interface NULL0

interface LoopBack0 ip address 1.1.1.4 255.255.255.255

firewall zone local set priority 100

firewall zone trust add interface Ethernet0/0 add interface Ethernet0/1 add interface Ethernet0/2 add interface Ethernet0/3 add interface Ethernet0/4 add interface Dialer1//后删除 add interface Tunnel1 set priority 85 statistic enable ip inzone statistic enable ip outzone

firewall zone untrust set priority 5

firewall zone DMZ set priority 50

firewall interzone local trust

firewall interzone local untrust

firewall interzone local DMZ

firewall interzone trust untrust

firewall interzone trust DMZ

firewall interzone DMZ untrust

ip route-static 0.0.0.0 0.0.0.0 43.1.1.1 preference 60// 修改后为Ethernet 0/4 121.1.1.1，原来为dialer1 口 ip route-static 1.1.1.1 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 2.2.2.2 255.0.0.0 Tunnel 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 3.3.3.3 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 4.4.4.4 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 5.5.5.5 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 6.6.6.6 255.255.0.0 Tunnel 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static7.7.7.7 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 8.8.8.8 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1 ip route-static 9.9.9.9 255.255.255.255 Dialer 1 preference 60// Dialer 1修改为Ethernet 0/4 121.1.1.1

snmp-agent snmp-agent local-engineid 12345678 snmp-agent community write 101zhengou snmp-agent sys-info version all snmp-agent trap source Ethernet0/4

ntp-service unicast-server 1.1.1.1 ntp-service unicast-server 2.2.2.2 ntp-service unicast-server 3.3.3.3 ntp-service unicast-server 4.4.4.4 ntp-service unicast-server 5.5.5.5 ntp-service unicast-server 6.6.6.6 ntp-service unicast-server 7.7.7.7 ntp-service unicast-server 8.8.8.8 ntp-service unicast-server 9.9.9.9

user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3
set authentication password simple cecipsec 此时PING内网的深圳总部,,可以PING通,完成.

XiA110101-H3C]dis ip int bri *down: administratively down (s): spoofing Interface IP Address Physical Protocol Description Aux0 unassigned down up(s) Aux0 Inte... Dialer1 unassigned up up(s) Dialer1 I... Encrypt1/0 unassigned up up Encrypt1/... Ethernet0/0 10.100.12.1 up up link to LAN Ethernet0/1 unassigned down down Ethernet0... Ethernet0/2 unassigned down down Ethernet0... Ethernet0/3 unassigned down down Ethernet0... Ethernet0/4 117.22.255.106 up up link to WAN LoopBack0 1.1.1.37 up up(s) LoopBack0... Tunnel1 172.16.18.118 up up Tunnel1 I... [XiA110101-H3C]dis cur

sysname XiA110101-H3C

clock timezone GMT+8 add 08:00:00

encrypt-card fast-switch

firewall packet-filter enable firewall packet-filter default permit

insulate

bims enable bims device-id XiA110101-H3C bims ip address 218.96.249.203 port 7777 bims interval 10 bims sharekey simple cec

dialer-rule 1 ip permit

firewall statistic system enable

pki entity mytest common-name XiA110101-H3C organization-unit ts
organization CEC locality SX state XA country CN

pki domain myvpn ca identifier CEC certificate request url http://218.96.249.202/certsrv/mscep/mscep.dll certificate request from ra certificate request entity mytest certificate request mode auto key-length 1024 root-certificate fingerprint sha1 268fed7ae09ce9fb3c187d917070bbea1f1f327a crl check disable

radius scheme system server-type extended

domain system

local-user cecipsec password cipher RPZ^0"X<9]'Q=^Q`MAF4<1!! service-type telnet terminal level 3 service-type ftp

ike proposal 1 authentication-method rsa-signature

ike peer vpn exchange-mode aggressive pre-shared-key 123456 id-type name remote-name vpn remote-address 218.96.249.201 certificate domain myvpn

ipsec card-proposal svpn use encrypt-card 1/0

ipsec proposal vpn

ipsec policy vpn 10 isakmp security acl 3000 ike-peer vpn proposal svpn

acl number 2000 match-order auto rule 0 permit source 10.100.12.0 0.0.0.255 rule 1 permit

acl number 3000 rule 0 permit ip source 1.1.1.37 0 destination 1.1.1.1 0 rule 1 deny ip

interface Aux0 async mode flow

interface Dialer1 undo link-protocol ppp undo ppp pap local-user 029xxxxx password simple xxxxxx undo ip address ppp-negotiate dialer user user dialer-group 1 dialer bundle 1 nat outbound 2000 ipsec policy vpn

interface Ethernet0/0 description link to LAN ip address 10.100.12.1 255.255.255.0

