Ipwo 1522007 Iq Net

IT WORK ORDER for CUSTOMER EQUIPMENT INSTALLATION
From: VBTS Date: 11/1/2021 10:04 AM

Author: Stan Vlad Phone: 0752094952
Ref: IPWO_1522007_L1215-25 Pages: 10
Client Name: IQ-NET SRL

Engineering Site Code: L1215-25
IT WO Reason: new client installation
CONFIGURATION TABLE – VPN MNG
Site / Cloud Equipment IP desc IP Address

9261 eTN_BU_09261_AG_0 IP Loopback100 10.255.82.15 Main
2
9013 eTN_CJ_09013_AC_04 IP Loopback100 10.255.67.76 BKP
VLANID IP Address NetMask

eTN-GigabitEthernet0/5/0.999 10.249.200.254 255.255.255.25 Interconect VPN Main
2
eTN-GigabitEthernet0/5/0.999 10.249.204.254 255.255.255.25 Interconect VPN BKP
2
WAN VPN Mng 10.101.212.218 255.255.255.25 m.m.m.m ( WAN IP_MNG)
2
Loopback Mng 10.19.56.231 255.255.255.25 l.l.l.l ( IP loopback)
5
ATENTIE!! serviciile sunt transportate prin UPC – in capatul de la client, portul UPC trebuie sa fie in mod trunk– cu
permiterea VLAN/VLAN-urilor locale. Perechea de VLAN-uri alocata este:
From: IST UPC

Author: Stan Vlad Phone: 0752094952
CONFIGURATION TABLE – NET IP UPC

VLANID IP Address NetMask DefGw Cine completeaza
w.w.w.w nw.nw.nw.nw gw.gw.gw.gw
WAN NET CPE Huawei617 82.208.167.9 255.255.255.0 82.208.167.0 *IST UPC
a.a.a.a
LAN NET - 255.255.255.0 192.168.1.1 *Net Team
VLAN
VLAN LOCAL UPC UPC B2B Access Network Ip Address Port OBS
VDF
*Net Team *IST UPC *IST UPC *IST UPC *IST UPC Cine completeaza
n.a. 111 XXXX I21-bis 172.25.248.5 NET IP UPC
Gi1/0/25
0
999 2705 dddd I21-bis 172.25.248.5 VPN Mng
Gi1/0/25
0
Company Confidential
C2 General Page 1
Protocol rutare retea
Serviciu
UPC
NET Static
Mng Static
Catre O&M:
● Nu se fac modificari pe PE-urile VDF
● UPC trebuie sa defineasca VLAN-ul de management dddd si sa routeze l.l.l.l prin m.m.m.m
● UPC trebuie sa defineasca serviciul INTERNET in reteaua UPC (cu IP UPC)
COMENTARII:
Pentru echipa din teren:

Va rog sa instalati la locatia clientului un router Huawei AR 617. Va rog sa verificati si la
nevoie sa realizati upgrade-ul de IOS la router la versiunea AR610-V300R019C10SPC300.cc,
patch AR610-V300R019SPH013.pat - conform precedurii.
Documentele necesare se pot descarca, folosind orice browser WEB, de la adresa : ftp.net-
team.ro , utilizand pentru logare :
user: focontractor
passwd: XLTKhZz9mte
- se alege AR617_IOS_si_patch din TAB-ul All Categories si se apasa butonul Filter
La client:
- se va conecta FO existenta in locatie in portul GE 0/0/4 al routerului. In functie de ce
se instaleaza in locatie (MC/SFP) se va seta portul de WAN GE 0/0/4 conform
tabelului;
- LAN client INTERNET se va cabla in oricare din porturile GE0/0/0 – GE0/0/3 ale
routerului.
Peste 100 Mb, este necesara cablare conform standard Ethernet categoria 6 !!
Se va configura routerul care se instaleaza la client conform template de mai jos:
SSID = WiFi
Parola_Wifi = Vodafone@1234
C2 General Page 2
================================================================
1. Daca router-ul vine din dezinstalari acesta se va reseta la configuratia default:

