• 用SNMP实现对大型网络的轻松管理!


     原文来自:http://guojiping.blog.51cto.com/5635432/985885

    一、原理介绍:

    SNMP简介 
      目前网络中用得最广泛的网络管理协议是SNMP(Simple Network Management Protocol,简单网络管理协议)。SNMP是被广泛接受并投入使用的工业标准用于保证管理信息在网络中任意两点间传送,便于网络管理员在网络上的任何节点检索信息、修改信息、定位故障、完成故障诊断、进行容量规划和生成报告。 
    SNMP采用轮询机制,只提供最基本的功能集,特别适合在小型、快速和低价格的环境中使用。SNMP的实现基于无连接的传输层协议UDP,因此可以实现和众多产品的无障碍连接

    SNMP的工作机制 
    SNMP分为NMS和Agent两部分: 
    NMS(Network Management Station,网络管理站)是运行客户端程序的工作站,目前常用的网管平台有QuidView、Sun NetManager和IBM NetView。 
    Agent运行在网络设备上的服务器端软件。 
    NMS可以向Agent发出GetRequest、GetNextRequest和SetRequest报文,Agent接收到NMS的这些请求报文后,根据报文类型进行Read或Write操作,生成Response报文,并将报文返回给NMS。 
    Agent在设备发生异常情况或状态改变时(如设备重新启动),也会主动向NMS发送Trap报文,向NMS汇报所发生的事件。

    SNMP的版本 
    目前,设备中的SNMP Agent支持SNMP v3版本,兼容SNMP v1版本、SNMP v2C版本。 
    SNMP v3采用用户名和密码认证方式。 
    SNMP v1、SNMP v2C采用团体名(Community Name)认证,非设备认可团体名的SNMP报文将被丢弃。SNMP团体名用来定义SNMP NMS和SNMP Agent的关系。团体名起到了类似于密码的作用,可以限制SNMP NMS访问设备上的SNMP Agent。用户可以选择指定以下一个或者多个与团体名相关的特性: 
    1.定义团体名可以访问的MIB视图。

    2.设置团体名对MIB对象的访问权限为读写权限(write)或者只读权限(read)。具有只读权限的团体名只能对设备信息进行查询,而具有读写权限的团体名还可以对设备进行配置。 
    3.设置团体名指定的基本访问控制列表。

    设备支持的MIB 
    在SNMP报文中用管理变量来描述设备中的管理对象。为了唯一标识设备中的管理对象,SNMP用层次结构命名方案来识别管理对象。整个层次结构就像一棵树,树的节点表示管理对象,如下图1-1所示。每一个节点,都可以用从根开始的一条路径唯一地标识。

    image

    MIB(Management Information Base,管理信息库)的作用就是用来描述树的层次结构,它是所监控网络设备的标准变量定义的集合。在图1-1中,管理对象B可以用一串数字{1.2.1.1}唯一确定,这串数字是管理对象的对象标识符(Object Identifier)。 
    系统支持的常见MIB如下表1-1所示。

    imageimage 

    二、案例分析及使用:

    1.实验拓扑图:

    clip_image002

    注意:windows server 2003 是在虚拟机中安装,桥接到本地连接1上使用!

    2.设备配置:

    交换机配置:

    [Quidway]int Vlan-interface 1

    [Quidway-Vlan-interface1]ip add 192.168.1.2 255.255.255.0

    [Quidway-Vlan-interface1]quit

    [Quidway]ip route-static 0.0.0.0 0.0.0.0 192.168.1.3  //默认网关

    [Quidway]snmp-agent   // 启动snmp

    [Quidway]snmp-agent ?

    community Set a community for the access of SNMPv1&SNMPv2c

    group Set an SNMP group based on USM

    local-engineid Set the engineID of local SNMP entity

    mib-view Set SNMP MIB view information

    packet Set SNMP packet's parameters

    sys-info Set system information of the node

    target-host Set the target hosts to receive SNMP notification/trap

    packets

    trap Set trap or notification parameters

    usm-user Set a new user for access to SNMP entity

    <cr>

    [Quidway]snmp-agent sys-info ?