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet0/4 description link to WAN ip address 117.22.255.106 255.0.0.0 ntp-service broadcast-server

interface Encrypt1/0

interface Tunnel1 ip address 172.16.18.118 255.255.255.252 source 1.1.1.37 destination 1.1.1.1

interface NULL0

interface LoopBack0 ip address 1.1.1.37 255.255.255.255

firewall zone local set priority 100

firewall zone trust add interface Ethernet0/0 add interface Ethernet0/1 add interface Ethernet0/2 add interface Ethernet0/3 add interface Ethernet0/4 add interface Dialer1 add interface Tunnel1 set priority 85 statistic enable ip inzone statistic enable ip outzone

firewall zone untrust set priority 5

firewall zone DMZ set priority 50

firewall interzone local trust

firewall interzone local untrust

firewall interzone local DMZ

firewall interzone trust untrust

firewall interzone trust DMZ

firewall interzone DMZ untrust

ip route-static 0.0.0.0 0.0.0.0 117.22.255.105 preference 60// 修改后，原来为dialer1 口 undo ip route-static 1.1.1.1 255.255.255.255 Dialer 1 preference 60 undo ip route-static 10.0.0.0 255.0.0.0 Tunnel 1 preference 60 undo ip route-static 61.237.232.242 255.255.255.255 Dialer 1 preference 60 undo ip route-static 131.100.9.2 255.255.255.255 Dialer 1 preference 60 undo ip route-static 131.107.1.10 255.255.255.255 Dialer 1 preference 60 undo ip route-static 159.217.0.0 255.255.0.0 Tunnel 1 preference 60 undo ip route-static 202.112.10.60 255.255.255.255 Dialer 1 preference 60 undo ip route-static 202.122.113.114 255.255.255.255 Dialer 1 preference 60 undo ip route-static 210.72.145.44 255.255.255.255 Dialer 1 preference 60 undo ip route-static 210.184.110.165 255.255.255.255 Dialer 1 preference 60 undo ip route-static 218.96.0.0 255.255.0.0 Dialer 1 preference 60 undo ip route-static 218.96.50.84 255.255.255.252 Tunnel 1 preference 60 undo ip route-static 218.96.70.100 255.255.255.252 Tunnel 1 preference 60 undo ip route-static 218.96.249.201 255.255.255.255 Dialer 1 preference 60 undo ip route-static 218.96.249.202 255.255.255.255 Dialer 1 preference 60 undo ip route-static 218.96.249.203 255.255.255.255 Dialer 1 preference 60 undo ip route-static 218.96.253.160 255.255.255.224 Tunnel 1 preference 60 undo ip route-static 218.97.1.33 255.255.255.255 Dialer 1 preference 60

snmp-agent snmp-agent local-engineid 000063A27F0000010000176B snmp-agent community write xxxxxx snmp-agent sys-info version all snmp-agent trap source Ethernet0/4

ntp-service unicast-server 61.237.232.242 ntp-service unicast-server 131.107.1.10 ntp-service unicast-server 133.100.9.2 ntp-service unicast-server 202.112.10.60 ntp-service unicast-server 202.122.113.114 ntp-service unicast-server 210.72.145.44 ntp-service unicast-server 210.184.110.165 ntp-service unicast-server 218.96.249.201 ntp-service unicast-server 218.97.1.33

user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3
set authentication password simple xxxxx

beijing xiugaihou [XiA110101-H3C]dis cur

sysname XiA110101-H3C

clock timezone GMT+8 add 08:00:00

encrypt-card fast-switch

firewall packet-filter enable firewall packet-filter default permit

insulate

bims enable bims device-id XiA110101-H3C bims ip address 218.96.249.203 port 7777 bims interval 10 bims sharekey simple cec

