建工學(xué)院校園網(wǎng)網(wǎng)管操作手冊(cè)1_第1頁(yè)
建工學(xué)院校園網(wǎng)網(wǎng)管操作手冊(cè)1_第2頁(yè)
建工學(xué)院校園網(wǎng)網(wǎng)管操作手冊(cè)1_第3頁(yè)
建工學(xué)院校園網(wǎng)網(wǎng)管操作手冊(cè)1_第4頁(yè)
建工學(xué)院校園網(wǎng)網(wǎng)管操作手冊(cè)1_第5頁(yè)
已閱讀5頁(yè),還剩35頁(yè)未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

1、建工學(xué)院校園網(wǎng)簡(jiǎn)明操作手冊(cè)北京建工學(xué)院網(wǎng)絡(luò)中心北京北辰2002 年 9 月本手冊(cè)主要介紹對(duì)上網(wǎng)用戶要做的基本操作內(nèi)容,該手冊(cè)的內(nèi)容包括:校園網(wǎng)用戶策略、Catalyst6506 交換機(jī)上做 ACL控制列表及 IP地址與 MAC 地址綁定、Catalyst2948G-L3 交換機(jī)上做 ACL控制列表及 IP地址與 MAC 地址綁定、Catalyst3524 交換機(jī)上做 MAC 地址綁定、Start1924f+實(shí)達(dá)交換機(jī)上做 port 與 MAC 地址綁定,以及金諾網(wǎng)安計(jì)費(fèi)系統(tǒng)上做用戶與 IP 地址綁定等具體內(nèi)容。另外,本手冊(cè)內(nèi)容還包含目前在 Catalyst6506 及 Catalyst2948

2、G-L3 交換機(jī)上所做的 ACL控制列表等內(nèi)容。目錄第 1 章第 2 章第 3 章校園網(wǎng)用戶策略4Catalyst6506 交換機(jī)上做 ACL控制列表6Catalyst6506 交換機(jī)上做 IP 地址與 MAC 地址綁定25控制列表26第 4 章Catalyst2948G-L3 交換機(jī)上做 ACL第 5 章Catalyst2948G-L3 交換機(jī)上做 IP 地址與 MAC 地址綁定35Catalyst3524 交換機(jī)上做 MAC 地址綁定35Start1924f+實(shí)達(dá)交換機(jī)上做 port 與 MAC 地址綁定37金諾網(wǎng)安計(jì)費(fèi)系統(tǒng)上做用戶與 IP 地址綁定38第 6 章第 7 章第 8 章第 1

3、 章校園網(wǎng)用戶策略校園網(wǎng)內(nèi)部策略1) 辦公區(qū)l辦公區(qū)的用戶之間可以互訪l可以內(nèi)網(wǎng)、服務(wù)器,學(xué)生宿舍指定服務(wù)器端口l除網(wǎng)絡(luò)中心區(qū)域和辦公區(qū)特定服務(wù)器外,所有其它區(qū)域不可以辦公區(qū)的信息l辦公區(qū)域內(nèi)如果架設(shè)校內(nèi)站點(diǎn),需要經(jīng)過(guò)宣傳部批準(zhǔn)后,對(duì)其服務(wù)器需進(jìn)行簡(jiǎn)單的安全檢查,符合標(biāo)準(zhǔn)后,針對(duì)相應(yīng)服務(wù)對(duì)其他地區(qū)開(kāi)放相應(yīng)端口的l辦公區(qū)的用戶不能網(wǎng)絡(luò)設(shè)備及服務(wù)器,只能服務(wù)器的指定端口,能訪問(wèn)服務(wù)器/工作站,用戶能 PING 通各自的網(wǎng)關(guān)地址l為了防止內(nèi)部IP 盜用問(wèn)題,采用對(duì)每個(gè) VLAN 做控制列表,為了做到列表聚合,在每個(gè) VLAN 中放開(kāi)(permit)前 16 個(gè)連續(xù)地址,然后(deny)掉后面的地址段

