数据中心数据中心

数据中心配置文件指南智能业务平台智能业务平台中小企业数据中心修订版:2012年2月系列前言2012年上半年前言本指南的目标受众Cisco智能业务平台(IBA)指南主要面向承担以下职务的人员:需要实施解决方案时的标准规范的系统工程师需要撰写思科IBA实施项目工作说明书的项目经理需要销售新技术或撰写实施文档的销售合作伙伴需要课堂讲授或在职培训材料的培训人员一般来说,您也可以将思科IBA指南作为工程师之间技术交流、项目实施经验分享的统一指导文件,或利用它更好地规划项目成本预算和项目工作范围.
版本系列思科将定期对IBA指南进行更新和修订.
在开发新的思科IBA指南系列时,我们将会对其进行整体评测.
为确保思科IBA指南中各个设计之间的兼容性,您应当使用同一系列中的设计指南文档.
所有思科IBA指南的封面和每页的左下角均标有指南系列的名称.
我们以某系列指南发布时的年份和月份来对该系列命名,如下所示:年月系列例如,我们把于2011年8月发布的系列指南命名为"2011年8月系列".
您可以在以下网址查看最新的IBA指南系列:客户访问:http://www.
cisco.
com/go/cn/iba合作伙伴访问:http://www.
cisco.
com/go/cn/iba如何阅读命令许多思科IBA指南详细说明了思科网络设备的配置步骤,这些设备运行着CiscoIOS、CiscoNX-OS或其他需要通过命令行界面(CLI)进行配置的操作系统.
下面描述了系统命令的指定规则,您需要按照这些规则来输入命令.
在CLI中输入的命令如下所示:congureterminal为某个变量指定一个值的命令如下所示:ntpserver10.
10.
48.
17包含您必须定义的变量的命令如下所示:class-map[highestclassname]以交互示例形式显示的命令(如脚本和包含提示的命令)如下所示:Router#enable包含自动换行的长命令以下划线表示.
应将其作为一个命令进行输入:wrr-queuerandom-detectmax-threshold1100100100100100100100100系统输出或设备配置文件中值得注意的部分以高亮方式显示,如下所示:interfaceVlan64ipaddress10.
5.
204.
5255.
255.
255.
0问题和评论如需要了解更多有关思科IBA智能业务平台的信息,请访问http://www.
cisco.
com/go/cn/iba如需要注册快速报价工具(QPT),请访问http://www.
cisco.
com/go/qpt如果您希望在出现新评论时获得通知,我们可以发送RSS信息.
目录本IBA指南的内容1关于IBA.
1关于本指南.
1简介.
2数据中心以太网和光纤通道基础设施.
4CiscoNexus5548UPa.
4CiscoNexus5548UPb.
12CiscoMDS9148a.
21CiscoMDS9148b.
23CiscoCatalyst2960s管理交换机.
26数据中心网络安全.
29CiscoASA5585–主用.
29CiscoASA5585IPSSSP–主用.
32CiscoASA5585–备用.
34CiscoASA5585IPSSSP–备用.
37目录2012年上半年数据中心应用永续性.
39CiscoACE–主用.
39CiscoACE–备用.
41附录A:产品列表.
45本手册中的所有设计、规格、陈述、信息和建议(统称为"设计")均按"原样"提供,可能包含错误信息.
思科及其供应商不提供任何保证,包括但不限于适销性、适合特定用途和非侵权保证,或与交易过程、使用或贸易惯例相关的保证.
在任何情况下,思科及其供应商对任何间接的、特殊的、继发的或偶然性的损害均不承担责任,包括但不限于由于使用或未能使用本手册所造成的利润损失或数据丢失或损害,即使思科或其供应商已被告知存在此类损害的可能性.
这些设计如有更改,恕不另行通知.
用户对于这些设计的使用负有全部责任.
这些设计不属于思科、供应商或合作伙伴的技术建议或其它专业建议.
用户在采用这些设计之前应咨询他们的技术顾问.
思科未测试的一些因素可能导致结果有所不同.
文中使用的任何互联网协议(IP)地址均非真实地址.
文中的任何举例、命令显示输出和图示仅供说明之用.
在图示中使用任何真实IP地址均属无意和巧合.
CiscoUnifiedCommunicationsSRND(基于CiscoUnifiedCommunicationsManager7.
x)2011思科系统公司.
保留所有权利.
1DC本IBA指南的内容关于IBA思科IBA能帮助您设计和快速部署一个全服务企业网络.
IBA系统是一种规范式设计,即购即用,而且具备出色的可扩展性和灵活性.
思科IBA在一个综合解决方案中集成了局域网、广域网、无线、安全、数据中心、应用优化和统一通信技术,并对其进行了严格测试,确保能够实现无缝协作.
IBA采用的组件式方法简化了在采用多种技术时通常需要进行的系统集成工作,使您可以随意选择能够满足企业需求的解决方案,而不必担心技术复杂性方面的问题.
了解更多信息,请参阅《思科IBA使用入门》文档:http://www.
cisco.
com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/SBA_Getting_Started.
pdf关于本指南作为一个综合性参考文档,本配置文件指南详细介绍了思科IBA部署指南中实施的全部网络设备配置.
在成功部署路线图上,本指南是其所依据的部署指南的配置文件,如下所示.
成功部署路线图为确保您能够按照本指南中的设计成功完成部署,您应当阅读本指南所依据的所有相关指南——即上面路线图中本指南左侧的所有指南.
所有以本指南为依据的指南都在右侧.
如需要了解更多有关思科IBA智能业务平台的信息,请访问:http://www.
cisco.
com/go/cn/iba如需要注册快速报价工具(QPT),请访问:http://www.
cisco.
com/go/qpt数据中心设计概述数据中心部署指南数据中心配置文件指南附加部署指南您在这里本指南所依据的指南以本指南为依据的指南本IBA指南的内容2012年上半年2简介对于拥有多达2500名联网用户的客户和合作伙伴,思科设计了一种即购即用的部署方式,它简单、快速、经济、可扩展且十分灵活.
我们的设计令它非常易用—易于配置、部署和管理.
虽然架构本身具有广度和深度方面的复杂性,但这种部署方式却非常简单.
根据许多客户和合作伙伴的反馈意见,思科已经开发出了一个强大的网络基础,它提供了一个灵活的平台,无需重新设计,就能支持更多网络或用户服务.
对于其数据中心将部署多达300台物理或虚拟服务器的思科合作伙伴和客户,思科创建了一个灵活、可扩展、可靠且经济的数据中心架构.
数据中心部署指南中提供的逐步指导,使得安装、配置和管理工作变得非常轻松,从而减少了部署您的数据中心所需的时间和成本.
依托您已经随思科智能业务平台(IBA)无边界网络基础部署的基础局域网和广域网架构,IBA数据中心可让您从您当前的服务器群进行迁移,而不会在重新配置您现有的网络基础上浪费时间和费用.
我们提供了下列配置文件:数据中心以太网和光纤通道基础设施数据中心网络安全数据中心应用永续性请参考附录A,获取实验室测试本设计时所用产品的完整列表.
图1展示了完整的思科IBA中小企业数据中心架构.
简介2012年上半年备注3图1.
思科IBA中小企业数据中心架构第三方机架服务器CiscoUCSC系列服务器CiscoUCS刀片式服务器、机箱和互联阵列具备入侵探测的ASA防火墙Nexus5500UP第二/三层交换机和存储Fabric扩展的MDS9100存储Fabric存储阵列(Array)IBA局域网核心层存储阵列ACE服务器负载均衡Nexus2000系列阵列扩展模块数据中心存储阵列以太网光纤通道以太网光纤通道UCSFabricFCoE和以太网简介2012年上半年4version5.
1(3)N1(1)featurefcoehostnamedc5548axfeaturenpivfeaturefport-channel-trunknofeaturetelnetnofeaturehttp-servercfsethdistributefeaturepimfeatureeigrpfeatureudldfeatureinterface-vlanfeaturehsrpfeaturelacpfeaturevpcfeaturelldpfeaturefexusernameadminpassword5$1$PmfWzpAr$Qb.
H.
MCdhiHoZJM0Vh/0i0rolenetwork-adminpasswordstrength-checkbannermotd#Nexus5000Switch#sshkeyrsa2048ipdomain-lookupipname-server10.
10.
48.
10class-maptypeqosclass-fcoeclass-maptypequeuingclass-fcoematchqos-group1class-maptypequeuingclass-all-floodmatchqos-group2class-maptypequeuingclass-ip-multicastmatchqos-group2class-maptypenetwork-qosclass-fcoematchqos-group1class-maptypenetwork-qosclass-all-floodmatchqos-group2class-maptypenetwork-qosclass-ip-multicastmatchqos-group2policy-maptypenetwork-qosjumboclasstypenetwork-qosclass-defaultmtu9216multicast-optimizesystemqosservice-policytypequeuinginputfcoe-default-in-policyservice-policytypequeuingoutputfcoe-default-out-policyservice-policytypeqosinputfcoe-default-in-policyservice-policytypenetwork-qosfcoe-default-nq-policyfex102pinningmax-links1description"FEX0102"fex103pinningmax-links1description"FEX0103"slot1数据中心以太网和光纤通道基础设施本章内容包括了CiscoNexus5500UP系列交换机——用于扩建数据中心核心以太网和光纤通道交换基础,以及CiscoMDS9100MultilayerFabric(多层光纤阵列)交换机——用于扩展您的光纤通道网络以满足更高密度的要求.
CiscoNexus5548UPaCiscoNexus5500UP交换机成对运行,以便为以太网和光纤通道网络传输提供永续的数据中心核心.
此交换机是光纤通道SAN-A交换机.
数据中心以太网和光纤通道基础设施2012年上半年5port28-32typefcsnmp-serversource-interfacetraploopback1snmp-serveruseradminnetwork-adminauthmd50x3b0ef3a6a4c1235ca3578bf32d1aaadfpriv0x3b0ef3a6a4c1235ca3578bf32d1aaadflocalizedkeysnmp-serverhost10.
10.
63.
100trapsversion2cpublicudp-port1164snmp-servercommunitycisco123groupnetwork-adminsnmp-servercommunityciscogroupnetwork-operatorntpserver10.
10.
48.
17use-vrfmanagementvrfcontextmanagementiproute0.
0.
0.
0/010.
10.
63.
1vlan1vlan148nameServers_1vlan149nameServers_2vlan150nameServers_3vlan153nameFW_Outsidevlan154nameFW_Inside_1vlan155nameFW_Inside_2vlan156namePEERING_VLANvlan159name1kv-Packetvlan160name1kv-Controlvlan161nameVMotionvlan162nameiSCSIvlan163nameDC-Managementvlan304fcoevsan4vlan912nameACE-Heartbeatspanning-treevlan148-151,153-157,159-163priority24576route-mapstatic-to-eigrppermit10matchipaddress10.
10.
54.
0/24route-mapstatic-to-eigrppermit20matchipaddress10.
10.
55.
0/24port-channelload-balanceethernetsource-dest-portvpcdomain10rolepriority16000peer-keepalivedestination10.
10.
63.
11source10.
10.
63.
