Changde Finance Bureau project implementation Summary (ar2811 s6506)

For example, it is the network topology of the Administrative Intranet in Shimen County,
From the county bureau to the municipal Bureau, we use the ar2811 of huasan,
We need to configure the virtual channel (Tunnel) on ar2811 ),
Configure the OSPF protocol in the virtual channel,
To connect the routes in the channel.
Outside the channel,
At the same time, you must specify a static route from ar2811 to the telecom router,
At this point in Shimen County, I encountered some minor problems,
Because the import-route direct command is not configured,
As a result, the router can be connected to the provincial network, but the firewall cannot.
It was so important to introduce direct connection routing between interfaces.

I need to pay attention to the following knowledge points:
1. Configure import-route static When configuring OSPF
2. configure a loopback address.

As work requires, I need to understand the internal network structure of the finance bureau,
Configure the core switch of the Intranet and
Configure the tianrongxin firewall for Nat to allow Intranet users in the county to access provincial departments and municipal departments,

The Shimen County Intranet configuration process is as follows:
1. Add a VLAN 205
2. Set the vlan ip address to 192.168.1.0 255.255.255.0
3. Divide the interface 6/0/1-6/0/5 into this VLAN.
4. check whether these interfaces can be connected to the provincial network.
5. log on to the core switch (Intranet) 192.168.1.253
6. Route entries to the provincial network are set on the vswitch, all of which go through the tianrongxin firewall.
6. Set the loose route on the tianrongxin firewall. All traffic from the Intranet Switch
All go through the VLAN 205 port IP address of the switch.

1.
VLAN 205
Description connect_to_shenshi

2.
Int vlan205
IP address 192.168.1.253 255.255.255.0

3. VLAN 205
Port e6./0/1 to E6/0/5

4. http: // 10.104.9.18
(The connected machine must be in the network segment 192.168.1.0/24. The default gateway is 192.168.1.254)

5. Telnet 192.168.1.253

IP route-static 10.104.9.0 24 192.168.1.254
IP route-static 10.104.10.0 24 192.168.1.254

6. https: // 192.168.1.254
Configure a route back to all machines from the 10.104.140.0 network segment and the route back to 192.168.1.253

During the above configuration, I consulted ** to confirm these steps,
I found that it is important to pay attention to the switch configuration,
If you want the following machine to access the external network,
Then, you must tell the core switch how to route,
And set the ing route on the firewall,
Otherwise, the information goes out, but there is no way back.

In terms of management, I and *** summarized each point,
The most influential project progress is the physical connection problem with the county-City Telecom router,
For example,
What we encountered in Shimen County was that the port on the China Telecom side failed due to an error,
Hanshou County encountered a situation where optical fiber circuit breaking from China Telecom to the county finance bureau caused a problem,
Linshu county is the finance bureau, this end of the optical fiber connected protocol converter is broken, leading to failure,
The problem at each point is different, but the result is that 2811 of us cannot connect to the city or the province.

And most of our time is spent waiting for China Telecom to solve this problem,
The second is to help the County Finance Bureau set up Intranet routes.
When I suggest that this project be executed in other cities,
When China Telecom deploys physical links,
You can bring your own laptop,
Configure the IP address assigned to the router,
Ping the opposite end of the county bureau,
If the problem persists, we can solve the problem at the time of installation before we arrive,
They also save trouble,
We do not need to call China Telecom to handle the problem after arriving at the site.