4、。2) 計(jì)算機(jī)房區(qū)l機(jī)房?jī)?nèi)部可以互訪l機(jī)房與機(jī)房之間不可以互訪l可以內(nèi)網(wǎng)、服務(wù)器,辦公區(qū)指定的服務(wù)器端口、學(xué)生宿舍指定服務(wù)器端口l不可以辦公區(qū)其他計(jì)算機(jī)l不可以家屬宿舍區(qū)l不可以學(xué)生宿舍區(qū)l計(jì)算機(jī)房區(qū)的用戶不能網(wǎng)絡(luò)設(shè)備及服務(wù)器,只能服務(wù)器的指定端口,服務(wù)器/工作站,用戶能 PING 通各自的網(wǎng)關(guān)地址能l為了防止內(nèi)部IP 盜用問(wèn)題,采用對(duì)每個(gè) VLAN 做控制列表。但計(jì)算機(jī)房區(qū)內(nèi)的具體ACL 不做,即:把每個(gè) VLAN 所在的 IP 地址段全部放開(kāi)(permit)。3) 學(xué)生宿舍區(qū)l學(xué)生宿舍區(qū)域內(nèi)用戶之間可以互訪l可以內(nèi)網(wǎng)、服務(wù)器,辦公區(qū)指定服務(wù)器端口l不可以計(jì)算機(jī)房區(qū)域l不可以辦公區(qū)計(jì)算機(jī)l不

5、可以家屬宿舍區(qū)l學(xué)生宿舍區(qū)域內(nèi)如果架設(shè)校內(nèi)站點(diǎn),需要經(jīng)過(guò)宣傳部批準(zhǔn)后,對(duì)其服務(wù)器需進(jìn)行簡(jiǎn)單的安全檢查,符合標(biāo)準(zhǔn)后,針對(duì)相應(yīng)服務(wù)對(duì)其他地區(qū)開(kāi)放相應(yīng)端口的訪問(wèn)l學(xué)生宿舍區(qū)的用戶不能網(wǎng)絡(luò)設(shè)備及服務(wù)器,只能服務(wù)器的指定端口,服務(wù)器/工作站,用戶能 PING 通各自的網(wǎng)關(guān)地址能l為了防止內(nèi)部IP 盜用問(wèn)題,采用對(duì)每個(gè) VLAN 做控制列表,為了做到列表聚合,在每個(gè) VLAN 中放開(kāi)(permit)前 16 個(gè)連續(xù)地址,然后(deny)掉后面的地址段。4) 家屬宿舍區(qū)l家屬宿舍區(qū)域內(nèi)樓與樓之間不可以互訪l可以內(nèi)網(wǎng)、服務(wù)器,辦公區(qū)指定的服務(wù)器端口、學(xué)生宿舍指定服務(wù)器端口l不可以辦公區(qū)其他計(jì)算機(jī)l不可以計(jì)算機(jī)

6、房區(qū)l不可以學(xué)生宿舍區(qū)l家屬宿舍區(qū)的用戶不能網(wǎng)絡(luò)設(shè)備及服務(wù)器,只能服務(wù)器的指定端口,服務(wù)器/工作站,用戶能 PING 通各自的網(wǎng)關(guān)地址能l為了防止內(nèi)部IP 盜用問(wèn)題,采用對(duì)每個(gè) VLAN 做控制列表,為了做到列表聚合,在每個(gè) VLAN 中放開(kāi)(permit)前 16 個(gè)連續(xù)地址,然后(deny)掉后面的地址段。附IP 地址段: 55服務(wù)器(new)IP 地址段: 55網(wǎng)絡(luò)中心 IP 地址段: 55指定選課服務(wù)器(原來(lái)的)IP 地址:00第 2

7、章Catalyst6506 交換機(jī)上做 ACL控制列表根據(jù)第 1 章所定的用戶策略,現(xiàn)在 6506 上做了 ACL控制列表,具體內(nèi)容如下:1、 辦公區(qū) (開(kāi)放每個(gè) VLAN 的前 16 個(gè) IP 地址)VLAN19:access-list 102 permit ip 5 host access-list 102 permit ip 5 host 0access-list 102 permit ip 5 host 0access-list 1