    contact Set the contact information for system maintenance

    location Set the physical position information of this node

    version Enable the SNMP protocol version

    [Quidway]snmp-agent sys-info contact zhaoke

    [Quidway]snmp-agent sys-info location zhengzhou

    [Quidway]snmp-agent sys-info version ?    //版本信息

    all Enable the device to support SNMPv1, SNMPv2c and SNMPv3

    v1 Enable the device to support SNMPv1

    v2c Enable the device to support SNMPv2c

    v3 Enable the device to support SNMPv3

    [Quidway]snmp-agent sys-info version all

    [Quidway]snmp-agent community ?

    read Read-only access for this community in the view

    write Read-write access for this community in the view

    [Quidway]snmp-agent community read public

    [Quidway]snmp-agent community write private

    [Quidway]snmp-agent trap ?

    enable SNMP trap/notification enable commands group

    life Set the trap aging time

    queue-size Length of each TRAP message queue

    source Set the source address of SNMPv1 trap packet

    [Quidway]snmp-agent trap enable  //打开陷阱功能

    [Quidway]snmp-agent target-host ?

    trap Specify the target to be trap host

    [Quidway]snmp-agent target-host trap ?

    address Specify the transport addresses to be used in the generation of SNMP

    messages

    [Quidway]snmp-agent target-host trap address ?

    udp-domain Specify transport domain over UDP for the target host

    [Quidway]snmp-agent target-host trap address udp-d

    [Quidway]snmp-agent target-host trap address udp-domain ?

    X.X.X.X IP address of target host

    [Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 ?

    params Specify SNMP target information to be used in the generation of

    SNMP messages

    udp-port Set port to receive traps/notifications for this target host

    [Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params ?

    securityname Specify the name for the principal on whose behalf SNMP

    messages will be generated

    [Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params secu

    [Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname ?

    STRING<1-32> Specify the character string of security name

    [Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname public

    路由器R2的配置:

    [Router]sysname R2

    [R2]int e1

    [R2-Ethernet1]ip add 192.168.1.3 24

    [R2-Ethernet1]int s0

    [R2 -Serial0]ip add 192.168.2.1 24

    [R2-Serial0]

    %01:02:44: Line protocol ip on the interface Serial0 is UP

    [Router-Serial0]quit

    [R2]display ip routing

    Routing Tables:

    Destination/Mask Proto Pref Metric Nexthop Interface

    127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

    127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

    192.168.1.0/24 Direct 0 0 192.168.1.3 Ethernet1

    192.168.1.3/32 Direct 0 0 127.0.0.1 LoopBack0

    192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0

    192.168.2.1/32 Direct 0 0 127.0.0.1 LoopBack0

    [R2]ip route-static 192.168.3.0 24 192.168.2.2

    [R2]ping 192.168.1.2

    PING 192.168.1.2: 56 data bytes, press CTRL_C to break

    Request time out

    Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time = 32 ms

    Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time = 14 ms

    Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time = 9 ms

    Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time = 12 ms

    [R2]snmp-agent ?

    <cr> Enable SNMP agent

    community Configure community string access

    group Configure a group security version

    local-engineID Configure the local-engine ID string

    mib-view Specify MIB family inclusions and exclusions

    packet Configure the max packet size

    sys-info Specify the SNMP system information

    target-host Specify the SNMP trap host address

    trap Configure SNMP traps

    usm-user Configure a SNMP user

    [R2]snmp-agent

    [R2]snmp-agent sys-info contact zouyunxia

    [R2]snmp-agent sys-info location xuchang

    [R2]snmp-agent sys-info version all

    [R2]snmp-agent community ?

    read Specify read-only access

    write Specify read-write access

    [R2]snmp-agent community read public

    [R2]snmp-agent community write private

    [R2]snmp-agent trap ?

    enable Enable SNMP trap

    life Specify timeout of SNMP trap

    queue-size Specify the length of SNMP trap queue

    source Specify source address for sending SNMP trap

    [R2]snmp-agent trap enable

    [R2]snmp-agent target-host ?

    trap Specify trap host information

    [R2]snmp-agent target-host trap ?

    address host IP address

    [R2]snmp-agent target-host trap address ?