In modul de configurare “>”
reset saved-configuration
y
reboot
n
y
================================================================
2. Configurare initiala – OBLIGATORIE !!!
User:admin
Pass:admin@huawei.com
La prompt-ul: “Warning: The default password poses security risks.” Se raspunde cu “Y”
Se seteaza noua parola Vdf@1234
La prompt-ul de autoconfig “Do you want to stop Auto-Config” se raspunde cu “y”
===============================================================
In modul de configurare “>”
#
clock timezone Europe/Bucharest add 02:00:00
clock daylight-saving-time Europe/Bucharest repeating 3:0 last Sun Mar 4:0 last Sun Oct 01:00 2017 2037
#
sys
voice
service-mode sipag
quit
#
undo interface Vlanif1
#
aaa
local-user rhifield password irreversible-cipher AsLvFqyUDHyOR6r
y
local-user rhifield privilege level 15
local-user rhifield service-type terminal
local-user y1mhnsa password irreversible-cipher $1a$8:>8@G+U*;$`.T[1=8bL,R+T(SEe_@;}atG)P3AiU}Pd!!b~PR8$
local-user y1mhnsa privilege level 15
local-user y1mhnsa service-type terminal ssh
undo local-aaa-user password policy administrator
quit
quit
#
reboot
y
y
=======================================================
3. Configurare
C2 General Page 3
!!!!!!asteptati repornirea si apoi re-intrati cu user rhifield pass AsLvFqyUDHyOR6r
=======================================================
sys
sysname IQ_NET_SRL_IS
#
icmp rate-limit enable
icmp rate-limit threshold 500
#
ip vpn-instance VPN_MNG
ipv4-family
route-distinguisher 99:99
vpn-target 99:99 export-extcommunity
vpn-target 99:99 import-extcommunity
quit
#
acl number 2030
rule permit source 172.19.6.40 0.0.0.0
rule deny source any logging
#
acl number 3099
rule permit ip source 10.101.212.217 0 destination 10.19.56.231 0 vpn-instance VPN_MNG logging
rule permit ip source 217.10.194.224 0.0.0.15 destination 10.19.56.231 0 vpn-instance VPN_MNG logging
rule deny ip logging
quit
#
# ATENTIE !!! Portul de WAN se config. conform tabelului de mai jos (de catre echipa din
teren) :
Configuratie WAN de adaugat : WANWANWANWAN