8、02 permit ip 5 55access-list 102 permit tcp 5 host 0 eq 20access-list 102 permit tcp 5 host 0 eq 21access-list 102 permit udp 5 host 0 eq domainaccess-list 102 permit tcp

9、5 host 0 eq wwwaccess-list 102 permit tcp 5 host 0 eq smtpaccess-list 102 permit tcp 5 host 0 eq pop3access-list 102 permit udp 5 host 0 eq domainaccess-list 102 permit tcp 5 host 0 eq 20acces

10、s-list 102 permit tcp 5 host 0 eq 21access-list 102 permit tcp 5 host 0 eq wwwaccess-list 102 permit ip 5 55access-list 102 permit ip 5 55access-list 102 permit ip 5

11、 55access-list 102 deny ip 5 55access-list 102 deny ip 5 55access-list 102 deny ip 5 55access-list 102 deny ip 5 55access-list 102 permit ip 10

12、.1.16.0 5 anyVLAN20:access-list 103 permit ip 5 host access-list 103 permit ip 5 host 0access-list 103 permit ip 5 host 0access-list 103 permit ip 5 55access-list 103 permit tcp

13、 5 host 0 eq 20access-list 103 permit tcp 5 host 0 eq 21access-list 103 permit udp 5 host 0 eq domainaccess-list 103 permit tcp 5 host 0 eq wwwaccess-list 103 permit tcp 5 host 10.1.4.

14、50 eq smtpaccess-list 103 permit tcp 5 host 0 eq pop3access-list 103 permit udp 5 host 0 eq domainaccess-list 103 permit tcp 5 host 0 eq 20access-list 103 permit tcp 5 host 0 eq 21access-list 103 perm

15、it tcp 5 host 0 eq wwwaccess-list 103 permit ip 5 55access-list 103 permit ip 5 55access-list 103 permit ip 5 55access-list 103 deny ip 5

16、55access-list 103deny ip 5 55access-list 103 deny ip 5 55access-list 103 deny ip 5 55access-list 103 permit ip 5 anyVLAN21:access-list 104 permit ip 5 host 10.1.

17、24.30access-list 104 permit ip 5 host access-list 104 permit ip 5 host 0access-list 104 permit ip 5 55access-list 104 permit tcp 5 host 0 eq 20access-list 104 permit tcp 0.0.0.

18、15 host 0 eq 21access-list 104 permit udp 5 host 0 eq domainaccess-list 104 permit tcp 5 host 0 eq wwwaccess-list 104 permit tcp 5 host 0 eq smtpaccess-list 104 permit tcp 5 host 0 eq pop3acce

19、ss-list 104 permit udp 5 host 0 eq domainaccess-list 104 permit tcp 5 host 0 eq 20access-list 104 permit tcp 5 host 0 eq 21access-list 104 permit tcp 5 host 0 eq wwwaccess-list 104 permit ip

20、 5 55access-list 104 permit ip 5 55access-list 104 permit ip 5 55access-list 104 deny ip 5 55access-list 104 deny ip 5 55access-list 104 d

21、eny ip 5 55access-list 104 deny ip 5 55access-list 104 permit ip 5 anyVLAN22:access-list 105 permit ip host 0 anyaccess-list 105 permit ip 5 host 0access-list 105 permit ip 10.1.

22、19.0 5 host access-list 105 permit ip 5 55access-list 105 permit tcp 5 host 0 eq 20access-list 105 permit tcp 5 host 0 eq 21access-list 105 permit udp 5 host 0 eq domainacc

23、ess-list 105 permit tcp 5 host 0 eq wwwaccess-list 105 permit tcp 5 host 0 eq smtpaccess-list 105 permit tcp 5 host 0 eq pop3access-list 105 permit udp 5 host 0 eq domainaccess-list 105 permit tcp 10.