10delayrestore360peer-gatewayauto-recoveryvsandatabasevsan4name"General-Storage"device-aliasdatabasedevice-aliasnameemc-a0-fcpwwn50:06:01:61:3c:e0:30:59device-aliasnameemc-2-a0-fcpwwn50:06:01:61:3c:e0:60:e2device-aliasnameNetapp-e2a-FCOEpwwn50:0a:09:82:89:aa:df:b1device-aliasnameNetApp2-e2a-FCOEpwwn50:0a:09:81:89:3b:63:bedevice-aliasnamep12-c210-27-vhba3pwwn20:00:58:8d:09:0e:e0:d2device-aliasnamep12-c210m1-1-vhba3pwwn20:00:e8:b7:48:44:5b:dfdevice-aliasnamep12-c210m2-2-vhba3pwwn20:00:e8:b7:48:44:53:56device-aliascommit数据中心以太网和光纤通道基础设施2012年上半年6fcdomainfciddatabasevsan4wwn20:42:00:05:73:a2:b2:40fcid0xbc0000dynamicvsan4wwn20:41:00:05:73:a2:b2:40fcid0xbc0001dynamicvsan4wwn20:00:58:8d:09:0e:e0:d2fcid0xbc0002dynamic!
[p12-c210-27-vhba3]vsan4wwn24:1d:00:05:73:a2:b2:40fcid0xbc0003dynamicvsan4wwn20:00:00:25:b5:77:77:9ffcid0xbc0004dynamicvsan4wwn20:00:00:25:b5:77:77:9efcid0xbc0005dynamicvsan4wwn20:00:00:25:b5:77:77:4ffcid0xbc0006dynamicvsan4wwn20:00:00:25:b5:77:77:7efcid0xbc0007dynamicvsan1wwn20:41:00:05:73:a2:b2:40fcid0x7f0000dynamicvsan1wwn20:42:00:05:73:a2:b2:40fcid0x7f0001dynamicvsan4wwn20:00:00:25:b5:77:77:1ffcid0xbc0008dynamicvsan4wwn20:00:00:25:b5:99:99:8ffcid0xbc0009dynamicvsan4wwn20:00:00:25:b5:99:99:7ffcid0xbc000adynamicvsan4wwn50:0a:09:81:89:3b:63:befcid0xbc000bdynamic!
[NetApp2-e2a-FCOE]interfaceVlan1interfaceVlan148noshutdowndescriptionServers_1noipredirectsipaddress10.
10.
48.
2/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp148priority110ip10.
10.
48.
1interfaceVlan149noshutdowndescriptionServers_2noipredirectsipaddress10.
10.
49.
2/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp149priority110ip10.
10.
49.
1interfaceVlan150noshutdowndescriptionServers_3noipredirectsipaddress10.
10.
50.
2/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp150priority110ip10.
10.
50.
1interfaceVlan153noshutdowndescriptionFW_Outsidenoipredirectsipaddress10.
10.
53.
2/25iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp153priority110ip10.
10.
53.
1数据中心以太网和光纤通道基础设施2012年上半年7interfaceVlan156noshutdowndescription5k-to-5k-L3linknoipredirectsipaddress10.
10.
56.
1/30iproutereigrp1ippimsparse-modeinterfaceVlan163noshutdowndescriptionDC-Managementnoipredirectsipaddress10.
10.
63.
2/25iproutereigrp1ippassive-interfaceeigrp1hsrp163priority110ip10.
10.
63.
1interfacesan-port-channel29channelmodeactiveswitchporttrunkallowedvsan1switchporttrunkallowedvsanadd4switchporttrunkmodeoffinterfacesan-port-channel31switchporttrunkallowedvsan1switchporttrunkallowedvsanadd4interfaceport-channel10switchportmodetrunkspanning-treeporttypenetworkvpcpeer-linkinterfaceport-channel13switchportmodetrunkswitchporttrunkallowedvlan148,912spanning-treeporttypeedgetrunkspeed1000interfaceport-channel21descriptionLinktoManagementSwitchforVL163switchportmodetrunkswitchporttrunkallowedvlan163speed1000vpc21interfaceport-channel27switchportmodetrunkswitchporttrunkallowedvlan162,304spanning-treeporttypeedgetrunkvpc27interfaceport-channel50switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163spanning-treeporttypeedgetrunkspeed10000vpc50interfaceport-channel51switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163spanning-treeporttypeedgetrunkspeed10000vpc51interfaceport-channel53switchportmodetrunkswitchporttrunkallowedvlan153-155speed10000vpc53interfaceport-channel54数据中心以太网和光纤通道基础设施2012年上半年8switchportmodetrunkswitchporttrunkallowedvlan153-155speed10000vpc54interfaceport-channel102descriptiondual-homed2248switchportmodefex-fabricfexassociate102vpc102interfaceport-channel103descriptionsingle-homed2232PPswitchportmodefex-fabricfexassociate103interfacevfc1bindinterfaceEthernet103/1/3noshutdowninterfacevfc27bindinterfaceport-channel27switchporttrunkallowedvsan4noshutdownvsandatabasevsan4interfacevfc1vsan4interfacevfc27vsan4interfacesan-port-channel29interfacefc1/28interfacefc1/29switchporttrunkmodeoffchannel-group29forcenoshutdowninterfacefc1/30switchporttrunkmodeoffchannel-group29forcenoshutdowninterfacefc1/31switchportdescriptionLinktodcmds9148axportfc1/13channel-group31forcenoshutdowninterfacefc1/32switchportdescriptionLinktodcmds9148axportfc1/14channel-group31forcenoshutdowninterfaceEthernet1/1descriptionDC5585aTen0/8switchportmodetrunkswitchporttrunkallowedvlan153-155channel-group53modeactiveinterfaceEthernet1/2descriptionDC5585bTen0/8switchportmodetrunkswitchporttrunkallowedvlan153-155channel-group54modeactiveinterfaceEthernet1/3descriptionACE1Gig1/1switchportmodetrunkswitchporttrunkallowedvlan148,912speed1000channel-group13vpcorphan-portsuspendinterfaceEthernet1/4descriptionACE1Gig1/2switchportmodetrunk数据中心以太网和光纤通道基础设施2012年上半年9switchporttrunkallowedvlan148,912speed1000channel-group13vpcorphan-portsuspendinterfaceEthernet1/5interfaceEthernet1/6interfaceEthernet1/7interfaceEthernet1/8interfaceEthernet1/9descriptionLinktoFI-Aeth1/17switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group50modeactiveinterfaceEthernet1/10descriptionLinktoFI-Aeth1/18switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group50modeactiveinterfaceEthernet1/11descriptionLinktoFI-Beth1/17switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group51modeactiveinterfaceEthernet1/12descriptionLinktoFI-Beth1/18switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group51modeactiveinterfaceEthernet1/13switchportmodefex-fabricfexassociate102channel-group102interfaceEthernet1/14interfaceEthernet1/15interfaceEthernet1/16interfaceEthernet1/17descriptionvpcpeerlinkswitchportmodetrunkchannel-group10modeactiveinterfaceEthernet1/18descriptionvpcpeerlinkswitchportmodetrunkchannel-group10modeactiveinterfaceEthernet1/19descriptionCoreTen1/4/6noswitchportipaddress10.
10.
24.
2/30iproutereigrp1ippimsparse-modeinterfaceEthernet1/20descriptionCoreTen2/4/6noswitchportipaddress10.
10.
24.
6/30iproutereigrp1ippimsparse-modeinterfaceEthernet1/21switchportmodetrunk数据中心以太网和光纤通道基础设施2012年上半年10switchporttrunkallowedvlan163speed1000channel-group21modeactiveinterfaceEthernet1/22interfaceEthernet1/23interfaceEthernet1/24interfaceEthernet1/25switchportmodefex-fabricfexassociate103channel-group103interfaceEthernet1/26switchportmodefex-fabricfexassociate103channel-group103interfaceEthernet1/27switchportmodetrunkswitchporttrunkallowedvlan162,304spanning-treeporttypeedgetrunkchannel-group27interfacemgmt0ipaddress10.
10.
63.
10/25interfaceloopback1ipaddress10.
10.
63.
254/32iproutereigrp1ippimsparse-modeinterfaceEthernet102/1/1descriptionLinktoRVPNLabBswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/2switchportaccessvlan157spanning-treeporttypeedgeinterfaceEthernet102/1/3descriptionLinktoNetworkServicesESXServersswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/4descriptionLinkstovWAASCM{ESX}switchportmodetrunkswitchporttrunkallowedvlan150,163interfaceEthernet102/1/5descriptionLinkstoSJC23-Lab-NTP-Bswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/6descriptionLinktoTanbergswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/7descriptionLinktoMCU(Codian)switchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/8interfaceEthernet102/1/9descriptionLinktoESX22withBNServices&DCManagementVLANsswitchportmodetrunk数据中心以太网和光纤通道基础设施2012年上半年11switchporttrunkallowedvlan150,163spanning-treeporttypeedgetrunkinterfaceEthernet102/1/10interfaceEthernet102/1/11descriptionTEMPORARY-CIMC-C210M2-2-ESXswitchportaccessvlan163interfaceEthernet102/1/12descriptionTEMPORARY-MGMT-C210M2-2-ESXswitchportaccessvlan163interfaceEthernet102/1/13descriptionLinktoNetworkServicesESXServersswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/14switchportaccessvlan163spanning-treeporttypeedgeinterfaceEthernet102/1/15!
interfacesEthernet102/1/16to102/1/47arenot!
configuredandhavebeenremovedforbrevityinterfaceEthernet102/1/48interfaceEthernet103/1/1switchportaccessvlan157spanning-treeporttypeedgespeed1000interfaceEthernet103/1/2interfaceEthernet103/1/3switchportmodetrunkswitchporttrunkallowedvlan148,304spanning-treeporttypeedgetrunkinterfaceEthernet103/1/4descriptionC250M2-1ESXshutdowninterfaceEthernet103/1/5descriptionC210M1-1ESXshutdowninterfaceEthernet103/1/6descriptionC250M2-1ESX{N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,304spanning-treeporttypeedgetrunkinterfaceEthernet103/1/7descriptionC210M1-1ESX{N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,304spanning-treeporttypeedgetrunkinterfaceEthernet103/1/8descriptionC210M2-2ESX(N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,304spanning-treeporttypeedgetrunkinterfaceEthernet103/1/9descriptionESX27C200-M2switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163spanning-treeporttypeedgetrunk数据中心以太网和光纤通道基础设施2012年上半年12interfaceEthernet103/1/10!
interfacesEthernet103/1/11to103/1/31arenot!
configuredandhavebeenremovedforbrevityinterfaceEthernet103/1/32clocktimezonePST-80clocksummer-timePDT2Sundaymarch02:001Sundaynov02:0060lineconsolelinevtybootkickstartbootflash:/n5000-uk9-kickstart.
5.
1.
3.
N1.
0.
347.
binbootsystembootflash:/n5000-uk9.
5.
1.
3.
N1.
0.
347.
binroutereigrp1router-id10.
10.
63.
254redistributestaticroute-mapstatic-to-eigrpiproute10.
10.
54.
0/24Vlan15310.
10.
53.
126iproute10.
10.
55.
0/24Vlan15310.
10.
53.
126ippimrp-address10.
10.
15.
252group-list239.
1.
0.
0/16ippimssmrange232.
0.
0.