dialer-rule 1 ip permit

firewall statistic system enable

pki entity mytest common-name XiA110101-H3C organization-unit ts
organization CEC locality SX state XA country CN

radius scheme system server-type extended

domain system

local-user cecipsec password cipher RPZ^0"X<9]'Q=^Q`MAF4<1!! service-type telnet terminal level 3 service-type ftp

ike proposal 1 authentication-method rsa-signature

ike peer vpn exchange-mode aggressive pre-shared-key 123456 id-type name remote-name vpn remote-address 218.96.249.201 certificate domain myvpn

ipsec card-proposal svpn use encrypt-card 1/0

ipsec proposal vpn

ipsec policy vpn 10 isakmp security acl 3000 ike-peer vpn proposal svpn

acl number 2000 match-order auto rule 0 permit source 10.100.12.0 0.0.0.255 rule 1 permit

acl number 3000 rule 0 permit ip source 1.1.1.37 0 destination 1.1.1.1 0 rule 1 deny ip

interface Aux0 async mode flow

interface Dialer1 link-protocol ppp ppp pap local-user 029xxxxx password simple xxxx ip address ppp-negotiate dialer user user dialer-group 1 dialer bundle 1 nat outbound 2000 ipsec policy vpn

interface Ethernet0/0 description link to LAN ip address 10.100.12.1 255.255.255.0

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet0/4 description link to WAN ip address 117.22.255.106 255.0.0.0 ipsec policy vpn ntp-service broadcast-server

interface Encrypt1/0

interface Tunnel1 ip address 172.16.18.118 255.255.255.252 source 1.1.1.37 destination 1.1.1.1

interface NULL0

interface LoopBack0 ip address 1.1.1.37 255.255.255.255

firewall zone local set priority 100

firewall zone trust add interface Ethernet0/0 add interface Ethernet0/1 add interface Ethernet0/2 add interface Ethernet0/3 add interface Ethernet0/4 add interface Dialer1 add interface Tunnel1 set priority 85 statistic enable ip inzone statistic enable ip outzone

firewall zone untrust set priority 5

firewall zone DMZ set priority 50

firewall interzone local trust

firewall interzone local untrust

firewall interzone local DMZ

firewall interzone trust untrust

firewall interzone trust DMZ

firewall interzone DMZ untrust

ip route-static 0.0.0.0 0.0.0.0 117.22.255.105 preference 60 ip route-static 1.1.1.1 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 61.237.232.242 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 131.100.9.2 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 131.107.1.10 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 202.112.10.60 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 202.122.113.114 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 210.72.145.44 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 210.184.110.165 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.0.0 255.255.0.0 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.249.201 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.249.202 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.249.203 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.97.1.33 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60

snmp-agent
snmp-agent local-engineid 000063A27F0000010000176B snmp-agent community write xxxxx snmp-agent sys-info version all snmp-agent trap source Ethernet0/4

user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 set authentication password simple cecipsec

return

[XiA110101-H3C] %Apr 20 17:50:43:438 2009 XiA110101-H3C PKI/4/Verify_CA_Root_Cert:CA root certificate of the domain myvpn is trusted. %Apr 20 17:50:49:830 2009 XiA110101-H3C PKI/4/Update_CA_Cert:Update CA certificates of the Domain myvpn successfully. %Apr 20 17:50:49:831 2009 XiA110101-H3C PKI/4/CA_Cert_Retrieval:Retrieval CA certificates of the domain myvpn successfully. %Apr 20 17:50:54:232 2009 XiA110101-H3C PKI/4/Local_Cert_Request:Request local certificate of the domain myvpn successfully.

