Snmp在企業網中的應用
SNMP(Simple Network Management Protocol,簡單網絡管理協議)的前身是簡單網關監控協議(SGMP),用來對通信線路進行管理。隨後,人們對SGMP進行了很大的修改,特別是加入了符合Internet定義的SMI和MIB:體系結構,改進後的協議就是著名的SNMP。SNMP的目標是管理互聯網Internet上衆多廠家生產的軟硬件平臺,因此SNMP受Internet標準網絡管理框架的影響也很大。現在SNMP已經出到第三個版本的協議,其功能較以前已經大大地加強和改進了。
【實驗拓撲】
【實驗環境】
H3C防火牆 F100-C 兩臺
Quitway交換機 s2000 一臺
NMS windows xp
Web server windows server 2003
【設備參考配置】
Fw-1
<fw-1>dis cu
#
sysname fw-1
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
snmp-detector agent
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 192.168.3.1 255.255.255.0
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 192.168.4.0 255.255.255.0 192.168.3.2 preference 60
#
snmp-agent
snmp-agent local-engineid 000063A27F00000100001560
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact zhangsan
snmp-agent sys-info location jifang-1
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
Fw-2
<fw-2>dis cu
#
sysname fw-2
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.4.1 255.255.255.0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 192.168.3.2 255.255.255.0
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 192.168.2.0 255.255.255.0 192.168.3.1 preference 60
#
snmp-agent
snmp-agent local-engineid 000063A27F0000010000131B
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact lisi
snmp-agent sys-info location jifang-2
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
Sw-1
[sw-1]dis cu
#
sysname sw-1
#
radius scheme system
#
domain system
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.4.2 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
#
interface Ethernet1/0/4
#
interface Ethernet1/0/5
#
interface Ethernet1/0/6
#
interface Ethernet1/0/7
#
interface Ethernet1/0/8
#
interface Ethernet1/0/9
#
interface Ethernet1/0/10
#
interface Ethernet1/0/11
#
interface Ethernet1/0/12
#
interface Ethernet1/0/13
#
interface Ethernet1/0/14
#
interface Ethernet1/0/15
#
interface Ethernet1/0/16
#
interface Ethernet1/0/17
#
interface Ethernet1/0/18
#
interface Ethernet1/0/19
#
interface Ethernet1/0/20
#
interface Ethernet1/0/21
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1 preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB000FE2428A416877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact gangang
snmp-agent sys-info location jifang-2
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface aux 0
user-interface vty 0 4
#
return
NMS地址分配
安裝監管軟件What's up Gold v8.01
安裝成功之後我們開始掃描整個網絡
此處注意 一定要將limit scan to ip class of root 選項勾掉
選擇掃描的服務器和接口
正在掃描
看着太亂了,我們需要編輯一下。至於編輯的過程小編就不多說了,下面是編輯好的圖。
我們來看看管理起來怎麼樣
各種管理看起來都很不錯,那我們訪問以下web服務器試試
那麼停掉服務器呢
我們可以在圖中很清楚的觀察到每一部分的變化和改變,非常直觀。所以snmp管理起來是很不錯的。