24、1.19.0 5 host 0 eq 20access-list 105 permit tcp 5 host 0 eq 21access-list 105 permit tcp 5 host 0 eq wwwaccess-list 105 permit ip 5 55access-list 105 permit ip 5 55a

25、ccess-list 105 permit ip 5 55access-list 105 deny ip 5 55access-list 105 deny ip 5 55access-list 105 deny ip 5 55access-list 105 deny ip 5 10.1.96

26、.0 55access-list 105 permit ip 5 anyVLAN23:access-list 106 permit ip 5 host 0access-list 106 permit ip 5 host access-list 106 permit ip 5 host 0access-list 106 permit ip 5 10.100.0

27、.0 55access-list 106 permit tcp 5 host 0 eq 20access-list 106 permit tcp 5 host 0 eq 21access-list 106 permit udp 5 host 0 eq domainaccess-list 106 permit tcp 5 host 0 eq wwwaccess-list 106 p

28、ermit tcp 5 host 0 eq smtpaccess-list 106 permit tcp 5 host 0 eq pop3access-list 106 permit udp 5 host 0 eq domainaccess-list 106 permit tcp 5 host 0 eq 20access-list 106 permit tcp 5

29、 host 0 eq 21access-list 106 permit tcp 5 host 0 eq wwwaccess-list 106 permit ip 5 55access-list 106 permit ip 5 55access-list 106 permit ip 5 55access-list 106 den

30、y ip 5 55access-list 106 deny ip 5 55access-list 106 deny ip 5 55access-list 106 deny ip 5 55access-list 106 permit ip 5 anyVLAN24:access-list 1

31、07 permit ip 5 host 0access-list 107 permit ip 5 host access-list 107 permit ip 5 host 0access-list 107 permit ip 5 55access-list 107 permit tcp 5 host 0 eq 20a

32、ccess-list 107 permit tcp 5 host 0 eq 21access-list 107 permit udp 5 host 0 eq domainaccess-list 107 permit tcp 5 host 0 eq wwwaccess-list 107 permit tcp 5 host 0 eq smtpaccess-list 107 permit tcp 10.

33、1.21.0 5 host 0 eq pop3access-list 107 permit udp 5 host 0 eq domainaccess-list 107 permit tcp 5 host 0 eq 20access-list 107 permit tcp 5 host 0 eq 21access-list 107 permit tcp 5 host 0

34、 eq wwwaccess-list 107 permit ip 5 55access-list 107 permit ip 5 55access-list 107 permit ip 5 55access-list 107 deny ip 5 55access-list 107 deny ip 0.0.

35、0.15 55access-list 107 deny ip 5 55access-list 107 deny ip 5 55access-list 107 permit ip 5 anyVLAN25:access-list 108 permit ip 5 host 0access-list 108 permit ip 10.1.22.

36、0 5 host access-list 108 permit ip 5 host 0access-list 108 permit ip 5 55access-list 108 permit tcp 5 host 0 eq 20access-list 108 permit tcp 5 host 0 eq 21access-list 108

37、permit udp 5 host 0 eq domainaccess-list 108 permit tcp 5 host 0 eq wwwaccess-list 108 permit tcp 5 host 0 eq smtpaccess-list 108 permit tcp 5 host 0 eq pop3access-list 108 permit udp 0.0.0.

38、15 host 0 eq domainaccess-list 108 permit tcp 5 host 0 eq 20access-list 108 permit tcp 5 host 0 eq 21access-list 108 permit tcp 5 host 0 eq wwwaccess-list 108 permit ip 5 55access-li

39、st 108 permit ip 5 55access-list 108 permit ip 5 55access-list 108 deny ip 5 55access-list 108 deny ip 5 55access-list 108 deny ip 5 0.0

40、.31.255access-list 108 deny ip 5 55access-list 108 permit ip 5 anyVLAN26:access-list 109 permit ip 5 host 0access-list 109 permit ip 5 host access-list 109 permit ip 5 host 10.1.1

41、9.10access-list 109 permit ip 5 55access-list 109 permit tcp 5 host 0 eq 20access-list 109 permit tcp 5 host 0 eq 21access-list 109 permit udp 5 host 0 eq domainaccess-list 109 permit tcp

42、 5 host 0 eq wwwaccess-list 109 permit tcp 5 host 0 eq smtpaccess-list 109 permit tcp 5 host 0 eq pop3access-list 109 permit udp 5 host 0 eq domainaccess-list 109 permit tcp 5 host 10.