    X.X.X.X IP address

    [R2]snmp-agent target-host trap address 192.168.1.100 ?

    parameters Specify SNMP parameters

    port Specify host's UDP port

    securityname Specify securityname string information

    [R2]snmp-agent target-host trap address 192.168.1.100 securityname ?

    STRING<1-32> SNMP securityname string

    [R2]snmp-agent target-host trap address 192.168.1.100 securityname public

    路由器R1的配置:

    [Router]sysname R1

    [R1]int e1

    [R1-Ethernet1]ip add 192.168.3.1 24

    [R1-Ethernet1]int s0

    [R1-Serial0]ip address 192.168.2.2 24

    [R1-Serial0]

    %01:37:43: Line protocol ip on the interface Serial0 is UP

    [R1-Serial0]shutdown

    % Interface Serial0 is shut down

    [R1-Serial0]

    %01:37:48: Interface Serial0 is DOWN

    [R1-Serial0]undo shutdown

    % Interface Serial0 is reset

    [R1-Serial0]

    %01:38:01: Interface Serial0 is UP

    %01:38:01: Line protocol ip on the interface Serial0 is UP

    [R1-Serial0]quit

    [R1]ip route-static 192.168.1.0 24 192.168.2.1

    [R1]snmp-agent

    [R1]snmp-agent sys-info contact guojiping

    [R1]snmp-agent sys-info location shanghai

    [R1]snmp-agent sys-info version all

    [R1]snmp-agent community read public

    [R1]snmp-agent community write private

    [R1]snmp-agent trap enable

    [R1]snmp-agent target-host ?

    trap Specify trap host information

    [R1]snmp-agent target-host trap address 192.168.1.100 securityname ?

    STRING<1-32> SNMP securityname string

    [R1]snmp-agent target-host trap address 192.168.1.100 securityname public

    [R1]display ip routing

    Routing Tables:

    Destination/Mask Proto Pref Metric Nexthop Interface

    127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

    127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

    192.168.1.0/24 Static 60 0 192.168.2.1 Serial0

    192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0

    192.168.2.1/32 Direct 0 0 192.168.2.1 Serial0

    192.168.2.2/32 Direct 0 0 127.0.0.1 LoopBack0

    192.168.3.0/24 Direct 0 0 192.168.3.1 Ethernet1

    192.168.3.1/32 Direct 0 0 127.0.0.1 LoopBack0

    [R1]ping 192.168.3.100

    PING 192.168.3.100: 56 data bytes, press CTRL_C to break

    Reply from 192.168.3.100: bytes=56 Sequence=0 ttl=64 time = 1 ms

    3.测试:

    Windows server 2003 的配置:

    clip_image004

    clip_image006

    安装what‘s up软件 并设置:

    clip_image008

    clip_image010

    clip_image012

    clip_image014

    clip_image016

    clip_image018

    clip_image020

    整个网络拓扑图:

    clip_image022

    clip_image024

    clip_image026

    clip_image028

    clip_image030

    [R1]snmp-agent trap enable standard ?

    authentication Send authentication trap

    coldstart Send coldstart trap

    linkdown Send linkdown trap

    linkup Send linkup trap

    warmstart Send warmstart trap

    <cr>

    [R1]snmp-agent trap enable standard linkup

    [R1]snmp-agent trap enable standard linkdown

    clip_image032

    clip_image034

  • 相关阅读:
    类的设计问题
    php数组存在重复的相反元素,去重复
    常用JS验证函数总结
    python常用模块
    re 模块
    logging 模块
    configparser模块
    python 文件处理
    第15章-输入/输出 --- 理解Java的IO流
    第10章-验证框架 --- 验证器类型
  • 原文地址:https://www.cnblogs.com/zhuimengle/p/5851715.html
Copyright © 2020-2023  润新知