0/8noipigmpsnoopingmroutervpc-peer-linkvpcbind-vrfdefaultvlan900interfacefc1/29interfacefc1/30interfacefc1/31interfacefc1/32interfacefc1/28interfacefc1/29interfacefc1/30interfacefc1/31interfacefc1/32zonesetdistributefullvsan4!
FullZoneDatabaseSectionforvsan4zonenamep12-ucsb200m2-2-vhba3_netapp-2-e2avsan4memberpwwn50:0a:09:81:89:3b:63:be!
[NetApp2-e2a-FCOE]memberpwwn20:00:00:25:b5:99:99:7fzonesetnameFCOE_4vsan4memberp12-ucsb200m2-2-vhba3_netapp-2-e2azonesetactivatenameFCOE_4vsan4endversion5.
1(3)N1(1)featurefcoehostnamedc5548bxfeaturenpivfeaturefport-channel-trunknofeaturetelnetnofeaturehttp-servercfsethdistributefeaturepimfeatureeigrpfeatureudldfeatureinterface-vlanfeaturehsrpfeaturelacpfeaturevpcfeaturelldpfeaturefexusernameadminpassword5$1$theIP.
jx$DD7AhRcMlHhFZA2Ud/TMw1rolenetwork-adminpasswordstrength-checkbannermotd#Nexus5000Switch#CiscoNexus5548UPbCiscoNexus5500UP交换机成对运行,以便为以太网和光纤通道网络传输提供永续的数据中心核心.
此交换机是光纤通道SAN-B交换机.
数据中心以太网和光纤通道基础设施2012年上半年13sshkeyrsa2048ipdomain-lookupipname-server10.
10.
48.
10class-maptypeqosclass-fcoeclass-maptypequeuingclass-fcoematchqos-group1class-maptypequeuingclass-all-floodmatchqos-group2class-maptypequeuingclass-ip-multicastmatchqos-group2class-maptypenetwork-qosclass-fcoematchqos-group1class-maptypenetwork-qosclass-all-floodmatchqos-group2class-maptypenetwork-qosclass-ip-multicastmatchqos-group2policy-maptypenetwork-qosjumboclasstypenetwork-qosclass-defaultmtu9216multicast-optimizesystemqosservice-policytypequeuinginputfcoe-default-in-policyservice-policytypequeuingoutputfcoe-default-out-policyservice-policytypeqosinputfcoe-default-in-policyservice-policytypenetwork-qosfcoe-default-nq-policyfex102pinningmax-links1description"FEX0102"fex103pinningmax-links1description"FEX0103"slot1port28-32typefcsnmp-serversource-interfacetraploopback1snmp-serveruseradminnetwork-adminauthmd50xcb923b24b5215a886eaf8dff5466e077priv0xcb923b24b5215a886eaf8dff5466e077localizedkeysnmp-serverhost10.
10.
63.
100trapsversion2cpublicudp-port1163snmp-servercommunitycisco123groupnetwork-adminsnmp-servercommunityciscogroupnetwork-operatorntpserver10.
10.
48.
17use-vrfmanagementvrfcontextmanagementiproute0.
0.
0.
0/010.
10.
63.
1vlan1vlan148nameServers_1vlan149nameServers_2vlan150nameServers_3vlan153nameFW_Outsidevlan154nameFW_Inside_1vlan155nameFW_Inside_2vlan156namePEERING_VLANvlan159name1kv-Packetvlan160name1kv-Controlvlan161nameVMotionvlan162nameiSCSIvlan163nameDC-Managementvlan305fcoevsan5vlan912nameACE-Heartbeat数据中心以太网和光纤通道基础设施2012年上半年14spanning-treevlan148-151,153-157,159-163priority28672route-mapstatic-to-eigrppermit10matchipaddress10.
10.
54.
0/24route-mapstatic-to-eigrppermit20matchipaddress10.
10.
55.
0/24port-channelload-balanceethernetsource-dest-portvpcdomain10peer-keepalivedestination10.
10.
63.
10source10.
10.
63.
11delayrestore360peer-gatewayauto-recoveryvsandatabasevsan5name"General-Storage"device-aliasdatabasedevice-aliasnameemc-b0-fcpwwn50:06:01:69:3c:e0:30:59device-aliasnameemc-2-b0-fcpwwn50:06:01:69:3c:e0:60:e2device-aliasnameNetApp-e2b-FCOEpwwn50:0a:09:81:89:ea:df:b1device-aliasnameNetApp2-e2b-FCOEpwwn50:0a:09:82:89:3b:63:bedevice-aliasnamep12-c210-27-vhba4pwwn20:00:58:8d:09:0e:e0:d3device-aliasnamep12-c210m1-1-vhba4pwwn20:00:e8:b7:48:4d:5b:e0device-aliasnamep12-c250m2-1-vhba4pwwn20:00:e8:b7:48:4d:53:57device-aliascommitfcdomainfciddatabasevsan5wwn20:41:00:05:73:a3:82:c0fcid0x280000dynamicvsan5wwn20:42:00:05:73:a3:82:c0fcid0x280001dynamicvsan5wwn20:00:58:8d:09:0e:e0:d3fcid0x280002dynamic!
[p12-c210-27-vhba4]vsan5wwn24:1d:00:05:73:a3:82:c0fcid0x280003dynamicvsan5wwn20:00:00:25:b5:77:77:8ffcid0x280004dynamicvsan5wwn20:00:00:25:b5:77:77:8efcid0x280005dynamicvsan5wwn20:00:00:25:b5:77:77:7ffcid0x280006dynamicvsan1wwn20:41:00:05:73:a3:82:c0fcid0x120000dynamicvsan1wwn20:42:00:05:73:a3:82:c0fcid0x120001dynamicvsan5wwn20:00:00:25:b5:77:77:6efcid0x280007dynamicvsan5wwn20:00:00:25:b5:77:77:0ffcid0x280008dynamicvsan5wwn20:00:00:25:b5:99:99:9ffcid0x280009dynamicvsan5wwn20:00:00:25:b5:99:99:6ffcid0x28000adynamicvsan5wwn50:0a:09:82:89:3b:63:befcid0x28000bdynamic!
[NetApp2-e2b-FCOE]interfaceVlan1interfaceVlan148noshutdowndescriptionServers_1noipredirectsipaddress10.
10.
48.
3/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp148ip10.
10.
48.
1interfaceVlan149descriptionServers_2noipredirectsipaddress10.
10.
49.
3/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp149ip10.
10.
49.
1数据中心以太网和光纤通道基础设施2012年上半年15interfaceVlan150noshutdowndescriptionServers_3noipredirectsipaddress10.
10.
50.
3/24iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp150ip10.
10.
50.
1interfaceVlan153noshutdowndescriptionFW_Outsidenoipredirectsipaddress10.
10.
53.
3/25iproutereigrp1ippassive-interfaceeigrp1ippimsparse-modehsrp153ip10.
10.
53.
1interfaceVlan156noshutdowndescription5k-to-5k-L3linknoipredirectsipaddress10.
10.
56.
2/30iproutereigrp1ippimsparse-modeinterfaceVlan163noshutdowndescriptionDC-Managementnoipredirectsipaddress10.
10.
63.
3/25iproutereigrp1ippassive-interfaceeigrp1hsrp163ip10.
10.
63.
1interfacesan-port-channel29channelmodeactiveswitchporttrunkallowedvsan1switchporttrunkallowedvsanadd5switchporttrunkmodeoffinterfacesan-port-channel31switchporttrunkallowedvsan1switchporttrunkallowedvsanadd5interfaceport-channel10switchportmodetrunkspanning-treeporttypenetworkvpcpeer-linkinterfaceport-channel13switchportmodetrunkswitchporttrunkallowedvlan148,912spanning-treeporttypeedgetrunkspeed1000interfaceport-channel21descriptionLinktoManagementSwitchforVL163switchportmodetrunkswitchporttrunkallowedvlan163speed1000vpc21数据中心以太网和光纤通道基础设施2012年上半年16interfaceport-channel27switchportmodetrunkswitchporttrunkallowedvlan162,305spanning-treeporttypeedgetrunkvpc27interfaceport-channel50switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163spanning-treeporttypeedgetrunkspeed10000vpc50interfaceport-channel51switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163spanning-treeporttypeedgetrunkspeed10000vpc51interfaceport-channel53switchportmodetrunkswitchporttrunkallowedvlan153-155speed10000vpc53interfaceport-channel54switchportmodetrunkswitchporttrunkallowedvlan153-155speed10000vpc54interfaceport-channel102descriptiondual-homed2248switchportmodefex-fabricfexassociate102vpc102interfaceport-channel103descriptionsingle-homed2232PPswitchportmodefex-fabricfexassociate103interfacevfc1bindinterfaceEthernet103/1/3noshutdowninterfacevfc27bindinterfaceport-channel27switchporttrunkallowedvsan5noshutdownvsandatabasevsan5interfacevfc1vsan5interfacevfc27vsan5interfacesan-port-channel29interfacefc1/28interfacefc1/29switchporttrunkmodeoffchannel-group29forcenoshutdowninterfacefc1/30switchporttrunkmodeoffchannel-group29forcenoshutdowninterfacefc1/31switchportdescriptionLinktodcmds9148bxportfc1/13channel-group31forcenoshutdowninterfacefc1/32switchportdescriptionLinktodcmds9148bxportfc1/14数据中心以太网和光纤通道基础设施2012年上半年17channel-group31forcenoshutdowninterfaceEthernet1/1descriptionDC5585aTen0/9switchportmodetrunkswitchporttrunkallowedvlan153-155channel-group53modeactiveinterfaceEthernet1/2descriptionDC5585bTen0/9switchportmodetrunkswitchporttrunkallowedvlan153-155channel-group54modeactiveinterfaceEthernet1/3descriptionACE2Gig1/1switchportmodetrunkswitchporttrunkallowedvlan148,912speed1000channel-group13vpcorphan-portsuspendinterfaceEthernet1/4descriptionACE2Gig1/2switchportmodetrunkswitchporttrunkallowedvlan148,912speed1000channel-group13vpcorphan-portsuspendinterfaceEthernet1/5interfaceEthernet1/6interfaceEthernet1/7interfaceEthernet1/8interfaceEthernet1/9descriptionLinktoFI-Aeth1/19switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group50modeactiveinterfaceEthernet1/10descriptionLinktoFI-Aeth1/20switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group50modeactiveinterfaceEthernet1/11descriptionLinktoFI-Beth1/19switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group51modeactiveinterfaceEthernet1/12descriptionLinktoFI-Beth1/20switchportmodetrunkswitchporttrunkallowedvlan148-151,154-155,159-163channel-group51modeactiveinterfaceEthernet1/13switchportmodefex-fabricfexassociate102channel-group102interfaceEthernet1/14interfaceEthernet1/15interfaceEthernet1/16数据中心以太网和光纤通道基础设施2012年上半年18interfaceEthernet1/17descriptionvpcpeerlinkswitchportmodetrunkchannel-group10modeactiveinterfaceEthernet1/18descriptionvpcpeerlinkswitchportmodetrunkchannel-group10modeactiveinterfaceEthernet1/19descriptionCoreTen1/4/8noswitchportipaddress10.
10.
24.
10/30iproutereigrp1ippimsparse-modeinterfaceEthernet1/20descriptionCoreTen2/4/8noswitchportipaddress10.
10.
24.
