XXXX电厂网络设备调试报告一、网关加密设备根据国网公司《全国电力二次系统安全防护总体方案》要求，在山东省电力公司安排部署下，山东XXX有限公司于2012年6月在XXXX电厂部署纵向加密认证装置及调试。

在完成本阶段的工作后现将工程实施情况做出说明。

一、工程介绍根据国网公司《全国电力二次系统安全防护总体方案》要求，计划在XXX 电厂部署纵向加密认证装置，保证实时业务的加密传输，非实时、保护业务的明文传输。

根据现场环境及客户的要求本次装置部署在路由器与交换机之间，保证所有业务VPN都通过纵向加密装置传输。

具体网络拓扑结构请参见下图：XXXX电厂节点网络拓扑图实现在部署完成的节点对纵向加密装置进行远程监控、配置、管理。

二、本阶段实施情况本阶段工程于XXXX电厂部署百兆RJ45电口纵向加密设备一台。

完成XXX电厂两台百兆RJ45电口纵向加密设备的部署，实现实时业务加密通信；非实时、保护业务明文通信。

转发给公司的业务数据传输正常。

并在配置中考虑了在未来非实时、保护业务接入密通的需要，能够较快的实现业务的明密通转换。

在设备接入的情况下充分考虑到现有网络中交换机与路由器的互连，中心节点网管机对交换机、路由器的远程管理。

在设备的配置中保证厂站端交换机的网管正常。

通过现场测试与阶段性运行，设备接入后厂站端交换机、路由器网管功能全部正常。

完成一台纵向加密的安装调试，设备运行状况正常。

三、调试报告首先通过网线连接设备的eth4接口，打开纵向加密管理工1对设备的基本参数进行配置2配置vlan3配置路由4配置隧道5配置策略6将隧道对应的证书导入至此，纵向加密配置完成。

XXXXXXXXXXX(安装)调试工程师；XXXXXXXXXXXXXXXX(记录)人员；XXXXX二、交换机、路由器配置调试文档1.现场沟通在客户现场经过于客户负责人进行方案沟通，了解到用户购买设备的用途及网络的基本架构情况，并向项目负责人处要取获得网络调试所需要的网络规划数据，并根据网络规划数据现场对设备进行调试和安装。