MC – port electric
(doar daca nu se poate folosi SFP – 1Gbps: SFP – 100 Mbps:
SFP optic):
interface GigabitEthernet0/0/4 interface GigabitEthernet0/0/4 interface GigabitEthernet0/0/4
description WAN - UPLINK description WAN - UPLINK description WAN - UPLINK
undo icmp redirect send undo icmp redirect send undo icmp redirect send
combo-port auto combo-port fiber combo-port fiber
undo icmp port-unreachable send undo negotiation auto undo negotiation auto
icmp rate-limit enable undo icmp port-unreachable send speed 100
icmp rate-limit threshold 500 icmp rate-limit enable undo icmp port-unreachable send
icmp rate-limit threshold 500 icmp rate-limit enable
icmp rate-limit threshold 500
C2 General Page 4
#
#
interface GigabitEthernet0/0/4.999
description WAN-VDF_MGMT
ip binding vpn-instance VPN_MNG
ip address 10.101.212.218 255.255.255.252
dot1q termination vid 2705
undo icmp redirect send
undo icmp port-unreachable send
quit
#
interface LoopBack100
description Interfata_mng
ip binding vpn-instance VPN_MNG
ip address 10.19.56.231 255.255.255.255
quit
#
info-center enable
info-center source default channel loghost log level informational
info-center loghost source LoopBack 100
info-center loghost 192.168.202.9 vpn-instance VPN_MNG channel loghost
info-center loghost 192.168.202.9 vpn-instance VPN_MNG channel loghost port 514
info-center loghost 192.168.202.17 vpn-instance VPN_MNG
#
snmp-agent sys-info location ?IQ_NET_SRL
snmp-agent sys-info version v3
snmp-agent group v3 VDFMonitoring privacy
snmp-agent server-source -i Loopback 100
#
snmp-agent trap enable
y
snmp-agent target-host trap-hostname snmp1 address 172.19.6.40 udp-port 162 vpn-instance VPN_MNG trap-paramsname snmp
snmp-agent target-host trap-hostname snmp2 address 172.19.8.40 udp-port 162 vpn-instance VPN_MNG trap-paramsname snmp
#
ip route-static vpn-instance VPN_MNG 0.0.0.0 0.0.0.0 10.101.212.217
#
undo http server enable
y
undo http secure-server enable
y
undo http secure-server ssl-policy
#
undo telnet server enable
undo tftp server enable
undo autoconfig enable
undo lldp enable
#
ssh server permit interface all
#DACA routerul da eroare la comanda de mai sus, se va ignora - este OK
#
stelnet server enable
undo ssh server compatible-ssh1x enable
#
factory-configuration prohibit
#
cpu-defend policy devicesafety
packet-type arp-request rate-limit 256
packet-type dhcp-client priority 3
application-apperceive packet-type ftp rate-limit 2000
C2 General Page 5
#
cpu-defend-policy devicesafety
#
set cpu-usage threshold 90
#
header login information <
ATENTIE! ACEASTA ESTE O RETEA PRIVATA! Informatiile continute in aceasta retea si echipamente sunt private si apartin in intregime
proprietarului.Daca nu sunteti autorizati deconectati-va imediat!Toate tentativele de acces neautorizat vor fi sanctionate conform legii.
<
#
#
ntp-service enable
ntp-service unicast-server 172.19.5.128
#
ntp-service authentication enable
ntp-service unicast-server 10.237.5.21 vpn-instance VPN_MNG
ntp-service unicast-server 10.237.5.22 vpn-instance VPN_MNG
ntp-service source-interface LoopBack 100 vpn-instance VPN_MNG
#
nat alg all enable
#
#
vlan batch 10
#
dhcp enable
#
ip vpn-instance NET
ipv4-family
route-distinguisher 11:11
vpn-target 11:11 export-extcommunity
vpn-target 11:11 import-extcommunity
#
acl number 3000
rule permit ip source 192.168.1.0 0.0.0.255 destination any
#
ip pool lan_net
vpn-instance NET
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
excluded-ip-address 192.168.1.2 192.168.1.50
dns-list 95.77.94.77 78.96.7.7 81.12.128.206 81.12.132.206
#
dns server vpn-instance NET
dns server 95.77.94.77
dns server 78.96.7.7
dns server 81.12.128.206
dns server 81.12.132.206
dns relay enable
#
undo interface Vlanif1
#
interface Vlanif10
description LAN-INTERNET
ip binding vpn-instance NET
ip address 192.168.1.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/0
C2 General Page 6
port link-type access
port default vlan 10
#
#
#
#
interface GigabitEthernet0/0/4.1
description WAN-INTERNET
ip binding vpn-instance NET
ip address 82.208.167.9 255.255.255.0
dot1q termination vid 111
qos gts cir 76800
nat outbound 3000
undo icmp redirect send
undo icmp port-unreachable send
#
ip route-static vpn-instance NET 0.0.0.0 0.0.0.0 82.208.167.0
#
interface Wlan-Bss0
port hybrid tagged vlan 10
#
interface Wlan-Bss1
port hybrid tagged vlan 10
#
ntp-service unicast-server 192.168.242.100 vpn-instance NET