14/30iproutereigrp1ippimsparse-modeinterfaceEthernet1/21switchportmodetrunkswitchporttrunkallowedvlan163speed1000channel-group21modeactiveinterfaceEthernet1/22interfaceEthernet1/23interfaceEthernet1/24interfaceEthernet1/25switchportmodefex-fabricfexassociate103channel-group103interfaceEthernet1/26switchportmodefex-fabricfexassociate103channel-group103interfaceEthernet1/27switchportmodetrunkswitchporttrunkallowedvlan162,305spanning-treeporttypeedgetrunkchannel-group27interfacemgmt0ipaddress10.
10.
63.
11/25interfaceloopback1ipaddress10.
10.
63.
253/32iproutereigrp1ippimsparse-modeinterfaceEthernet102/1/1descriptionLinktoRVPNLabBswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/2switchportaccessvlan157spanning-treeporttypeedgeinterfaceEthernet102/1/3descriptionLinktoNetworkServicesESXServersswitchportaccessvlan148spanning-treeporttypeedge数据中心以太网和光纤通道基础设施2012年上半年19interfaceEthernet102/1/4descriptionLinkstovWAASCM{ESX}switchportaccessvlan150spanning-treeporttypeedgeinterfaceEthernet102/1/5descriptionLinkstoSJC23-Lab-NTP-Bswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/6descriptionLinktoTandbergswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/7descriptionLinktoMCU(Codian)switchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/8interfaceEthernet102/1/9descriptionLinktoESX22withBNServices&DCManagementVLANsswitchportmodetrunkswitchporttrunkallowedvlan150,163spanning-treeporttypeedgetrunkinterfaceEthernet102/1/10interfaceEthernet102/1/11descriptionTEMPORARY-CIMC-C210M2-2-ESXswitchportaccessvlan163interfaceEthernet102/1/12descriptionTEMPORARY-MGMT-C210M2-2-ESXswitchportaccessvlan163interfaceEthernet102/1/13descriptionLinktoNetworkServicesESXServersswitchportaccessvlan148spanning-treeporttypeedgeinterfaceEthernet102/1/14switchportaccessvlan163spanning-treeporttypeedgeinterfaceEthernet102/1/15!
interfacesEthernet102/1/16to102/1/47arenot!
configuredandhavebeenremovedforbrevityinterfaceEthernet102/1/48interfaceEthernet103/1/1switchportaccessvlan157spanning-treeporttypeedgespeed1000interfaceEthernet103/1/2interfaceEthernet103/1/3switchportmodetrunkswitchporttrunkallowedvlan148,305spanning-treeporttypeedgetrunkinterfaceEthernet103/1/4descriptionC250M2-1ESXshutdowninterfaceEthernet103/1/5数据中心以太网和光纤通道基础设施2012年上半年20descriptionC210M1-1ESXshutdowninterfaceEthernet103/1/6descriptionC250M2-1ESX{N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,305spanning-treeporttypeedgetrunkinterfaceEthernet103/1/7descriptionC210M1-1ESX{N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,305spanning-treeporttypeedgetrunkinterfaceEthernet103/1/8descriptionC210M2-2ESX(N1Kv}switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163,305spanning-treeporttypeedgetrunkinterfaceEthernet103/1/9descriptionESX27C200-M2switchportmodetrunkswitchporttrunkallowedvlan148,153-155,159-161,163spanning-treeporttypeedgetrunkinterfaceEthernet103/1/10!
interfacesEthernet103/1/11to103/1/31arenot!
configuredandhavebeenremovedforbrevityinterfaceEthernet103/1/32clocktimezonePST-80clocksummer-timePDT2Sundaymarch02:001Sundaynov02:0060lineconsolelinevtybootkickstartbootflash:/n5000-uk9-kickstart.
5.
1.
3.
N1.
0.
347.
binbootsystembootflash:/n5000-uk9.
5.
1.
3.
N1.
0.
347.
binroutereigrp1router-id10.
10.
63.
253redistributestaticroute-mapstatic-to-eigrpiproute10.
10.
54.
0/24Vlan15310.
10.
53.
126iproute10.
10.
55.
0/24Vlan15310.
10.
53.
126ippimrp-address10.
10.
15.
252group-list239.
1.
0.
0/16ippimssmrange232.
0.
0.
0/8noipigmpsnoopingmroutervpc-peer-linkvpcbind-vrfdefaultvlan900interfacefc1/29interfacefc1/30interfacefc1/31interfacefc1/32interfacefc1/28interfacefc1/29interfacefc1/30interfacefc1/31interfacefc1/32zonesetdistributefullvsan5!
FullZoneDatabaseSectionforvsan5zonenamep12-ucsb200m2-2-vhba4_netapp-2-e2bvsan5memberpwwn50:0a:09:82:89:3b:63:be!
[NetApp2-e2b-FCOE]memberpwwn20:00:00:25:b5:99:99:6fzonesetnameFCOE_5vsan5memberp12-ucsb200m2-2-vhba4_netapp-2-e2bzonesetactivatenameFCOE_5vsan5end数据中心以太网和光纤通道基础设施2012年上半年21version5.
0(7)rolenamedefault-roledescriptionThisisasystemdefinedroleandappliestoallusers.
rule5permitshowfeatureenvironmentrule4permitshowfeaturehardwarerule3permitshowfeaturemodulerule2permitshowfeaturesnmprule1permitshowfeaturesystemusernameadminpassword5$1$00TFEaz1$6xUTFgrrbkYsjuDHuoIbx0rolenetwork-adminpasswordstrength-checksshkeyrsa2048ipdomain-lookupipdomain-namecisco.
localiphostmds9148ax10.
10.
63.
12aaagroupserverradiusradiussnmp-serveruseradminnetwork-adminauthmd50xb7e5c6943fc9940b0a15061f195e6efcpriv0xb7e5c6943fc9940b0a15061f195e6efclocalizedkeysnmp-serverhost10.
10.
63.
100trapsversion2cpublicudp-port1165rmonevent1logtrappublicdescriptionFATAL(1)ownerPMON@FATALrmonevent2logtrappublicdescriptionCRITICAL(2)ownerPMON@CRITICALrmonevent3logtrappublicdescriptionERROR(3)ownerPMON@ERRORrmonevent4logtrappublicdescriptionWARNING(4)ownerPMON@WARNINGrmonevent5logtrappublicdescriptionINFORMATION(5)ownerPMON@INFOsnmp-servercommunityciscogroupnetwork-operatorsnmp-servercommunitycisco123groupnetwork-adminntpserver10.
10.
48.
17vsandatabasevsan4name"General-Storage"device-aliasdatabasedevice-aliasnameemc-a0-fcpwwn50:06:01:61:3c:e0:30:59device-aliasnameemc-2-a0-fcpwwn50:06:01:61:3c:e0:60:e2device-aliasnameNetapp-e2a-FCOEpwwn50:0a:09:82:89:aa:df:b1device-aliasnameNetApp2-e2a-FCOEpwwn50:0a:09:81:89:3b:63:bedevice-aliasnamep12-c210-27-vhba3pwwn20:00:58:8d:09:0e:e0:d2device-aliasnamep12-c210m1-1-vhba3pwwn20:00:e8:b7:48:44:5b:dfdevice-aliasnamep12-c210m2-2-vhba3pwwn20:00:e8:b7:48:44:53:56device-aliascommitfcdomainfciddatabasevsan1wwn10:00:00:00:c9:86:44:59fcid0x010000dynamicvsan1wwn10:00:00:00:c9:86:44:23fcid0x010100dynamicvsan1wwn10:00:00:00:c9:86:44:87fcid0x010200dynamicvsan1wwn10:00:00:00:c9:92:81:01fcid0x010300dynamicvsan1wwn10:00:00:00:c9:91:d5:6dfcid0x010400dynamicvsan1wwn10:00:00:00:c9:91:cd:41fcid0x010500dynamicvsan1wwn50:06:01:69:3c:e0:30:59fcid0x010600dynamicvsan1wwn20:41:00:0d:ec:fa:43:c0fcid0x010700dynamicvsan1wwn10:00:00:00:c9:87:be:2bfcid0x010b00dynamicvsan1wwn20:42:00:05:9b:76:73:c0fcid0x010c00dynamicvsan1wwn20:41:00:05:9b:76:b2:80fcid0x010800dynamicvsan1wwn50:0a:09:88:89:9b:63:befcid0x010900dynamicvsan1wwn20:42:00:05:9b:76:b2:80fcid0x010a00dynamicvsan1wwn20:41:00:05:9b:76:73:c0fcid0x010d00dynamicvsan1wwn50:0a:09:81:89:0a:df:b1fcid0x010e00dynamicvsan1wwn10:00:00:00:c9:91:d4:0ffcid0x010f00dynamicvsan1wwn10:00:00:00:c9:92:80:27fcid0x011000dynamicCiscoMDS9148aCiscoMDS9100多层光纤阵列交换机通过扩展了Nexus5500UP交换机的光纤通道端口以支持更大的环境,从而为更高密度的光纤通道SAN提供了支持.
此CiscoMDS9100交换机扩展了光纤通道SAN-A网络传输.
数据中心以太网和光纤通道基础设施2012年上半年22vsan1wwn20:02:00:24:e8:64:c5:89fcid0x011100dynamicvsan1wwn20:02:00:24:e8:64:c5:62fcid0x011200dynamicvsan1wwn20:02:00:24:e8:64:c5:7cfcid0x011300dynamicvsan1wwn20:02:00:24:e8:64:c5:6ffcid0x011400dynamicvsan1wwn20:41:00:0d:ec:b4:7d:00fcid0x011500dynamicvsan1wwn50:06:01:61:3c:e0:30:59fcid0x011600dynamic!
[emc-a0-fc]vsan1wwn50:06:01:61:3c:e0:60:e2fcid0x011700dynamic!
[emc-2-a0-fc]vsan4wwn50:06:01:61:3c:e0:60:e2fcid0xb90000dynamic!
[emc-2-a0-fc]interfaceport-channel1switchportmodeEswitchporttrunkallowedvsan1switchporttrunkallowedvsanadd4switchportrate-modededicatedvsandatabasevsan4interfaceport-channel1vsan4interfacefc1/1clocktimezonePST-80clocksummer-timePDT2Sundaymarch02:001Sundaynov02:0060ipdefault-gateway10.
10.
63.
1switchnamemds9148axlineconsolebootkickstartbootflash:/m9100-s3ek9-kickstart-mz.
5.
0.
7.
binbootsystembootflash:/m9100-s3ek9-mz.
5.
0.
7.
bininterfacefc1/13switchportrate-modededicatedinterfacefc1/14switchportrate-modededicatedinterfacefc1/1interfacefc1/2interfacefc1/3interfacefc1/4interfacefc1/5interfacefc1/6interfacefc1/7interfacefc1/8interfacefc1/9interfacefc1/10interfacefc1/11interfacefc1/12interfacefc1/15!
!
Interfacesfc1/16to1/47arenot!
configuredandhavebeenremovedforbrevity!
interfacefc1/48interfacefc1/13switchportmodeEinterfacefc1/14switchportmodeEsystemdefaultzonedistributefullzonesetdistributefullvsan4!
FullZoneDatabaseSectionforvsan4zonenamep12-ucsb200m2-2-vhba3_netapp-2-e2avsan4memberpwwn50:0a:09:81:89:3b:63:be!
