首页 > 代码库 > 用SNMP实现对大型网络的轻松管理!

用SNMP实现对大型网络的轻松管理!

 原文来自:http://guojiping.blog.51cto.com/5635432/985885

一、原理介绍:

SNMP简介 
  目前网络中用得最广泛的网络管理协议是SNMP(Simple Network Management Protocol,简单网络管理协议)。SNMP是被广泛接受并投入使用的工业标准用于保证管理信息在网络中任意两点间传送,便于网络管理员在网络上的任何节点检索信息、修改信息、定位故障、完成故障诊断、进行容量规划和生成报告。 
SNMP采用轮询机制,只提供最基本的功能集,特别适合在小型、快速和低价格的环境中使用。SNMP的实现基于无连接的传输层协议UDP,因此可以实现和众多产品的无障碍连接

SNMP的工作机制 
SNMP分为NMS和Agent两部分: 
NMS(Network Management Station,网络管理站)是运行客户端程序的工作站,目前常用的网管平台有QuidView、Sun NetManager和IBM NetView。 
Agent运行在网络设备上的服务器端软件。 
NMS可以向Agent发出GetRequest、GetNextRequest和SetRequest报文,Agent接收到NMS的这些请求报文后,根据报文类型进行Read或Write操作,生成Response报文,并将报文返回给NMS。 
Agent在设备发生异常情况或状态改变时(如设备重新启动),也会主动向NMS发送Trap报文,向NMS汇报所发生的事件。

SNMP的版本 
目前,设备中的SNMP Agent支持SNMP v3版本,兼容SNMP v1版本、SNMP v2C版本。 
SNMP v3采用用户名和密码认证方式。 
SNMP v1、SNMP v2C采用团体名(Community Name)认证,非设备认可团体名的SNMP报文将被丢弃。SNMP团体名用来定义SNMP NMS和SNMP Agent的关系。团体名起到了类似于密码的作用,可以限制SNMP NMS访问设备上的SNMP Agent。用户可以选择指定以下一个或者多个与团体名相关的特性: 
1.定义团体名可以访问的MIB视图。

2.设置团体名对MIB对象的访问权限为读写权限(write)或者只读权限(read)。具有只读权限的团体名只能对设备信息进行查询,而具有读写权限的团体名还可以对设备进行配置。 
3.设置团体名指定的基本访问控制列表。

设备支持的MIB 
在SNMP报文中用管理变量来描述设备中的管理对象。为了唯一标识设备中的管理对象,SNMP用层次结构命名方案来识别管理对象。整个层次结构就像一棵树,树的节点表示管理对象,如下图1-1所示。每一个节点,都可以用从根开始的一条路径唯一地标识。

技术分享

MIB(Management Information Base,管理信息库)的作用就是用来描述树的层次结构,它是所监控网络设备的标准变量定义的集合。在图1-1中,管理对象B可以用一串数字{1.2.1.1}唯一确定,这串数字是管理对象的对象标识符(Object Identifier)。 
系统支持的常见MIB如下表1-1所示。

技术分享技术分享 

二、案例分析及使用:

1.实验拓扑图:

技术分享

注意:windows server 2003 是在虚拟机中安装,桥接到本地连接1上使用!

2.设备配置:

交换机配置:

[Quidway]int Vlan-interface 1

[Quidway-Vlan-interface1]ip add 192.168.1.2 255.255.255.0

[Quidway-Vlan-interface1]quit

[Quidway]ip route-static 0.0.0.0 0.0.0.0 192.168.1.3  //默认网关

[Quidway]snmp-agent   // 启动snmp

[Quidway]snmp-agent ?

community Set a community for the access of SNMPv1&SNMPv2c

group Set an SNMP group based on USM

local-engineid Set the engineID of local SNMP entity

mib-view Set SNMP MIB view information

packet Set SNMP packet‘s parameters

sys-info Set system information of the node

target-host Set the target hosts to receive SNMP notification/trap

packets

trap Set trap or notification parameters

usm-user Set a new user for access to SNMP entity

<cr>

[Quidway]snmp-agent sys-info ?

contact Set the contact information for system maintenance

location Set the physical position information of this node

version Enable the SNMP protocol version

[Quidway]snmp-agent sys-info contact zhaoke

[Quidway]snmp-agent sys-info location zhengzhou

[Quidway]snmp-agent sys-info version ?    //版本信息

all Enable the device to support SNMPv1, SNMPv2c and SNMPv3

v1 Enable the device to support SNMPv1

v2c Enable the device to support SNMPv2c

v3 Enable the device to support SNMPv3

[Quidway]snmp-agent sys-info version all

[Quidway]snmp-agent community ?

read Read-only access for this community in the view

write Read-write access for this community in the view

[Quidway]snmp-agent community read public

[Quidway]snmp-agent community write private

[Quidway]snmp-agent trap ?

enable SNMP trap/notification enable commands group

life Set the trap aging time

queue-size Length of each TRAP message queue

source Set the source address of SNMPv1 trap packet

[Quidway]snmp-agent trap enable  //打开陷阱功能

[Quidway]snmp-agent target-host ?

trap Specify the target to be trap host

[Quidway]snmp-agent target-host trap ?

address Specify the transport addresses to be used in the generation of SNMP

messages

[Quidway]snmp-agent target-host trap address ?

udp-domain Specify transport domain over UDP for the target host

[Quidway]snmp-agent target-host trap address udp-d

[Quidway]snmp-agent target-host trap address udp-domain ?

