终于可以松口气了

终于可以松口气了
  十月二十号接到通知,最近公司要做一个项目,是一个比较大的项目,我们公司是一个小公司,能接到这样一个大的项目老板是高兴万分,我们这些做技术的也希望一展身手了。
  历时16天,终于可以松口气了。
  公司的项目是这样的:天地源房地产有限公司搬到新建的盛唐大厦16楼全层,我们公司为其做网络,门禁,电话,广播系统。由于公司人手不多,每天就只有两个人做,我从一开始就在这个地方做其它的人都轮流着做。我的担子就重了,每天是出门身上都是厚厚的灰尘。闲话不多了,做过工程的人应该明白这种滋味了。
  说正题
  项目中此公司有网络节点60多个,共用一根4M的ADLS,每个领导办公室有一台无线AP  ,根据用户的需求,我们 采用的网络产品是H3C的,分别是一台H3C SecPath F100-S防火墙,一台H3C S5100-SI&EI系列以太网交换机做为核心交换机,三台24口H3C 1224R做为二接入层交换机,无线AP采用netgare。简单拓扑图如下。
终于可以松口气了_第1张图片
 
 
   三层交换机的配置及简单说明如下:
[H3C]disp cur
#
 sysname H3C //交换机名称
#
radius scheme system
#
domain system
#
local-user admin  //管理员帐号admin admin123 (web telnet)
 password simple admin123
 service-type telnet terminal
 level 3
#
vlan 1
#
interface Vlan-interface1  //管理地址
 ip address 192.168.1.2 255.255.255.0
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3
#                                        
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#                                        
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
 shutdown
#
interface GigabitEthernet1/0/26
 shutdown
#                                        
interface GigabitEthernet1/0/27
 shutdown
#
interface GigabitEthernet1/0/28
 shutdown
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60 //网关地址
#
user-interface aux 0
 authentication-mode scheme  //console认证方式
user-interface vty 0 4
 authentication-mode scheme  //telnet认证方式
#
return
[H3C]   
[H3C]disp save
#
 sysname H3C
#
radius scheme system
#
domain system
#
local-user admin
 password simple admin123
 service-type telnet terminal
 level 3
#
vlan 1
#
interface Vlan-interface1
 ip address 192.168.1.2 255.255.255.0
#LOCCFG. MUST NOT DELETE
#
interface Aux1/0/0
#
interface GigabitEthernet1/0/1
#
interface GigabitEthernet1/0/2
#
interface GigabitEthernet1/0/3           
#
interface GigabitEthernet1/0/4
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15          
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface GigabitEthernet1/0/25
 shutdown
#
interface GigabitEthernet1/0/26
 shutdown                                
#
interface GigabitEthernet1/0/27
 shutdown
#
interface GigabitEthernet1/0/28
 shutdown
#TOPOLOGYCFG. MUST NOT DELETE
#GLBCFG. MUST NOT DELETE
#
interface NULL0
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface aux 0
 authentication-mode scheme
user-interface vty 0 4
 authentication-mode scheme
#
return
[H3C] 
[H3C]sa
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
 unchanged press the enter key):
Now saving current configuration to the device.
Saving configuration. Please wait...
...
<H3C>sys
System View: return to User View with Ctrl+Z.