[NetApp2-e2a-FCOE]memberpwwn20:00:00:25:b5:77:77:1fzonesetnameFCOE_4vsan4memberp12-ucsb200m2-2-vhba3_netapp-2-e2azonesetactivatenameFCOE_4vsan4interfacefc1/1port-licenseacquireinterfacefc1/2port-licenseacquire数据中心以太网和光纤通道基础设施2012年上半年23interfacefc1/3port-licenseacquireinterfacefc1/4port-licenseacquireinterfacefc1/5port-licenseacquireinterfacefc1/6port-licenseacquireinterfacefc1/7port-licenseacquireinterfacefc1/8port-licenseacquireinterfacefc1/9port-licenseacquireinterfacefc1/10port-licenseacquireinterfacefc1/11port-licenseacquireinterfacefc1/12port-licenseacquireinterfacefc1/13port-licenseacquirechannel-group1forcenoshutdowninterfacefc1/14port-licenseacquirechannel-group1forcenoshutdowninterfacefc1/15port-licenseacquire!
!
Interfacesfc1/16to1/47arenot!
configuredandhavebeenremovedforbrevity!
interfacefc1/48interfacemgmt0ipaddress10.
10.
63.
12255.
255.
255.
128nosystemdefaultswitchportshutdownendversion5.
0(7)rolenamedefault-roledescriptionThisisasystemdefinedroleandappliestoallusers.
rule5permitshowfeatureenvironmentrule4permitshowfeaturehardwarerule3permitshowfeaturemodulerule2permitshowfeaturesnmprule1permitshowfeaturesystemusernameadminpassword5$1$hDWb4l4u$q7NztWmt/siWv6APicLC61rolenetwork-adminpasswordstrength-checksshkeyrsa2048ipdomain-lookupCiscoMDS9148bCiscoMDS9100多层光纤阵列交换机通过扩展了Nexus5500UP交换机的光纤通道端口以支持更大的环境,从而为更高密度的光纤通道SAN提供了支持.
此MDSCisco9100交换机扩展了光纤通道SAN-B网络传输.
数据中心以太网和光纤通道基础设施2012年上半年24ipdomain-namecisco.
localiphostmds9148bx10.
10.
63.
13aaagroupserverradiusradiussnmp-serveruseradminnetwork-adminauthmd50x37f1a52be0e3ef1c358f5d0bfb6e8623priv0x37f1a52be0e3ef1c358f5d0bfb6e8623localizedkeysnmp-serverhost10.
10.
63.
100trapsversion2cpublicudp-port1166rmonevent1logtrappublicdescriptionFATAL(1)ownerPMON@FATALrmonevent2logtrappublicdescriptionCRITICAL(2)ownerPMON@CRITICALrmonevent3logtrappublicdescriptionERROR(3)ownerPMON@ERRORrmonevent4logtrappublicdescriptionWARNING(4)ownerPMON@WARNINGrmonevent5logtrappublicdescriptionINFORMATION(5)ownerPMON@INFOsnmp-servercommunitycisco123groupnetwork-adminsnmp-servercommunityciscogroupnetwork-operatorntpserver10.
10.
48.
17vsandatabasevsan5name"General-Storage"device-aliasdatabasedevice-aliasnameemc-b0-fcpwwn50:06:01:69:3c:e0:30:59device-aliasnameemc-2-b0-fcpwwn50:06:01:69:3c:e0:60:e2device-aliasnameNetApp-e2b-FCOEpwwn50:0a:09:81:89:ea:df:b1device-aliasnameNetApp2-e2b-FCOEpwwn50:0a:09:82:89:3b:63:bedevice-aliasnamep12-c210-27-vhba4pwwn20:00:58:8d:09:0e:e0:d3device-aliasnamep12-c210m1-1-vhba4pwwn20:00:e8:b7:48:4d:5b:e0device-aliasnamep12-c250m2-1-vhba4pwwn20:00:e8:b7:48:4d:53:57device-aliascommitfcdomainfciddatabasevsan1wwn20:41:00:05:9b:76:b2:80fcid0xb40a00dynamicvsan1wwn10:00:00:00:c9:87:be:2afcid0xb40000dynamicvsan1wwn10:00:00:00:c9:86:44:80fcid0xb40100dynamicvsan1wwn20:42:00:05:9b:76:b2:80fcid0xb40b00dynamicvsan1wwn10:00:00:00:c9:91:d5:6cfcid0xb40c00dynamicvsan1wwn10:00:00:00:c9:92:80:1cfcid0xb40d00dynamicvsan1wwn50:06:01:60:3c:e0:60:e2fcid0xb40e00dynamicvsan1wwn10:00:00:00:c9:8c:60:b4fcid0xb40f00dynamicvsan1wwn10:00:00:00:c9:91:d4:0efcid0xb40200dynamicvsan1wwn10:00:00:00:c9:92:80:26fcid0xb40300dynamicvsan1wwn20:41:00:0d:ec:b4:7d:c0fcid0xb40400dynamicvsan1wwn10:00:00:00:c9:87:be:1cfcid0xb41000dynamicvsan1wwn20:41:00:05:9b:76:b7:00fcid0xb40500dynamicvsan1wwn20:42:00:05:9b:76:b7:00fcid0xb40600dynamicvsan1wwn50:06:01:69:3c:e0:30:59fcid0xb41500dynamic!
[emc-b0-fc]vsan1wwn50:06:01:69:3c:e0:60:e2fcid0xb41600dynamic!
[emc-2-b0-fc]vsan5wwn50:06:01:69:3c:e0:60:e2fcid0xe70000dynamic!
[emc-2-b0-fc]vsan1wwn20:42:00:0d:ec:b4:7d:c0fcid0xb40700dynamicvsan1wwn24:c8:00:0d:ec:b4:7d:c0fcid0xb40800dynamicvsan1wwn10:00:00:00:c9:91:d4:0ffcid0xb40900dynamicvsan1wwn20:41:00:05:73:ab:27:00fcid0xb41100dynamicvsan1wwn20:42:00:05:73:ab:27:00fcid0xb41200dynamicvsan1wwn25:00:00:05:73:ab:27:00fcid0xb41300dynamicvsan1wwn25:00:00:0d:ec:fa:52:80fcid0xb41400dynamicinterfaceport-channel1switchportmodeEswitchporttrunkallowedvsan1switchporttrunkallowedvsanadd5switchportrate-modededicatedvsandatabasevsan5interfaceport-channel1vsan5interfacefc1/1数据中心以太网和光纤通道基础设施2012年上半年25clocktimezonePST-80clocksummer-timePDT2Sundaymarch02:001Sundaynov02:0060ipdefault-gateway10.
10.
63.
1switchnamemds9148bxlineconsolebootkickstartbootflash:/m9100-s3ek9-kickstart-mz.
5.
0.
7.
binbootsystembootflash:/m9100-s3ek9-mz.
5.
0.
7.
bininterfacefc1/13switchportrate-modededicatedinterfacefc1/14switchportrate-modededicatedinterfacefc1/1interfacefc1/2interfacefc1/3interfacefc1/4interfacefc1/5interfacefc1/6interfacefc1/7interfacefc1/8interfacefc1/9interfacefc1/10interfacefc1/11interfacefc1/12interfacefc1/15!
!
Interfacesfc1/16to1/47arenot!
configuredandhavebeenremovedforbrevity!
interfacefc1/48interfacefc1/13switchportmodeEinterfacefc1/14switchportmodeEsystemdefaultzonedistributefullzonesetdistributefullvsan5!
FullZoneDatabaseSectionforvsan5zonenamep12-ucsb200m2-2-vhba4_netapp-2-e2bvsan5memberpwwn50:0a:09:82:89:3b:63:be!
[NetApp2-e2b-FCOE]memberpwwn20:00:00:25:b5:77:77:8fzonesetnameFCOE_5vsan5memberp12-ucsb200m2-2-vhba4_netapp-2-e2bzonesetactivatenameFCOE_5vsan5interfacefc1/1port-licenseacquireinterfacefc1/2port-licenseacquireinterfacefc1/3port-licenseacquireinterfacefc1/4port-licenseacquireinterfacefc1/5port-licenseacquireinterfacefc1/6port-licenseacquireinterfacefc1/7port-licenseacquireinterfacefc1/8port-licenseacquireinterfacefc1/9port-licenseacquire数据中心以太网和光纤通道基础设施2012年上半年26interfacefc1/10port-licenseacquireinterfacefc1/11port-licenseacquireinterfacefc1/12port-licenseacquireinterfacefc1/13port-licenseacquirechannel-group1forcenoshutdowninterfacefc1/14port-licenseacquirechannel-group1forcenoshutdowninterfacefc1/15port-licenseacquire!
!
Interfacesfc1/16to1/47arenot!
configuredandhavebeenremovedforbrevity!
interfacefc1/48interfacemgmt0ipaddress10.
10.
63.
13255.
255.
255.
128nosystemdefaultswitchportshutdownendversion15.
0noservicepadservicetimestampsdebugdatetimemsecservicetimestampslogdatetimemsecservicepassword-encryption!
hostnameMGMT2960Sx!
boot-start-markerboot-end-marker!
enablesecret5$1$9njb$EENEj118AzAV5ScQWkN15.
!
usernameadminprivilege15password7141443180F0B7B7977noaaanew-modelclocktimezonePST-80clocksummer-timePDTrecurringswitch1provisionws-c2960s-24ts-l!
ipdomain-namecisco.
localipname-server10.
10.
48.
10vtpmodetransparentudldenable!
cryptopkitrustpointTP-self-signed-1303691904enrollmentselfsignedsubject-namecn=IOS-Self-Signed-Certificate-1303691904revocation-checknonersakeypairTP-self-signed-1303691904!
cryptopkicertificatechainTP-self-signed-1303691904数据中心以太网和光纤通道基础设施2012年上半年CiscoCatalyst2960s管理交换机CiscoCatalyst2960s为数据中心交换机、服务器和appliance设备提供了以太网带外网络.
CiscoCatalyst3750X和3560X系列交换机可用于提供更有弹性的以太网带外网络传输方式.
27certificateself-signed013082024E308201B7A003020102020101300D06092A864886F70D01010405003031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D31333033363931393034301E170D3933303330313030313332395A170D3230303130313030303030305A3031312F302D06035504031326494F532D53656C662D5369676E65642D43657274696669636174652D3133303336393139303430819F300D06092A864886F70D010101050003818D0030818902818100AA1F298D4C56BC5D18DC79C1CA077B1243AF6A3618668A4E9C972C5D313A0A90996607F0B57D693234C7F32754D14A87428C03CFECA68E036C4159F27DAC0114ED2631E4D2539FA70234B6CD12C60F611771488B7291F194CD3218F3C117F0C9768457B653FF0C69E9B981CD16208196C974FD53DEE62805366E44E3D619ECB70203010001A3763074300F0603551D130101FF040530030101FF30210603551D11041A301882164D474D543239363053782E636973636F2E6C6F63616C301F0603551D23041830168014FFE488654BAD8A465C63466DBD1062EAA980EAEF301D0603551D0E04160414FFE488654BAD8A465C63466DBD1062EAA980EAEF300D06092A864886F70D0101040500038181005CE97A1450C09CD3BC6A78CCBF575E2F3205529B419BA5CF9E4D2EC7FE1B1DB34199B90AD136E52B0A1973D1DAD23F998DA82BF88006F5D132839CD1982C1135CFB9148AA187D82791D57CDB5BA98DCF4124C2F35F02ED123A7A98E6A5B66AA0DB08198E92805CD8508CD2B9A1507FE20B108CE54EEF4FB7F8586A7AA0734989quit!
spanning-treemoderapid-pvstspanning-treeextendsystem-id!
port-channelload-balancesrc-dst-ip!
vlaninternalallocationpolicyascending!
vlan163nameDC-Management!
ipsshversion2!
interfacePort-channel1switchporttrunkallowedvlan163switchportmodetrunk!
interfaceFastEthernet0noipaddress!
interfaceGigabitEthernet1/0/1descriptionDC5548aMGMT0switchportaccessvlan163switchportmodeaccessspanning-treeportfast!
interfaceGigabitEthernet1/0/2descriptionDC5548bMGMT0switchportaccessvlan163switchportmodeaccessspanning-treeportfast!