C:\Documents and Settings\Administrator>ping 172.16.18.118

Pinging 172.16.18.118 with 32 bytes of data:

Reply from 172.16.18.118: bytes=32 time=3ms TTL=255 Reply from 172.16.18.118: bytes=32 time=3ms TTL=255 Reply from 172.16.18.118: bytes=32 time=2ms TTL=255 Reply from 172.16.18.118: bytes=32 time=1ms TTL=255

Ping statistics for 172.16.18.118: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 3ms, Average = 2ms

C:\Documents and Settings\Administrator>ping www.baidu.com ^C C:\Documents and Settings\Administrator>nslookup www.baidu.com DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 218.30.19.40: Timed out *** Default servers are not available Server: UnKnown Address: 218.30.19.40

DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out

C:\Documents and Settings\Administrator>ping 117.22.255.106

Pinging 117.22.255.106 with 32 bytes of data:

Reply from 117.22.255.106: bytes=32 time=2ms TTL=255 Reply from 117.22.255.106: bytes=32 time=1ms TTL=255 Reply from 117.22.255.106: bytes=32 time=1ms TTL=255 Reply from 117.22.255.106: bytes=32 time=1ms TTL=255

Ping statistics for 117.22.255.106: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 2ms, Average = 1ms

C:\Documents and Settings\Administrator>ping 117.22.255.105

Pinging 117.22.255.105 with 32 bytes of data:

Request timed out. Request timed out. Request timed out. Request timed out.

Ping statistics for 117.22.255.105: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Administrator>

====================================== 最终配置 [XiA110101-H3C]dis cur

sysname XiA110101-H3C

clock timezone GMT+8 add 08:00:00

encrypt-card fast-switch

firewall packet-filter enable firewall packet-filter default permit

insulate

bims enable bims device-id XiA110101-H3C bims ip address 218.96.249.203 port 7777 bims interval 10 bims sharekey simple cec

dialer-rule 1 ip permit

firewall statistic system enable

pki entity mytest common-name XiA110101-H3C organization-unit ts
organization CEC locality SX state XA country CN

radius scheme system server-type extended

domain system

local-user cecipsec password cipher RPZ^0"X<9]'Q=^Q`MAF4<1!! service-type telnet terminal level 3 service-type ftp

ike proposal 1 authentication-method rsa-signature

ike peer vpn exchange-mode aggressive pre-shared-key xxxxxx id-type name remote-name vpn remote-address x.x.x.x certificate domain myvpn

ipsec card-proposal svpn use encrypt-card 1/0

ipsec proposal vpn

ipsec policy vpn 10 isakmp security acl 3000 ike-peer vpn proposal svpn

dhcp server ip-pool dhcppool network 10.100.12.0 mask 255.255.255.0
gateway-list 10.100.12.1 dns-list 10.100.0.2 10.100.0.3 10.3.1.8

acl number 2000 match-order auto rule 0 permit source 10.100.12.0 0.0.0.255 rule 1 permit

acl number 3000 rule 0 permit ip source 1.1.1.37 0 destination 1.1.1.1 0 rule 1 deny ip

interface Aux0 async mode flow

interface Ethernet0/0 description link to LAN ip address 10.100.12.1 255.255.255.0

interface Ethernet0/1

interface Ethernet0/2

interface Ethernet0/3

interface Ethernet0/4 description link to WAN ip address 117.22.255.106 255.0.0.0 ipsec policy vpn ntp-service broadcast-server

interface Encrypt1/0

interface Tunnel1 ip address 172.16.18.118 255.255.255.252 source 1.1.1.37 destination 1.1.1.1

interface NULL0

interface LoopBack0 ip address 1.1.1.37 255.255.255.255

firewall zone local set priority 100

firewall zone trust add interface Ethernet0/0 add interface Ethernet0/1
add interface Ethernet0/2 add interface Ethernet0/3 add interface Ethernet0/4 add interface Tunnel1 set priority 85 statistic enable ip inzone statistic enable ip outzone

firewall zone untrust set priority 5

firewall zone DMZ set priority 50

firewall interzone local trust

firewall interzone local untrust

firewall interzone local DMZ

firewall interzone trust untrust

firewall interzone trust DMZ

firewall interzone DMZ untrust

ip route-static 0.0.0.0 0.0.0.0 117.22.255.105 preference 60 ip route-static 1.1.1.1 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 10.0.0.0 255.0.0.0 Tunnel 1 preference 60 ip route-static 61.237.232.242 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 131.100.9.2 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 131.107.1.10 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 159.217.0.0 255.255.0.0 Tunnel 1 preference 60 ip route-static 202.112.10.60 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 202.122.113.114 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 210.72.145.44 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 210.184.110.165 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.0.0 255.255.0.0 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.50.84 255.255.255.252 Tunnel 1 preference 60 ip route-static 218.96.70.100 255.255.255.252 Tunnel 1 preference 60 ip route-static 218.96.249.201 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.249.202 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.249.203 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60 ip route-static 218.96.253.160 255.255.255.224 Tunnel 1 preference 60 ip route-static 218.97.1.33 255.255.255.255 Ethernet 0/4 117.22.255.105 preference 60

