某银行网络应急方案措施Word格式.docx
- 文档编号:3496606
- 上传时间:2023-05-01
- 格式:DOCX
- 页数:58
- 大小:27.21KB
某银行网络应急方案措施Word格式.docx
《某银行网络应急方案措施Word格式.docx》由会员分享,可在线阅读,更多相关《某银行网络应急方案措施Word格式.docx(58页珍藏版)》请在冰点文库上搜索。
●联系XX公司,并启动原厂商保修服务备件更换程序。
●因为两台7206路由器是互为备份的,一台发生故障不影响实际业务,不调用库房备件和集成商备件更换,等待原厂商备件到达。
●对于能够在线插拔的接口模块、有standby的引擎和电源,优先使用在线更换方式。
在线更换的具体操作流程如下:
a)用笔记本电脑连接在网络设备的Console上,启动Console监控和记录;
b)准备好存档的系统配置,备用。
如有可能,同时保存当前系统配置;
c)对故障模块上连接的线缆做好标记,小心拔下;
d)做好安全接地,拔下故障模块;
e)检查设备和模块状态,确认是否影响整个设备或其他模块正常运行,standby模块是否正常接管;
f)做好安全接地,插上更换的备件模块;
g)检查设备和模块状态,确认是否能够正常识别新模块,是否影响其他模块运行;
h)按原样插上线缆;
i)检查线缆连接状态正常;
j)确认备件更换成功。
l对于机箱、不能在线插拔的接口模块、或者没有standby的引擎和电源,采用下电更换方式。
下电更换的具体操作流程如下:
a)准备好存档的系统配置,备用。
b)准备好原先使用的系统软件,备用;
c)故障设备下电;
d)对需要拔除的线缆做好标记,小心拔下。
如果机箱或引擎更换,需拔除所有连接线缆;
e)更换备件;
f)用笔记本电脑连接在网络设备的Console上,启动Console监控和记录;
g)设备上电;
h)检查系统自检情况,确认无硬件故障;
i)安装系统软件;
j)恢复系统配置;
k)冷启动,确认软硬件正常工作;
l)按原样插上其他线缆;
m)检查线缆连接状态正常;
n)确认备件更换成功。
三、核心交换机故障应急
1.一台4506交换机故障应急
登陆交换机使用showlog,showipintbrie,showprocesscpuhis,showiproute,ping对端地址,showvlanbrie,showvtpstat,showprocessmem,showmodul,showdiag,showipeigrpnei,showcdpnei等一系列命令来查找、确认故障。
因为两台4506核心交换机完全是热备的双机,所以一台发生故障并不影响业务运行。
对于配置问题要制定正确的更改配置脚本,备份当前配置以后实施更改;
对于线路问题的要制作新网线,替换故障的网线;
对于硬件问题要练习XX公司,申请硬件故障维修。
对于能够在线插拔的接口模块、有standby的引擎和电源,优先使用在线更换方式。
l)对于交换机要将VTP设置为Client模式,首先连接上行线缆,确认VTP复制正确;
m)按原样插上其他线缆;
n)检查线缆连接状态正常;
o)确认备件更换成功。
2.当核心交换同时瘫痪在20分钟内保证业务正常运作
现有2台备用的cisco3550,在两台核心cisco4506同事瘫痪后,将其作为核心交换来保证业务的正常运作,同时保持原有的网络拓扑及网络核心的安全策略和qos。
3550核心交换配置定义
设备命名
hostnameproduction
设备软件版本
使用支持动态路由协议的IOS:
c3550-i5k2l2q3-mz.121-13.EA1a.bin
Vlan定义
1defaultactiveFa0/1,Fa0/2,Fa0/35,Fa0/36
Fa0/37,Fa0/38,Fa0/39,Fa0/40
Fa0/41,Fa0/42,Fa0/43,Fa0/44
Fa0/45,Fa0/46,Fa0/47,Fa0/48
2vlan0002activeFa0/10,Fa0/21,Fa0/25,Fa0/34
Gi0/1,Gi0/2
3vlan0003activeFa0/5,Fa0/8,Fa0/11,Fa0/12
Fa0/17,Fa0/19,Fa0/20,Fa0/22
Fa0/28,Fa0/29,Fa0/30,Fa0/32
4vlan0004activeFa0/13,Fa0/18,Fa0/27
5vlan0005activeFa0/7
6vlan0006active
10vlan0010activeFa0/4,Fa0/6,Fa0/14
20vlan0020active
30vlan0030active
40vlan0040active
50VLAN0050active
60VLAN0060active
63vlan0063active
128vlan0128activeFa0/3,Fa0/24,Fa0/26,Fa0/31
Fa0/33
195vlan195activeFa0/16,Fa0/23
196vlan196active
255VLAN0255activeFa0/9,Fa0/15
Ip地址分配及hsrp
interfaceVlan1
noipaddress
noipredirects
shutdown
standby10priority100
standby10preempt
!