!
InterfacesGigabitEthernet1/0/3to1/0/21are!
configuredthesamewayandhavebeenremovedforbrevity数据中心以太网和光纤通道基础设施2012年上半年28!
interfaceGigabitEthernet1/0/22switchportaccessvlan163switchportmodeaccessspanning-treeportfast!
interfaceGigabitEthernet1/0/23descriptionDC5548aEth1/21switchporttrunkallowedvlan163switchportmodetrunkchannel-protocollacpchannel-group1modeactive!
interfaceGigabitEthernet1/0/24descriptionDC5548bEth1/21switchporttrunkallowedvlan163switchportmodetrunkchannel-protocollacpchannel-group1modeactive!
interfaceGigabitEthernet1/0/25!
interfaceGigabitEthernet1/0/26!
interfaceGigabitEthernet1/0/27!
interfaceGigabitEthernet1/0/28!
interfaceVlan1noipaddress!
iphttpserveriphttpsecure-server!
loggingesmconfigsnmp-servercommunityciscoROsnmp-servercommunitycisco123RW!
linecon0linevty04loginlocaltransportinputsshlinevty515loginlocaltransportinputssh!
ntpserver10.
10.
48.
17end数据中心以太网和光纤通道基础设施2012年上半年29ASAVersion8.
4(2)!
hostnamedc5585enablepassword2y4FIGBVVyBLau0Qencryptedpasswd2KFQnbNIdI.
2KYOUencryptednames!
interfaceGigabitEthernet0/0shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/1descriptionLAN/STATEFailoverInterface!
interfaceGigabitEthernet0/2shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/3shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/4shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/5shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/6shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/7shutdownnonameifnosecurity-levelnoipaddress!
interfaceManagement0/0shutdownnonameifnosecurity-levelnoipaddress!
interfaceManagement0/1shutdownnonameifnosecurity-levelnoipaddress数据中心网络安全CiscoASA5585–主用用于IBA数据中心的CiscoASA5585防火墙成对进行配置,以提供永续性.
这是主用防火墙配置.
数据中心网络安全2012年上半年30!
interfaceTenGigabitEthernet0/8descriptionTrunktoDC5548xTenGigx/x/xchannel-group10modepassivenonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet0/9descriptionTrunktoDC5548xTenGigx/x/xchannel-group10modepassivenonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet1/0shutdownnonameifnosecurity-levelnoipaddress!
!
InterfacesGigabitEthernet1/1to1/6!
areunconfiguredandhavebeenremovedforbrevity!
interfaceGigabitEthernet1/7shutdownnonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet1/8shutdownnonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet1/9shutdownnonameifnosecurity-levelnoipaddress!
interfacePort-channel10descriptionECLBTrunkto5548Switchesnonameifnosecurity-levelnoipaddress!
interfacePort-channel10.
153descriptionDCVLANOutsidetheFWvlan153nameifoutsidesecurity-level0ipaddress10.
10.
53.
126255.
255.
255.
128standby10.
10.
53.
125!
interfacePort-channel10.
154descriptionDCVLANInsidetheFirewallvlan154nameifDC-InsideFWsecurity-level75ipaddress10.
10.
54.
1255.
255.
255.
0standby10.
10.
54.
2!
interfacePort-channel10.
155descriptionDCVLANInsidetheFWw/IPSvlan155nameifDC-InsideIPSsecurity-level75ipaddress10.
10.
55.
1255.
255.
255.
0standby10.
10.
55.
2!
ftpmodepassiveobjectnetworkBladeWeb1Securehost10.
10.
54.
100数据中心网络安全2012年上半年31objectnetworkBladeWeb2Securehost10.
10.
55.
100objectnetworkSecure-Subnetssubnet10.
10.
54.
0255.
255.
255.
0objectnetworkSecureIPS-Subnetssubnet10.
10.
55.
0255.
255.
255.
0objectnetworkMgmt-host-rangerange10.
10.
48.
22410.
10.
48.
254object-groupnetworkApplication-ServersdescriptionHTTP,HTTPS,DNS,MSExchangenetwork-objectobjectBladeWeb1Securenetwork-objectobjectBladeWeb2Secureobject-groupserviceMS-App-Servicesservice-objecttcpdestinationeqdomainservice-objecttcpdestinationeqwwwservice-objecttcpdestinationeqhttpsservice-objecttcpdestinationeqnetbios-ssnservice-objectudpdestinationeqdomainservice-objectudpdestinationeqnameserverservice-objectudpdestinationeqnetbios-dgmservice-objectudpdestinationeqnetbios-nsobject-groupnetworkDC_Secure_Subnet_Listnetwork-objectobjectSecure-Subnetsnetwork-objectobjectSecureIPS-Subnetsobject-groupserviceMgmt-Trafficservice-objecttcpdestinationeqsshservice-objectudpdestinationeqsnmpobject-groupnetworkBypass-RuledescriptionOpenPolicyforServerAccessnetwork-objectobjectBladeWeb1Securenetwork-objectobjectBladeWeb2Secureaccess-listglobal_accessextendedpermitobject-groupMS-App-Servicesanyobject-groupApplication-Serversaccess-listglobal_accessextendedpermitobject-groupMgmt-TrafficobjectMgmt-host-rangeobject-groupDC_Secure_Subnet_Listaccess-listglobal_accessextendedpermitipanyobject-groupBypass-Rulelogdisableinactiveaccess-listglobal_mpcextendedpermitipanyanypagerlines24mtuoutside1500mtuDC-InsideFW1500mtuDC-InsideIPS1500failoverfailoverlanunitprimaryfailoverlaninterfacefailoverGigabitEthernet0/1failoverpolltimeunitmsec200holdtimemsec800failoverpolltimeinterfacemsec500holdtime5failoverkey*****failoverreplicationhttpfailoverlinkfailoverGigabitEthernet0/1failoverinterfaceipfailover10.
10.
53.
130255.
255.
255.
252standby10.
10.
53.
129monitor-interfaceoutsidemonitor-interfaceDC-InsideFWmonitor-interfaceDC-InsideIPSicmpunreachablerate-limit1burst-size1noasdmhistoryenablearptimeout14400routeoutside0.
0.
0.
00.
0.
0.
010.
10.
53.
11timeoutxlate3:00:00timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcp-pat0:05:00timeoutsip0:30:00sip_media0:02:00sip-invite0:03:00sip-disconnect0:02:00timeoutsip-provisional-media0:02:00uauth0:05:00absolutetimeouttcp-proxy-reassembly0:01:00timeoutfloating-conn0:00:00dynamic-access-policy-recordDfltAccessPolicyuser-identitydefault-domainLOCALhttpserverenablehttp10.
0.
0.
0255.
0.
0.
0outsidenosnmp-serverlocationnosnmp-servercontact数据中心网络安全2012年上半年32snmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstartwarmstarttelnettimeout5sshtimeout5consoletimeout0!
tls-proxymaximum-session1000!
threat-detectionbasic-threatthreat-detectionstatisticsaccess-listnothreat-detectionstatisticstcp-interceptntpserver10.
10.
48.
17webvpnusernameadminpasswordw2Y.
6Op4j7clVDk2encrypted!
class-mapglobal-classmatchaccess-listglobal_mpcclass-mapinspection_defaultmatchdefault-inspection-traffic!
!
policy-maptypeinspectdnspreset_dns_mapparametersmessage-lengthmaximumclientautomessage-lengthmaximum512policy-mapglobal_policyclassinspection_defaultinspectdnspreset_dns_mapinspectftpinspecth323h225inspecth323rasinspectip-optionsinspectnetbiosinspectrshinspectrtspinspectskinnyinspectesmtpinspectsqlnetinspectsunrpcinspecttftpinspectsipinspectxdmcpclassglobal-classipsinlinefail-close!
service-policyglobal_policyglobalprompthostnamecontextnocall-homereportinganonymouscall-homeprofileCiscoTAC-1noactivedestinationaddresshttphttps://tools.
cisco.
com/its/service/oddce/services/DDCEServicedestinationaddressemailcallhome@cisco.
comdestinationtransport-methodhttpsubscribe-to-alert-groupdiagnosticsubscribe-to-alert-groupenvironmentsubscribe-to-alert-groupinventoryperiodicmonthly11subscribe-to-alert-groupconfigurationperiodicmonthly11subscribe-to-alert-grouptelemetryperiodicdailyCryptochecksum:5a09f5b9b896c371ab4d034d851573be:end!
Version7.
1(2)!
Host:!
RealmKeyskey1.
0!
SignatureDefinition:!
SignatureUpdateS581.
02011-07-11CiscoASA5585IPSSSP–主用用于IBA数据中心的CiscoASA5585防火墙配置了一个内部入侵防御系统(IPS)安全服务处理器(SSP).
CiscoASA防火墙和IPS组合以永续对配置的方式运行.
这是主用的CiscoASA5585IPSSSP.
数据中心网络安全2012年上半年33serviceinterfaceexitserviceauthenticationexitserviceevent-action-rulesrules0overridesdeny-packet-inlineoverride-item-statusEnabledrisk-rating-range100-100exitexitservicehostnetwork-settingshost-ip10.
10.
63.
21/24,10.
10.
63.
1host-nameIPS-SSP20-Atelnet-optiondisabledaccess-list10.
10.
0.
0/16dns-primary-serverenabledaddress10.
10.
48.
10exitdns-secondary-serverdisableddns-tertiary-serverdisabledexittime-zone-settingsoffset-480standard-time-zone-nameGMT-08:00exitntp-optionenabled-ntp-unauthenticatedntp-server10.
10.
48.
17exitsummertime-optionrecurringsummertime-zone-namePDTexitexitserviceloggerexitservicenetwork-accessexitservicenotificationexitservicesignature-definitionsig0exitservicessh-known-hostsexitservicetrusted-certificatesexitserviceweb-serverexitserviceanomaly-detectionad0exitserviceexternal-product-interfaceexitservicehealth-monitorexitserviceglobal-correlationexitserviceanalysis-engineexit数据中心网络安全2012年上半年34ASAVersion8.
4(2)!
hostnamedc5585enablepassword2y4FIGBVVyBLau0Qencryptedpasswd2KFQnbNIdI.