X.X.X.X IP address of target host

[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 ?

params Specify SNMP target information to be used in the generation of

SNMP messages

udp-port Set port to receive traps/notifications for this target host

[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params ?

securityname Specify the name for the principal on whose behalf SNMP

messages will be generated

[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params secu

[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname ?

STRING<1-32> Specify the character string of security name

[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname public

路由器R2的配置:

[Router]sysname R2

[R2]int e1

[R2-Ethernet1]ip add 192.168.1.3 24

[R2-Ethernet1]int s0

[R2 -Serial0]ip add 192.168.2.1 24

[R2-Serial0]

%01:02:44: Line protocol ip on the interface Serial0 is UP

[Router-Serial0]quit

[R2]display ip routing

Routing Tables:

Destination/Mask Proto Pref Metric Nexthop Interface

127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

192.168.1.0/24 Direct 0 0 192.168.1.3 Ethernet1

192.168.1.3/32 Direct 0 0 127.0.0.1 LoopBack0

192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0

192.168.2.1/32 Direct 0 0 127.0.0.1 LoopBack0

[R2]ip route-static 192.168.3.0 24 192.168.2.2

[R2]ping 192.168.1.2

PING 192.168.1.2: 56 data bytes, press CTRL_C to break

Request time out

Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time = 32 ms

Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time = 14 ms

Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time = 9 ms

Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time = 12 ms

[R2]snmp-agent ?

<cr> Enable SNMP agent

community Configure community string access

group Configure a group security version

local-engineID Configure the local-engine ID string

mib-view Specify MIB family inclusions and exclusions

packet Configure the max packet size

sys-info Specify the SNMP system information

target-host Specify the SNMP trap host address

trap Configure SNMP traps

usm-user Configure a SNMP user

[R2]snmp-agent

[R2]snmp-agent sys-info contact zouyunxia

[R2]snmp-agent sys-info location xuchang

[R2]snmp-agent sys-info version all

[R2]snmp-agent community ?

read Specify read-only access

write Specify read-write access

[R2]snmp-agent community read public

[R2]snmp-agent community write private

[R2]snmp-agent trap ?

enable Enable SNMP trap

life Specify timeout of SNMP trap

queue-size Specify the length of SNMP trap queue

source Specify source address for sending SNMP trap

[R2]snmp-agent trap enable

[R2]snmp-agent target-host ?

trap Specify trap host information

[R2]snmp-agent target-host trap ?

address host IP address

[R2]snmp-agent target-host trap address ?

X.X.X.X IP address

[R2]snmp-agent target-host trap address 192.168.1.100 ?

parameters Specify SNMP parameters

port Specify host‘s UDP port

securityname Specify securityname string information

[R2]snmp-agent target-host trap address 192.168.1.100 securityname ?

STRING<1-32> SNMP securityname string

[R2]snmp-agent target-host trap address 192.168.1.100 securityname public

路由器R1的配置:

[Router]sysname R1

[R1]int e1

[R1-Ethernet1]ip add 192.168.3.1 24

[R1-Ethernet1]int s0

[R1-Serial0]ip address 192.168.2.2 24

[R1-Serial0]

%01:37:43: Line protocol ip on the interface Serial0 is UP

[R1-Serial0]shutdown

% Interface Serial0 is shut down

[R1-Serial0]

%01:37:48: Interface Serial0 is DOWN

[R1-Serial0]undo shutdown

% Interface Serial0 is reset

[R1-Serial0]

%01:38:01: Interface Serial0 is UP

%01:38:01: Line protocol ip on the interface Serial0 is UP

[R1-Serial0]quit

[R1]ip route-static 192.168.1.0 24 192.168.2.1

[R1]snmp-agent

[R1]snmp-agent sys-info contact guojiping

[R1]snmp-agent sys-info location shanghai

[R1]snmp-agent sys-info version all

[R1]snmp-agent community read public

[R1]snmp-agent community write private

[R1]snmp-agent trap enable

[R1]snmp-agent target-host ?

trap Specify trap host information

[R1]snmp-agent target-host trap address 192.168.1.100 securityname ?

STRING<1-32> SNMP securityname string

[R1]snmp-agent target-host trap address 192.168.1.100 securityname public

[R1]display ip routing

Routing Tables:

Destination/Mask Proto Pref Metric Nexthop Interface

127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0

127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0

192.168.1.0/24 Static 60 0 192.168.2.1 Serial0

192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0

192.168.2.1/32 Direct 0 0 192.168.2.1 Serial0

192.168.2.2/32 Direct 0 0 127.0.0.1 LoopBack0

192.168.3.0/24 Direct 0 0 192.168.3.1 Ethernet1

192.168.3.1/32 Direct 0 0 127.0.0.1 LoopBack0

[R1]ping 192.168.3.100

PING 192.168.3.100: 56 data bytes, press CTRL_C to break

Reply from 192.168.3.100: bytes=56 Sequence=0 ttl=64 time = 1 ms

3.测试:

Windows server 2003 的配置:

技术分享

技术分享

安装what‘s up软件 并设置:

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

技术分享

整个网络拓扑图:

技术分享

技术分享

技术分享

技术分享

技术分享

[R1]snmp-agent trap enable standard ?

authentication Send authentication trap

coldstart Send coldstart trap

linkdown Send linkdown trap

linkup Send linkup trap

warmstart Send warmstart trap

<cr>

[R1]snmp-agent trap enable standard linkup

[R1]snmp-agent trap enable standard linkdown

技术分享

技术分享

用SNMP实现对大型网络的轻松管理!