snmp-agent snmp-agent local-engineid 000063A27F0000010000176B snmp-agent community write zqw101 snmp-agent sys-info version all snmp-agent trap source Ethernet0/4

user-interface con 0 user-interface aux 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3 set authentication password simple xxxxxx

return [XiA110101-H3C]

ping 深圳总部

C:\Documents and Settings\Administrator>ping 10.100.0.1

Pinging 10.100.0.1 with 32 bytes of data:

Reply from 10.100.0.1: bytes=32 time=99ms TTL=249 Reply from 10.100.0.1: bytes=32 time=96ms TTL=249 Reply from 10.100.0.1: bytes=32 time=96ms TTL=249 Reply from 10.100.0.1: bytes=32 time=99ms TTL=249

Ping statistics for 10.100.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 96ms, Maximum = 99ms, Average = 97ms

C:\Documents and Settings\Administrator>ping 10.100.0.1

Pinging 10.100.0.1 with 32 bytes of data:

Reply from 10.100.0.1: bytes=32 time=116ms TTL=248 Reply from 10.100.0.1: bytes=32 time=103ms TTL=248 Reply from 10.100.0.1: bytes=32 time=112ms TTL=248 Reply from 10.100.0.1: bytes=32 time=96ms TTL=248

Ping statistics for 10.100.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 96ms, Maximum = 116ms, Average = 106ms

C:\Documents and Settings\Administrator>

[XiA110101-H3C]dis ip int bri *down: administratively down (s): spoofing Interface IP Address Physical Protocol Description Aux0 unassigned down up(s) Aux0 Inte... Dialer1 unassigned down down Dialer1 I... Encrypt1/0 unassigned up up Encrypt1/... Ethernet0/0 10.100.12.1 up up link to LAN Ethernet0/1 unassigned down down Ethernet0... Ethernet0/2 unassigned down down Ethernet0... Ethernet0/3 unassigned down down Ethernet0... Ethernet0/4 unassigned up down link to WAN LoopBack0 1.1.1.37 up up(s) LoopBack0... Tunnel1 172.16.18.118 up down Tunnel1 I... [XiA110101-H3C] #Apr 20 23:48:10:748 2009 XiA110101-H3C IFNET/4/TRAP:1.3.6.1.6.3.1.1.5.4Interface 1854 is Up %Apr 20 23:48:10:750 2009 XiA110101-H3C IFNET/4/UPDOWN:Line protocol on the interface Dialer1:0 is UP

#Apr 20 23:48:10:954 2009 XiA110101-H3C IFNET/4/TRAP:1.3.6.1.6.3.1.1.5.3Interface 1854 is Down %Apr 20 23:48:10:955 2009 XiA110101-H3C IFNET/4/UPDOWN:Line protocol on the interface Dialer1:0 is DOWN

#Apr 20 23:48:29:056 2009 XiA110101-H3C IFNET/4/TRAP:1.3.6.1.6.3.1.1.5.4Interface 1862 is Up %Apr 20 23:48:29:057 2009 XiA110101-H3C IFNET/4/UPDOWN:Line protocol on the interface Dialer1:0 is UP

#Apr 20 23:48:29:264 2009 XiA110101-H3C IFNET/4/TRAP:1.3.6.1.6.3.1.1.5.3Interface 1862 is Down %Apr 20 23:48:29:266 2009 XiA110101-H3C IFNET/4/UPDOWN:Line protocol on the interface Dialer1:0 is DOWN

上一篇：网络工程师成长日记402-乌审旗某采气厂项目

下一篇：网络工程师成长日记337-某城市统计局项目

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