2KYOUencryptednames!
interfaceGigabitEthernet0/0shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/1descriptionLAN/STATEFailoverInterface!
interfaceGigabitEthernet0/2shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/3shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/4shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/5shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/6shutdownnonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet0/7shutdownnonameifnosecurity-levelnoipaddress!
interfaceManagement0/0shutdownnonameifnosecurity-levelnoipaddress!
interfaceManagement0/1shutdownnonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet0/8descriptionTrunktoDC5548xTenGigx/x/xchannel-group10modepassivenonameifnosecurity-levelCiscoASA5585–备用用于IBA数据中心的CiscoASA5585自适应安全设备成对进行配置,以提供永续性.
虽然这是备用CiscoASA5585,除了个别线路的例外以外,其配置与主用CiscoASA5585是相同的.
数据中心网络安全2012年上半年35noipaddress!
interfaceTenGigabitEthernet0/9descriptionTrunktoDC5548xTenGigx/x/xchannel-group10modepassivenonameifnosecurity-levelnoipaddress!
interfaceGigabitEthernet1/0shutdownnonameifnosecurity-levelnoipaddress!
!
InterfacesGigabitEthernet1/1to1/6!
areunconfiguredandhavebeenremovedforbrevity!
interfaceGigabitEthernet1/7shutdownnonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet1/8shutdownnonameifnosecurity-levelnoipaddress!
interfaceTenGigabitEthernet1/9shutdownnonameifnosecurity-levelnoipaddress!
interfacePort-channel10descriptionECLBTrunkto5548Switchesnonameifnosecurity-levelnoipaddress!
interfacePort-channel10.
153descriptionDCVLANOutsidetheFWvlan153nameifoutsidesecurity-level0ipaddress10.
10.
53.
126255.
255.
255.
128standby10.
10.
53.
125!
interfacePort-channel10.
154descriptionDCVLANInsidetheFirewallvlan154nameifDC-InsideFWsecurity-level75ipaddress10.
10.
54.
1255.
255.
255.
0standby10.
10.
54.
2!
interfacePort-channel10.
155descriptionDCVLANInsidetheFWw/IPSvlan155nameifDC-InsideIPSsecurity-level75ipaddress10.
10.
55.
1255.
255.
255.
0standby10.
10.
55.
2!
ftpmodepassiveobjectnetworkBladeWeb1Securehost10.
10.
54.
100objectnetworkBladeWeb2Securehost10.
10.
55.
100objectnetworkSecure-Subnetssubnet10.
10.
54.
0255.
255.
255.
0objectnetworkSecureIPS-Subnetssubnet10.
10.
55.
0255.
255.
255.
0数据中心网络安全2012年上半年36objectnetworkMgmt-host-rangerange10.
10.
48.
22410.
10.
48.
254object-groupnetworkApplication-ServersdescriptionHTTP,HTTPS,DNS,MSExchangenetwork-objectobjectBladeWeb1Securenetwork-objectobjectBladeWeb2Secureobject-groupserviceMS-App-Servicesservice-objecttcpdestinationeqdomainservice-objecttcpdestinationeqwwwservice-objecttcpdestinationeqhttpsservice-objecttcpdestinationeqnetbios-ssnservice-objectudpdestinationeqdomainservice-objectudpdestinationeqnameserverservice-objectudpdestinationeqnetbios-dgmservice-objectudpdestinationeqnetbios-nsobject-groupnetworkDC_Secure_Subnet_Listnetwork-objectobjectSecure-Subnetsnetwork-objectobjectSecureIPS-Subnetsobject-groupserviceMgmt-Trafficservice-objecttcpdestinationeqsshservice-objectudpdestinationeqsnmpobject-groupnetworkBypass-RuledescriptionOpenPolicyforServerAccessnetwork-objectobjectBladeWeb1Securenetwork-objectobjectBladeWeb2Secureaccess-listglobal_accessextendedpermitobject-groupMS-App-Servicesanyobject-groupApplication-Serversaccess-listglobal_accessextendedpermitobject-groupMgmt-TrafficobjectMgmt-host-rangeobject-groupDC_Secure_Subnet_Listaccess-listglobal_accessextendedpermitipanyobject-groupBypass-Rulelogdisableinactiveaccess-listglobal_mpcextendedpermitipanyanypagerlines24mtuoutside1500mtuDC-InsideFW1500mtuDC-InsideIPS1500failoverfailoverlanunitsecondaryfailoverlaninterfacefailoverGigabitEthernet0/1failoverpolltimeunitmsec200holdtimemsec800failoverpolltimeinterfacemsec500holdtime5failoverkey*****failoverreplicationhttpfailoverlinkfailoverGigabitEthernet0/1failoverinterfaceipfailover10.
10.
53.
130255.
255.
255.
252standby10.
10.
53.
129monitor-interfaceoutsidemonitor-interfaceDC-InsideFWmonitor-interfaceDC-InsideIPSicmpunreachablerate-limit1burst-size1noasdmhistoryenablearptimeout14400routeoutside0.
0.
0.
00.
0.
0.
010.
10.
53.
11timeoutxlate3:00:00timeoutconn1:00:00half-closed0:10:00udp0:02:00icmp0:00:02timeoutsunrpc0:10:00h3230:05:00h2251:00:00mgcp0:05:00mgcp-pat0:05:00timeoutsip0:30:00sip_media0:02:00sip-invite0:03:00sip-disconnect0:02:00timeoutsip-provisional-media0:02:00uauth0:05:00absolutetimeouttcp-proxy-reassembly0:01:00timeoutfloating-conn0:00:00dynamic-access-policy-recordDfltAccessPolicyuser-identitydefault-domainLOCALhttpserverenablehttp10.
0.
0.
0255.
0.
0.
0outsidenosnmp-serverlocationnosnmp-servercontactsnmp-serverenabletrapssnmpauthenticationlinkuplinkdowncoldstartwarmstarttelnettimeout5sshtimeout5consoletimeout0!
数据中心网络安全2012年上半年37tls-proxymaximum-session1000!
threat-detectionbasic-threatthreat-detectionstatisticsaccess-listnothreat-detectionstatisticstcp-interceptntpserver10.
10.
48.
17webvpnusernameadminpasswordw2Y.
6Op4j7clVDk2encrypted!
class-mapglobal-classmatchaccess-listglobal_mpcclass-mapinspection_defaultmatchdefault-inspection-traffic!
policy-maptypeinspectdnspreset_dns_mapparametersmessage-lengthmaximumclientautomessage-lengthmaximum512policy-mapglobal_policyclassinspection_defaultinspectdnspreset_dns_mapinspectftpinspecth323h225inspecth323rasinspectip-optionsinspectnetbiosinspectrshinspectrtspinspectskinnyinspectesmtpinspectsqlnetinspectsunrpcinspecttftpinspectsipinspectxdmcpclassglobal-classipsinlinefail-close!
service-policyglobal_policyglobalprompthostnamecontextnocall-homereportinganonymouscall-homeprofileCiscoTAC-1noactivedestinationaddresshttphttps://tools.
cisco.
com/its/service/oddce/services/DDCEServicedestinationaddressemailcallhome@cisco.
comdestinationtransport-methodhttpsubscribe-to-alert-groupdiagnosticsubscribe-to-alert-groupenvironmentsubscribe-to-alert-groupinventoryperiodicmonthly11subscribe-to-alert-groupconfigurationperiodicmonthly11subscribe-to-alert-grouptelemetryperiodicdailyCryptochecksum:77006c6818fae44e9eb91c103680c343:end!
Version7.
1(2)!
Host:!
RealmKeyskey1.
0!
SignatureDefinition:!
SignatureUpdateS581.
02011-07-11serviceinterfaceexitserviceauthenticationexitCiscoASA5585IPSSSP–备用用于IBA数据中心的CiscoASA5585自适应安全设备配置了一个内部IPSSSP.
CiscoASA和IPS组合以永续对配置的方式运行.
虽然这是备用CiscoASA中的备用CiscoASAIPSSSP,除了个别线路的例外以外,其配置与主用CiscoASA中的主用CiscoASAIPSSSP是相同的.
数据中心网络安全2012年上半年38serviceevent-action-rulesrules0overridesdeny-packet-inlineoverride-item-statusEnabledrisk-rating-range100-100exitrisk-categoriesrisk-levelsedit_r1threshold100exitrisk-levelsmove_r1beginrisk-levelsmove_r2after_r1risk-levelsmove_r3after_r2exitexitservicehostnetwork-settingshost-ip10.
10.
63.
23/24,10.
10.
63.
1host-nameIPS-SSP20-Btelnet-optiondisabledaccess-list10.
10.
0.
0/16dns-primary-serverenabledaddress10.
10.
48.
10exitdns-secondary-serverdisableddns-tertiary-serverdisabledexittime-zone-settingsoffset-480standard-time-zone-nameGMT-08:00exitntp-optionenabled-ntp-unauthenticatedntp-server10.
10.
48.
17exitsummertime-optionrecurringsummertime-zone-namePDTexitexitserviceloggerexitservicenetwork-accessexitservicenotificationexitservicesignature-definitionsig0exitservicessh-known-hostsexitservicetrusted-certificatesexitserviceweb-serverexitserviceanomaly-detectionad0exitserviceexternal-product-interfaceexitservicehealth-monitorexitserviceglobal-correlationexitserviceanalysis-engineexit数据中心网络安全2012年上半年39noftauto-syncstartup-configbootsystemimage:c4710ace-t1k9-mz.
A5_1_0.
bininterfacegigabitEthernet1/1channel-group1noshutdowninterfacegigabitEthernet1/2channel-group1noshutdowninterfacegigabitEthernet1/3shutdowninterfacegigabitEthernet1/4shutdowninterfaceport-channel1ft-portvlan912switchporttrunknativevlan1switchporttrunkallowedvlan148noshutdownaccess-listALLline8extendedpermitipanyanyprobehttphttp-probeinterval15passdetectinterval60requestmethodheadexpectstatus200200open1probeicmpicmp-probeinterval15passdetectinterval60rserverredirectredirect1conn-limitmax4000000min4000000webhost-redirectionhttps://%h%p302inservicerserverhostwebserver1ipaddress10.
10.
48.
111conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver2ipaddress10.
10.
48.
112conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver3ipaddress10.
10.
48.
113conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver4ipaddress10.
10.
48.
114conn-limitmax4000000min4000000probeicmp-probeinserviceserverfarmhostappfarmprobehttp-proberserverwebserver380conn-limitmax4000000min4000000inservicerserverwebserver480数据中心应用永续性CiscoACE–主用此CiscoACE4710appliance设备是用于为IBA数据中心提供第4层至第7层交换的永续对中的一个.
这是对中的主用ACE.
数据中心应用永续性2012年上半年40conn-limitmax4000000min4000000inserviceserverfarmredirecthttp-redirectrserverredirect1conn-limitmax4000000min4000000inserviceserverfarmhostwebfarmprobehttp-proberserverwebserver180conn-limitmax4000000min4000000inservicerserverwebserver280conn-limitmax4000000min4000000inservicestickyhttp-cookieAPPSESSIONIDapp-stickycookieinsertbrowser-expireserverfarmappfarmssl-proxyserviceapp-ssl-proxykeycisco-sample-keycertcisco-sample-certclass-maptypehttploadbalancematch-anydefault-compression-exclusion-mime-typedescriptionDMgeneratedclassmapfordefaultLBcompressionexclusionmimetypes.