interfaceVlan2
ipaddress10.20.191.2255.255.255.0
ipaccess-group101in
standby20ip10.20.191.1
standby20priority150
standby20preempt
interfaceVlan3
ipaddress10.20.189.2255.255.255.0
standby30ip10.20.189.1
standby30priority150
standby30preempt
interfaceVlan4
ipaddress10.20.187.66255.255.255.192
standby40ip10.20.187.65
standby40priority150
standby40preempt
interfaceVlan5
ipaddress10.20.187.2255.255.255.192
standby50ip10.20.187.1
standby50priority150
standby50preempt
interfaceVlan6
standby60ip10.20.185.3
standby60priority150
standby60preempt
interfaceVlan10
ipaddress10.20.0.2255.255.255.0
ipaccess-group103in
standby100ip10.20.0.1
standby100timers515
standby100priority200
standby100preempt
standby100trackVlan1050
interfaceVlan20
standby110timers515
standby110priority150
standby110preempt
standby110trackVlan2050
interfaceVlan30
standby120ip10.20.198.100
standby120timers515
standby120priority200
standby120preempt
standby120trackVlan3050
interfaceVlan40
standby130ip10.20.197.100
standby130timers515
standby130priority150
standby130preempt
standby130trackVlan4050
interfaceVlan50
ipaddress10.20.1.2255.255.255.0
iphelper-address10.20.0.10
standby150ip10.20.1.1
standby150timers515
standby150priority150
standby150preempt
standby150trackVlan150
interfaceVlan63
interfaceVlan128
ipaddress10.20.128.4255.255.255.0
standby160ip10.20.128.8
standby160timers515
standby160priority150
standby160preempt
standby160trackVlan12850
interfaceVlan150
interfaceVlan195
ipaddress10.20.195.2255.255.255.0
standby195ip10.20.195.1
standby195priority150
standby195preempt
interfaceVlan196
standby196ip10.20.196.1
standby196priority100
standby196preempt
interfaceVlan255
ipaddress10.20.255.2255.255.255.0
standby255ip10.20.255.1
standby255priority200
standby255preempt
路由策略
routereigrp20
redistributestatic
network10.20.0.00.0.255.255
noauto-summary
noeigrplog-neighbor-changes
iproute0.0.0.00.0.0.010.20.191.18
iproute10.20.9.1255.255.255.25510.20.191.18
iproute10.20.9.111255.255.255.25510.20.191.18
iproute10.20.184.0255.255.255.010.20.191.18
iproute10.20.186.0255.255.255.010.20.191.18
iproute10.20.186.245255.255.255.25510.20.191.18
iproute10.20.210.3255.255.255.25510.20.255.15
iproute10.20.210.4255.255.255.25510.20.255.16
iproute10.20.210.5255.255.255.25510.20.255.17
iproute10.20.210.11255.255.255.25510.20.191.18
iproute10.20.210.12255.255.255.25510.20.191.18
iproute10.20.210.13255.255.255.25510.20.191.18
iproute10.20.210.14255.255.255.25510.20.191.18
access-list101permitiphost10.20.0.240host10.20.186.246
access-list101permitiphost10.20.0.240host10.20.186.245
access-list101denyip192.168.0.00.0.255.25510.0.128.00.255.63.255
access-list101denyip192.168.0.00.0.255.255172.16.0.00.0.255.255
access-list101denyip192.168.0.00.0.255.25510.0.192.00.255.63.255
access-list101denyip10.0.0.00.255.63.25510.0.128.00.255.63.255
access-list101denyip10.0.0.00.255.63.255172.16.0.00.0.255.255
access-list101denyip10.0.0.00.255.63.25510.0.192.00.255.63.255
access-list101permitipanyany
access-list103permitiphost10.20.0.245host10.20.184.10
access-list103permitiphost10.20.0.240host10.20.184.10
access-list103permitiphost10.20.0.240host10.20.186.246
access-list103permitiphost10.20.0.240host10.20.186.245
access-list103permitiphost10.20.0.245host10.20.184.18
access-list103permitiphost10.20.0.240host10.20.184.18
access-list103permitiphost10.20.0.245host10.20.184.12
access-list103permitiphost10.20.0.240host10.20.184.5
access-list103permitiphost10.20.0.21host10.20.184.20
access-list103permitip10.20.0.00.0.0.255host10.20.184.3
access-list103permitip10.20.0.00.0.0.255host10.20.184.4
access-list103permitip10.20.0.00.0.0.255host10.20.184.7
access-list103permitip10.20.0.00.0.0.255host10.20.184.30
access-list103permitip10.20.0.00.0.0.255host10.20.184.13
access-list103permitip10.20.0.00.0.0.255host10.20.184.15
access-list103permitip10.20.0.00.0.0.255host10.20.184.16
access-list103permitip10.20.0.00.0.0.255host10.20.184.20
access-list103permitip10.20.2.00.0.0.255host10.20.184.13
access-list103permitip10.20.3.00.0.0.255host10.20.184.13
access-list103permitip10.20.0.00.0.0.255host10.20.184.17
access-list103permitiphost10.20.0.245host10.20.184.19
access-list103permitiphost10.20.0.240host10.20.184.19
access-list103denyip192.168.0.00.0.255.25510.0.128.00.255.63.255
access-list103denyip192.168.0.00.0.255.255172.16.0.00.0.255.255
access-list103denyip192.168.0.00.0.255.25510.0.192.00.255.63.255
access-list103denyip10.0.0.00.255.63.25510.0.128.00.255.63.255
access-list103denyip10.0.0.00.255.63.255172.16.0.00.0.255.255
access-list103denyip10.0.0.00.255.63.25510.0.192.00.255.63.255
access-list103permitipanyany
Qos
作为核心交换机无需在此配置qos
安全策略
aaanew-model
aaaauthenti
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 银行 网络 应急 方案 措施