43、1.4.30 eq 20access-list 109 permit tcp 5 host 0 eq 21access-list 109 permit tcp 5 host 0 eq wwwaccess-list 109 permit ip 5 55access-list 109 permit ip 5 55access-list 109 permit ip

44、 5 55access-list 109 deny ip 5 55access-list 109 deny ip 5 55access-list 109 deny ip 5 55access-list 109 deny ip 5 55access-list

45、 109 permit ip 5 anyVLAN 27:access-list 110 permit ip host 0 anyaccess-list 110 permit ip 5 host access-list 110 permit ip 5 host 0access-list 110 permit ip 5 55access-list 110 permit t

46、cp 5 host 0 eq 20access-list 110 permit tcp 5 host 0 eq 21access-list 110 permit udp 5 host 0 eq domainaccess-list 110 permit tcp 5 host 0 eq wwwaccess-list 110 permit tcp 5 host 10.1

47、.4.50 eq smtpaccess-list 110 permit tcp 5 host 0 eq pop3access-list 110 permit udp 5 host 0 eq domainaccess-list 110 permit tcp 5 host 0 eq 20access-list 110 permit tcp 5 host 0 eq 21access-list 110 p

48、ermit tcp 5 host 0 eq wwwaccess-list 110 permit ip 5 55access-list 110 permit ip 5 55access-list 110 permit ip 5 55access-list 110 deny ip 5 0.0.1

49、5.255access-list 110 deny ip 5 55access-list 110 deny ip 5 55access-list 110 deny ip 5 55access-list 110 permit ip 5 anyVLAN 28:access-list 111 permit ip 5 host

50、0access-list 111 permit ip 5 host access-list 111 permit ip 5 host 0access-list 111 permit ip 5 55access-list 111 permit tcp 5 host 0 eq 20access-list 111 permit tcp 0

51、.0.0.15 host 0 eq 21access-list 111 permit udp 5 host 0 eq domainaccess-list 111 permit tcp 5 host 0 eq wwwaccess-list 111 permit tcp 5 host 0 eq smtpaccess-list 111 permit tcp 5 host 0 eq pop

52、3access-list 111 permit udp 5 host 0 eq domainaccess-list 111 permit tcp 5 host 0 eq 20access-list 111 permit tcp 5 host 0 eq 21access-list 111 permit tcp 5 host 0 eq wwwaccess-list 111 permit ip 10.1

53、.25.0 5 55access-list 111 permit ip 5 55access-list 111 permit ip 5 55access-list 111deny ip 5 55access-list 111 deny ip 5 55access-list 1

54、11 deny ip 5 55access-list 111 deny ip 5 55access-list 111 permit ip 5 anyVLAN 29:access-list 112 permit ip 5 host 0access-list 112 permit ip 5 host access-list

55、112 permit ip 5 host 0access-list 112 permit ip 5 55access-list 112 permit tcp 5 host 0 eq 20access-list 112 permit tcp 5 host 0 eq 21access-list 112 permit udp 5 host 10

56、.1.4.20 eq domainaccess-list 112 permit tcp 5 host 0 eq wwwaccess-list 112 permit tcp 5 host 0 eq smtpaccess-list 112 permit tcp 5 host 0 eq pop3access-list 112 permit udp 5 host 0 eq domainaccess-list 112 permit tcp 5 host 0 eq 20access-list 112 permit tcp 5 host 0 eq 21access-list 112 permit tcp 5 host 0 eq wwwaccess-list 112 permit ip 5 55access-list 112 permit ip 10.1

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論