  防火墙配置如下:
[H3C]disp cur
#
 sysname H3C  //防火墙名称
#
 firewall packet-filter enable
 firewall packet-filter default permit //默认允许流量通过
#
 undo connection-limit enable
 connection-limit default deny
 connection-limit default amount upper-limit 50 lower-limit 20
#
 dialer-rule 1 ip permit  //定义拨号的感兴趣流量
#
 firewall statistic system enable
#
radius scheme system
 server-type extended
#
domain system
#
local-user admin  //管理帐号admin admin123
 password simple admin123
 service-type telnet terminal
 level 3
#
dhcp server ip-pool lanpool                //dhcp地址池
 network 192.168.1.0 mask 255.255.255.0
 gateway-list 192.168.1.1
 dns-list 202.96.128.166 202.96.134.133
#
acl number 2000     //定义内网流量
 rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
 async mode flow
#
interface Dialer1   //定义虚拟拨号口
 link-protocol ppp
 ppp pap local-user [email protected] password simple BWGBTLTJ  //定义上网的帐号密码。要更改时,在命令前加undo,然后再输入新的帐号
 ip address ppp-negotiate  //从拨号自动获得IP地址
 dialer user [email protected]
 dialer bundle 1   //绑定到拨号的感兴趣流量
 nat outbound 2000   //定义内网NAT转换地址
#
interface Ethernet0/0 
 ip address 192.168.1.1 255.255.255.0 //内网ip地址
#
interface Ethernet0/1   
 pppoe-client dial-bundle-number 1 //定义拨号口
 nat outbound 2000                        
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 add interface Ethernet0/0
 set priority 85
#
firewall zone untrust
 add interface Ethernet0/1
 add interface Dialer1
 set priority 5
#
firewall zone DMZ
 set priority 50
#                                        
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
 dhcp server forbidden-ip 192.168.1.1 192.168.1.99 // 排除不要DHCP分配的地址
#
 ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 //定义默认路由
#
 firewall defend ip-spoofing   //定义防攻击列表
 firewall defend land
 firewall defend smurf
 firewall defend fraggle
 firewall defend winnuke
 firewall defend icmp-redirect
 firewall defend icmp-unreachable
 firewall defend source-route            
 firewall defend route-record
 firewall defend tracert
 firewall defend ping-of-death
 firewall defend tcp-flag
 firewall defend ip-fragment
 firewall defend large-icmp
 firewall defend teardrop
 firewall defend ip-sweep
 firewall defend port-scan
 firewall defend arp-spoofing
 firewall defend arp-reverse-query
 firewall defend arp-flood
 firewall defend frag-flood
 firewall defend syn-flood enable
 firewall defend udp-flood enable
 firewall defend icmp-flood enable
#
user-interface con 0
 authentication-mode scheme  //定义console认证方式
user-interface aux 0
user-interface vty 0 4   //定义telnet认证方式
 authentication-mode scheme
#
return                                   
[H3C]    disp save
#
 sysname H3C
#
 firewall packet-filter enable
 firewall packet-filter default permit
#
 undo connection-limit enable
 connection-limit default deny
 connection-limit default amount upper-limit 50 lower-limit 20
#
 dialer-rule 1 ip permit
#
 firewall statistic system enable
#
radius scheme system
 server-type extended
#
domain system
#
local-user admin
 password simple admin123
 service-type telnet terminal
 level 3
#
dhcp server ip-pool lanpool              
 network 192.168.1.0 mask 255.255.255.0
 gateway-list 192.168.1.1
 dns-list 202.96.128.166 202.96.134.133
#
acl number 2000
 rule 0 permit source 192.168.1.0 0.0.0.255
#
interface Aux0
 async mode flow
#
interface Dialer1
 link-protocol ppp
 ppp pap local-user [email protected] password simple BWGBTLTJ
 ip address ppp-negotiate
 dialer user [email protected]
 dialer bundle 1
 nat outbound 2000
#
interface Ethernet0/0
 ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/1
 pppoe-client dial-bundle-number 1
 nat outbound 2000                       
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
 set priority 100
#
firewall zone trust
 add interface Ethernet0/0
 set priority 85
#
firewall zone untrust
 add interface Ethernet0/1
 add interface Dialer1
 set priority 5
#
firewall zone DMZ
 set priority 50
#                                        
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
 dhcp server forbidden-ip 192.168.1.1 192.168.1.99
#
 ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60
#
user-interface con 0
 authentication-mode scheme
user-interface aux 0
user-interface vty 0 4
 authentication-mode scheme
#
return
[H3C]   
 
 
  成果分享:
 
 (中途的时候,看起来有点乱)
 
  这个时候看起来就好点了。
 
 
  (近看)
 
 
  (远观)
  期待技术人的指点。
 
  *本来有很多图片,但是有限制,太大传不上来。只选了其中几个做了一下才传上来。
  完成之后此公司不满意,说网速慢,我是很郁闷,那么多人用4M的ADLS,你还想快到那里去啊?不说下载之类的。
  总结:1做项目是很累的,但是也能学到很多东西。2,在引次项目中我们遇到了很多问题,总结一下是事先没有做一个详细的计划;3很多公司是不重示网络或者是信息技术的,比如说这个公司,是一个房地产公司,据我的了解实力很强,但是却不愿意在信息方面做功夫,这其实是很可悲的。
 

本文出自 “梦想进行时” 博客,转载请与作者联系!

你可能感兴趣的:(职场,休闲,网络工程)