#
#
//
Parola Wifi trebuie sa respecte:
Please contain at least two of these characters upper-case letters, lower-case letters, digits, and special characters. Minim 8
caractere
//
wlan
calibrate enable auto interval 60
wmm-profile name wmm24 id 1
wmm-profile name wmm5 id 2
traffic-profile name police24 id 1
traffic-profile name police5 id 2
security-profile name sec24 id 1
security-policy wpa2
wpa2 authentication-method psk pass-phrase cipher Vodafone@1234 encryption-method ccmp
security-profile name sec5 id 2
security-policy wpa2
wpa2 authentication-method psk pass-phrase cipher Vodafone@1234 encryption-method ccmp
service-set name serv24 id 0
Wlan-Bss 0
C2 General Page 7
ssid IQ_NET_2.4
traffic-profile id 1
security-profile id 1
service-set name serv5 id 1
Wlan-Bss 1
ssid IQ_NET_5
traffic-profile id 2
security-profile id 2
radio-profile name radi24 id 1
wmm-profile id 1
guard-interval-mode short
undo legacy-station enable
radio-profile name radio5 id 2
wmm-profile id 2
guard-interval-mode short
undo legacy-station enable
#
interface Wlan-Radio0/0/0
undo radio-profile
radio-profile id 1
channel 40MHz-minus 8
service-set id 0 wlan 1
#
interface Wlan-Radio0/0/1
radio-profile id 2
channel 80MHz 64
service-set id 1 wlan 2
quit
#
undo interface Wlan-Bss7
#
#
hwtacacs-server template ISE
hwtacacs-server timer response-timeout 15
hwtacacs-server authentication 10.249.198.210 vpn-instance VPN_MNG shared-key cipher %^%#&2XN>&cbCI<4|h3{q5XPnv`#Y\_7D.KATa,$dIM6%^%#
hwtacacs-server authentication 10.249.198.218 vpn-instance VPN_MNG secondary shared-key cipher %^%#[V})LpNL[I,W^xJ~q0|7A3W]J"~l`MtSj36e_nY,%^%#
hwtacacs-server authorization 10.249.198.210 vpn-instance VPN_MNG shared-key cipher %^%#8/V'Ke]!\M-Jn}W~Fwe9S=&_/A|*Q%xVu"P&rp.$%^%#
hwtacacs-server authorization 10.249.198.218 vpn-instance VPN_MNG secondary shared-key cipher %^%#@0L`OTxuAIytbD~]u@+8SFo9~o@EmM.@b]K(Gj\0%^%#
hwtacacs-server accounting 10.249.198.210 vpn-instance VPN_MNG shared-key cipher %^%#<V#j%9.\hEv)Bx7nFXtSOl_4WOW{KAdle6Og^P~1%^%#
hwtacacs-server accounting 10.249.198.218 vpn-instance VPN_MNG secondary shared-key cipher %^%#>Yl#Z!HFnI06lt5z^oVK/C}PEjK2HJA{XkWB;sS6%^%#
hwtacacs-server source-ip source-loopback 100
undo hwtacacs-server user-name domain-included
quit
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authentication-scheme ISE
authentication-mode hwtacacs local
authorization-scheme default
authorization-mode local
authorization-scheme Autorizare
authorization-mode hwtacacs local
accounting-scheme default
accounting-mode none
accounting-scheme aaa
accounting-mode hwtacacs
quit
undo local-aaa-user password policy administrator
service-scheme aaa
C2 General Page 8
admin-user privilege level 15
quit
domain default
quit
domain default_admin
quit
domain tacacs
authentication-scheme ISE
accounting-scheme aaa
authorization-scheme Autorizare
service-scheme aaa
radius-server default
hwtacacs-server ISE
quit
undo local-user admin
quit
#
domain tacacs admin
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
acl 3099 inbound
protocol inbound ssh
quit
#
quit
#
save
y
#
La final, OMC-NTT configureaza pe CPE:
#
sys
aaa
undo local-user rhifield
quit
#
snmp-agent usm-user v3 <SNMPuser> group VDFMonitoring acl 2030
snmp-agent usm-user v3 <SNMPuser> authentication-mode sha2-256
<SNMPpass>
<SNMPpass>
snmp-agent usm-user v3 <SNMPuser> privacy-mode aes128
<passcrypt>
<passcrypt>
#
quit
save
y
C2 General Page 9
#
C2 General Page 10

Ipwo 1522007 Iq Net

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Ipwo 1522007 Iq Net

Încărcat de

Drepturi de autor:

Formate disponibile

IT WORK ORDER for CUSTOMER EQUIPMENT INSTALLATION

From: VBTS Date: 11/1/2021 10:04 AM

Client Name: IQ-NET SRL

CONFIGURATION TABLE – VPN MNG

Site / Cloud Equipment IP desc IP Address

VLANID IP Address NetMask

From: IST UPC

CONFIGURATION TABLE – NET IP UPC

● Nu se fac modificari pe PE-urile VDF

● UPC trebuie sa defineasca serviciul INTERNET in reteaua UPC (cu IP UPC)

Pentru echipa din teren:

- se alege AR617_IOS_si_patch din TAB-ul All Categories si se apasa butonul Filter

Se va configura routerul care se instaleaza la client conform template de mai jos:

1. Daca router-ul vine din dezinstalari acesta se va reseta la configuratia default:

In modul de configurare “>”

Configuratie WAN de adaugat : WANWANWANWAN

La final, OMC-NTT configureaza pe CPE:

S-ar putea să vă placă și