2matchhttpurl.
*gif3matchhttpurl.
*css4matchhttpurl.
*js5matchhttpurl.
*class6matchhttpurl.
*jar7matchhttpurl.
*cab8matchhttpurl.
*txt9matchhttpurl.
*ps10matchhttpurl.
*vbs11matchhttpurl.
*xsl12matchhttpurl.
*xml13matchhttpurl.
*pdf14matchhttpurl.
*swf15matchhttpurl.
*jpg16matchhttpurl.
*jpeg17matchhttpurl.
*jpe18matchhttpurl.
*pngclass-mapmatch-allhttp-vip2matchvirtual-address10.
10.
48.
100tcpeqwwwclass-mapmatch-allhttp-vip-redirect2matchvirtual-address10.
10.
48.
101tcpeqwwwclass-mapmatch-allhttps-vip2matchvirtual-address10.
10.
48.
101tcpeqhttpsclass-maptypemanagementmatch-anyremote_access2matchprotocolxml-httpsany3matchprotocolicmpany4matchprotocoltelnetany5matchprotocolsshany6matchprotocolhttpany7matchprotocolhttpsany8matchprotocolsnmpanypolicy-maptypemanagementfirst-matchremote_mgmt_allow_policyclassremote_accesspermitpolicy-maptypeloadbalancefirst-matchhttp-vip-l7slbclassdefault-compression-exclusion-mime-typeserverfarmwebfarmclassclass-defaultserverfarmwebfarmcompressdefault-methoddeflatepolicy-maptypeloadbalancefirst-matchhttp-vip-redirect-l7slbclassclass-defaultserverfarmhttp-redirectpolicy-maptypeloadbalancefirst-matchhttps-vip-l7slbclassdefault-compression-exclusion-mime-type数据中心应用永续性2012年上半年41sticky-serverfarmapp-stickyclassclass-defaultcompressdefault-methoddeflatesticky-serverfarmapp-stickypolicy-mapmulti-matchint148classhttp-viploadbalancevipinserviceloadbalancepolicyhttp-vip-l7slbnatdynamic1vlan148classhttps-viploadbalancevipinserviceloadbalancepolicyhttps-vip-l7slbnatdynamic1vlan148ssl-proxyserverapp-ssl-proxyclasshttp-vip-redirectloadbalancevipinserviceloadbalancepolicyhttp-vip-redirect-l7slbinterfacevlan148ipaddress10.
10.
48.
119255.
255.
255.
0peeripaddress10.
10.
48.
120255.
255.
255.
0access-groupinputALLnat-pool110.
10.
48.
9910.
10.
48.
99netmask255.
255.
255.
0patservice-policyinputremote_mgmt_allow_policyservice-policyinputint148noshutdownftinterfacevlan912ipaddress10.
255.
255.
1255.
255.
255.
0peeripaddress10.
255.
255.
2255.
255.
255.
0noshutdownftpeer1heartbeatinterval300heartbeatcount10ft-interfacevlan912ftgroup1peer1associate-contextAdmininserviceiproute0.
0.
0.
00.
0.
0.
010.
10.
48.
1usernameadminpassword5$1$EbAlNDXE$5Gtqr6f7iiBRSQyMHGsIo.
roleAdmindomaindefault-domainusernamewwwpassword5$1$vkTih071$XO963GMFgoXfeBujUC6b50roleAdmindomaindefault-domainnoftauto-syncstartup-configbootsystemimage:c4710ace-t1k9-mz.
A5_1_0.
bininterfacegigabitEthernet1/1channel-group1noshutdowninterfacegigabitEthernet1/2channel-group1noshutdowninterfacegigabitEthernet1/3shutdowninterfacegigabitEthernet1/4shutdowninterfaceport-channel1ft-portvlan912switchporttrunknativevlan1switchporttrunkallowedvlan148noshutdownaccess-listALLline8extendedpermitipanyanyCiscoACE–备用此CiscoACE4710appliance设备是用于为IBA数据中心提供第4层至第7层交换的永续对中的一个.
虽然这是对中的备用CiscoACE,除了个别线路的例外以外,其配置与主用CiscoACE是相同的.
数据中心应用永续性2012年上半年42probehttphttp-probeinterval15passdetectinterval60requestmethodheadexpectstatus200200open1probeicmpicmp-probeinterval15passdetectinterval60rserverredirectredirect1conn-limitmax4000000min4000000webhost-redirectionhttps://%h%p302inservicerserverhostwebserver1ipaddress10.
10.
48.
111conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver2ipaddress10.
10.
48.
112conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver3ipaddress10.
10.
48.
113conn-limitmax4000000min4000000probeicmp-probeinservicerserverhostwebserver4ipaddress10.
10.
48.
114conn-limitmax4000000min4000000probeicmp-probeinserviceserverfarmhostappfarmprobehttp-proberserverwebserver380conn-limitmax4000000min4000000inservicerserverwebserver480conn-limitmax4000000min4000000inserviceserverfarmredirecthttp-redirectrserverredirect1conn-limitmax4000000min4000000inserviceserverfarmhostwebfarmprobehttp-proberserverwebserver180conn-limitmax4000000min4000000inservicerserverwebserver280conn-limitmax4000000min4000000inservicestickyhttp-cookieAPPSESSIONIDapp-stickycookieinsertbrowser-expireserverfarmappfarmssl-proxyserviceapp-ssl-proxykeycisco-sample-keycertcisco-sample-certclass-maptypehttploadbalancematch-anydefault-compression-exclusion-mime-typedescriptionDMgeneratedclassmapfordefaultLBcompressionexclusionmimetypes.
2matchhttpurl.
*gif3matchhttpurl.
*css4matchhttpurl.
*js5matchhttpurl.
*class6matchhttpurl.
*jar7matchhttpurl.
*cab数据中心应用永续性2012年上半年438matchhttpurl.
*txt9matchhttpurl.
*ps10matchhttpurl.
*vbs11matchhttpurl.
*xsl12matchhttpurl.
*xml13matchhttpurl.
*pdf14matchhttpurl.
*swf15matchhttpurl.
*jpg16matchhttpurl.
*jpeg17matchhttpurl.
*jpe18matchhttpurl.
*pngclass-mapmatch-allhttp-vip2matchvirtual-address10.
10.
48.
100tcpeqwwwclass-mapmatch-allhttp-vip-redirect2matchvirtual-address10.
10.
48.
101tcpeqwwwclass-mapmatch-allhttps-vip2matchvirtual-address10.
10.
48.
101tcpeqhttpsclass-maptypemanagementmatch-anyremote_access2matchprotocolxml-httpsany3matchprotocolicmpany4matchprotocoltelnetany5matchprotocolsshany6matchprotocolhttpany7matchprotocolhttpsany8matchprotocolsnmpanypolicy-maptypemanagementfirst-matchremote_mgmt_allow_policyclassremote_accesspermitpolicy-maptypeloadbalancefirst-matchhttp-vip-l7slbclassdefault-compression-exclusion-mime-typeserverfarmwebfarmclassclass-defaultserverfarmwebfarmcompressdefault-methoddeflatepolicy-maptypeloadbalancefirst-matchhttp-vip-redirect-l7slbclassclass-defaultserverfarmhttp-redirectpolicy-maptypeloadbalancefirst-matchhttps-vip-l7slbclassdefault-compression-exclusion-mime-typesticky-serverfarmapp-stickyclassclass-defaultcompressdefault-methoddeflatesticky-serverfarmapp-stickypolicy-mapmulti-matchint148classhttp-viploadbalancevipinserviceloadbalancepolicyhttp-vip-l7slbnatdynamic1vlan148classhttps-viploadbalancevipinserviceloadbalancepolicyhttps-vip-l7slbnatdynamic1vlan148ssl-proxyserverapp-ssl-proxyclasshttp-vip-redirectloadbalancevipinserviceloadbalancepolicyhttp-vip-redirect-l7slbinterfacevlan148ipaddress10.
10.
48.
120255.
255.
255.
0peeripaddress10.
10.
48.
119255.
255.
255.
0access-groupinputALLnat-pool110.
10.
48.
9910.
10.
48.
99netmask255.
255.
255.
0patservice-policyinputremote_mgmt_allow_policyservice-policyinputint148noshutdownftinterfacevlan912ipaddress10.
255.
255.
2255.
255.
255.
0peeripaddress10.
255.
255.
1255.
255.
255.
0noshutdown数据中心应用永续性2012年上半年44ftpeer1heartbeatinterval300heartbeatcount10ft-interfacevlan912ftgroup1peer1associate-contextAdmininserviceiproute0.
0.
0.
00.
0.
0.
010.
10.
48.
1usernameadminpassword5$1$EbAlNDXE$5Gtqr6f7iiBRSQyMHGsIo.
roleAdmindomaindefault-domainusernamewwwpassword5$1$vkTih071$XO963GMFgoXfeBujUC6b50roleAdmindomaindefault-domain数据中心应用永续性2012年上半年备注45附录A:产品列表以下产品和软件版本已经针对CiscoIBA智能业务平台进行了验证:功能区域产品产品编号软件版本以太网基础设施Nexus5548UPNexus5548第三层子卡Nexus2248TPNexus2232PPN5K-C5548UP-FAN55-D160L3N2K-C2248TP-1GEN2K-C2232PP-10GENX-OS5.
1(3)N1(1)存储基础设施MDS9148MDS9124DS-C9148D-8G16P-K9DS-C9124-K9NX-OS5.
0(7)网络安全性ASA5585-XASA5585-XIPSSSPASA5585-S40-K9ASA5585-SSP-IPS20ASA:8.
4.
2IPS:7.
1-2-E4应用永续性CiscoACE4710ApplianceACE-4710-0.
5-K9A5(1.
0)计算资源UCS6120XP20端口互联阵列6端口8GbFC/扩展模块/UCS6100系列UCS5108刀片服务器机箱UCS2104XP阵列扩展模块UCSB200M2刀片服务器UCSB250M2刀片服务器UCSM81KR虚拟接口卡UCSC200M2服务器UCSC210M2服务器UCSC250M2服务器N10-S6100N10-E0060N20-C6508N20-I6584N20-B6625-1N20-B6625-2N20-AC0002R200-1120402WR210-2121605WR250-2480805WCiscoUCSReleaseversion2.
0t附录A:产品列表2012年上半年SMARTBUSINESSARCHITECTURECiscohasmorethan200officesworldwide.
Addresses,phonenumbers,andfaxnumbersarelistedontheCiscoWebsiteatwww.
cisco.
com/go/offices.
CiscoandtheCiscoLogoaretrademarksofCiscoSystems,Inc.
and/oritsaffiliatesintheU.
S.
andothercountries.
AlistingofCisco'strademarkscanbefoundatwww.
cisco.
com/go/trademarks.
Thirdpartytrademarksmentionedarethepropertyoftheirrespectiveowners.
TheuseofthewordpartnerdoesnotimplyapartnershiprelationshipbetweenCiscoandanyothercompany.
(1005R)AmericasHeadquartersCiscoSystems,Inc.
SanJose,CAAsiaPacificHeadquartersCiscoSystems(USA)Pte.
Ltd.
SingaporeEuropeHeadquartersCiscoSystemsInternationalBVAmsterdam,TheNetherlandsB-0000589-12/12智能业务平台