2、数据网络路由器配置如下：[SD-JiaHongZhan.R1]dis cu#version5.20,Release2209P15,Standard#sysname SD-JiaHongZhan.R1#super password level3cipher$c$3$CTWtbnxTybrdIiVNPI7ssukmA7w==#configure-user count5#domain default enable system#router id37.2.72.186#telnet server enable#dar p2p signature-file cfa0:/p2p_default.mtd#port-security enable#mpls lsr-id37.2.72.186#ip vpn-instance vpn-rtroute-distinguisher23721:1vpn-target23721:101export-extcommunityvpn-target23721:100import-extcommunity#ip vpn-instance vpn-nrtroute-distinguisher23721:2vpn-target23721:201export-extcommunityvpn-target23721:200import-extcommunity#vlan1#mplsttl propagate vpnundo ttl expiration pop#mpls ldp#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#user-group systemgroup-attribute allow-guest#local-user adminpassword cipher$c$3$40gC1cxf/wIJNa1ufFPJsjKAof+QP5aV authorization-attribute level3service-type telnet#interface Aux0async mode flowlink-protocol ppp#interface Cellular0/0async mode protocollink-protocol ppp#interface Serial4/0description to-RZDD-R-NE40-1link-protocol pppip address37.152.186.2255.255.255.252ospf cost500mplsmpls ldp#interface Serial4/1description to-RZDD-R-NE40-2link-protocol pppip address37.152.186.6255.255.255.252 ospf cost500mplsmpls ldp#interface NULL0#interface LoopBack0ip address37.2.72.186255.255.255.255#interface GigabitEthernet0/0port link-mode route#interface GigabitEthernet0/0.10 description ce-managevlan-type dot1q vid10ip address37.152.186.30255.255.255.240 #interface GigabitEthernet0/0.199 description VPN-RTvlan-type dot1q vid199ip binding vpn-instance vpn-rtip address37.153.186.126255.255.255.128 #interface GigabitEthernet0/0.299 description VPN-NRTvlan-type dot1q vid299ip binding vpn-instance vpn-nrtip address37.154.186.126255.255.255.128 #interface GigabitEthernet0/1port link-mode route#bgp23721undo synchronizationtimer keepalive5hold15group rzdd internalpeer rzdd connect-interface LoopBack0 peer37.2.72.254group rzddpeer37.2.73.254group rzdd#ipv4-family vpn-instance vpn-rtimport-route direct#ipv4-family vpn-instance vpn-nrtimport-route direct#ipv4-family vpnv4peer rzdd enablepeer37.2.72.254enablepeer37.2.72.254group rzddpeer37.2.73.254enablepeer37.2.73.254group rzdd#ospf1import-route directarea0.0.0.1network37.152.186.00.0.0.3area0.0.0.2network37.152.186.40.0.0.3#snmp-agentsnmp-agent local-engineid800063A2035866BA7FAA48snmp-agent community write raddrwsnmp-agent community read rzddrosnmp-agent community write rzddrwsnmp-agent sys-info version allundo snmp-agent trap enable voice dial#load xml-configuration#load tr069-configuration#user-interface con0user-interface tty13user-interface aux0user-interface vty04set authentication password cipher$c$3$wjDircwXvMELIqIp/gS9nLzGdO #return3、数据网络交换机配置如下[SD-JiaHongZhan.S1]dis cu#sysname SD-JiaHongZhan.S1#super password level3cipher1D.L#`-M]I_,UMD0PV(YO1!! #radius scheme system#domain system#vlan1#vlan10description CE-Manage#vlan199description VPN-RT#vlan299description VPN-NRT#interface Vlan-interface10description CE-Manageip address37.152.186.17255.255.255.240#interface Vlan-interface199description VPN-RT#interface Vlan-interface299description VPN-NRT#interface Aux1/0/0#interface Ethernet1/0/1port access vlan199#interface Ethernet1/0/2port access vlan199#interface Ethernet1/0/3port access vlan199#interface Ethernet1/0/4port access vlan199#interface Ethernet1/0/5port access vlan199#interface Ethernet1/0/6 port access vlan199#interface Ethernet1/0/7 port access vlan199#interface Ethernet1/0/8 port access vlan199#interface Ethernet1/0/9 port access vlan299#interface Ethernet1/0/10 port access vlan299#interface Ethernet1/0/11 port access vlan299#interface Ethernet1/0/12 port access vlan299#interface Ethernet1/0/13 port access vlan299#interface Ethernet1/0/14 port access vlan299#interface Ethernet1/0/15 port access vlan299#interface Ethernet1/0/16 port access vlan299#interface Ethernet1/0/17 port access vlan299#interface Ethernet1/0/18 port access vlan299#interface Ethernet1/0/19 port access vlan299#interface Ethernet1/0/20 port access vlan299#interface Ethernet1/0/21port access vlan299#interface Ethernet1/0/22port access vlan299#interface Ethernet1/0/23port access vlan299#interface Ethernet1/0/24port link-type trunkport trunk permit vlan110199299description to MSR3020-1#interface GigabitEthernet1/1/1#interface GigabitEthernet1/1/2#interface GigabitEthernet1/1/3#interface GigabitEthernet1/1/4#undo irf-fabric authentication-mode#interface NULL0#voice vlan mac-address0001-e300-0000mask ffff-ff00-0000#ip route-static0.0.0.00.0.0.037.152.186.30preference60#snmp-agentsnmp-agent local-engineid800063A280F62E48316E6877snmp-agent community read rzddrosnmp-agent community write rzddrwsnmp-agent sys-info version all#user-interface aux07user-interface vty04set authentication password cipher;"1ST$Q^&[SQ=^Q`MAF4<1!!#return4、数据网络路由器端口分配情况interface Serial4/0和interface Serial4/1用来和市局的路由器进行互联interface GigabitEthernet0/0接口用来和局域网交换机互联5、数据网络交换机端口分配情况interface Ethernet1/0/1-- interface Ethernet1/0/8属于VLAN199 interface Ethernet1/0/9-- interface Ethernet1/0/23属于VLAN299交换机的interface Ethernet1/0/24用来上连路由器6、办公内网路由器配置如下[RZJHC-R1]dis cu#version5.20,Release2209P15,Standard#sysname RZJHC-R1#super password level3cipher$c$3$CTWtbnxxC10pT7uUvrZHmk1YLr0e #ftp server enable#domain default enable system#router id10.37.207.197#telnet server enable#dar p2p signature-file cfa0:/p2p_default.mtd#port-security enable#vlan1#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#user-group systemgroup-attribute allow-guest#local-user abcdpassword cipher$c$3$1+SFRrfPojx/CBya4Jm68VTXlNRmo6Q= authorization-attribute level3service-type ftplocal-user adminpassword cipher$c$3$nH3DI7gxrRRbVjEB+lUxm5phiOczymvd authorization-attribute level3service-type telnet#cwmpundo cwmp enable#interface Aux0async mode flowlink-protocol ppp#interface Cellular0/0async mode protocollink-protocol pppppp mp Mp-group1ospf cost5000ospf authentication-mode md510cipher$c$3$IqIpnvXcfL0Hwry18cHg== #interface Serial4/0fe1unframedlink-protocol pppppp mp Mp-group1#interface Serial4/1fe1unframedlink-protocol ppp#interface Mp-group1ip address10.37.207.18255.255.255.252ospf cost5000ospf authentication-mode md510cipher$c$3$dl8Nu2ESu3LBNXalzg== #interface NULL0#interface LoopBack0ip address10.37.207.197255.255.255.255#interface GigabitEthernet0/0port link-mode routeip address10.37.227.38255.255.255.248#interface GigabitEthernet0/1port link-mode route#ospf1import-route directarea0.0.0.17authentication-mode md5network10.37.207.1970.0.0.0network10.37.227.320.0.0.7network10.37.207.160.0.0.3stub no-summary##voice-setup#sip#sip-server#call-rule-set#call-route#dial-programdefault entity fax protocol standard-t38default entity fax protocol standard-t38hb-redundancy0 default entity fax protocol standard-t38lb-redundancy0 #aaa-client#gk-client#snmp-agentsnmp-agent local-engineid800063A2035866BA7FAAD8 snmp-agent community read80126589snmp-agent community write Sednet02snmp-agent sys-info version allsnmp-agent target-host trap address udp-domain10.37.244.1params securityname80126589snmp-agent target-host trap address udp-domain10.37.244.33params securityname80126589undo snmp-agent trap enable voice dial#load xml-configuration#load tr069-configuration#user-interface con0user-interface tty13user-interface aux0user-interface vty04authentication-mode scheme#return6、调度网络路由器端口分配情况interface Serial4/1和interface Serial4/0口用来链接市局供电公司interface GigabitEthernet0/0用来链接内网办公交换机7、网络调试结束网络设备连接成功，XXXXXXXXXX(安装)调试工程师；XXXXXXXXXXXXXX(记录)人员；XXXXXXX三、HD-2000-UTM防火墙调试安装报告1．设备安装人员2.设备安装时间2012年07月30日3.安装设备情况HD-2000-UTM：壹台4.设备安装部署情况一、HD-2000-UTM部署在内网和外网之间，实现访问控制等安全防御。