原文來自:http://guojiping.blog.51cto.com/5635432/985885
一、原理介紹:
SNMP簡介
目前網絡中用得最廣泛的網絡管理協議是SNMP(Simple Network Management Protocol,簡單網絡管理協議)。SNMP是被廣泛接受並投入使用的工業標准,用於保證管理信息在網絡中任意兩點間傳送,便於網絡管理員在網絡上的任何節點檢索信息、修改信息、定位故障、完成故障診斷、進行容量規划和生成報告。
SNMP采用輪詢機制,只提供最基本的功能集,特別適合在小型、快速和低價格的環境中使用。SNMP的實現基於無連接的傳輸層協議UDP,因此可以實現和眾多產品的無障礙連接
SNMP的工作機制
SNMP分為NMS和Agent兩部分:
NMS(Network Management Station,網絡管理站)是運行客戶端程序的工作站,目前常用的網管平台有QuidView、Sun NetManager和IBM NetView。
Agent是運行在網絡設備上的服務器端軟件。
NMS可以向Agent發出GetRequest、GetNextRequest和SetRequest報文,Agent接收到NMS的這些請求報文后,根據報文類型進行Read或Write操作,生成Response報文,並將報文返回給NMS。
Agent在設備發生異常情況或狀態改變時(如設備重新啟動),也會主動向NMS發送Trap報文,向NMS匯報所發生的事件。
SNMP的版本
目前,設備中的SNMP Agent支持SNMP v3版本,兼容SNMP v1版本、SNMP v2C版本。
SNMP v3采用用戶名和密碼認證方式。
SNMP v1、SNMP v2C采用團體名(Community Name)認證,非設備認可團體名的SNMP報文將被丟棄。SNMP團體名用來定義SNMP NMS和SNMP Agent的關系。團體名起到了類似於密碼的作用,可以限制SNMP NMS訪問設備上的SNMP Agent。用戶可以選擇指定以下一個或者多個與團體名相關的特性:
1.定義團體名可以訪問的MIB視圖。
2.設置團體名對MIB對象的訪問權限為讀寫權限(write)或者只讀權限(read)。具有只讀權限的團體名只能對設備信息進行查詢,而具有讀寫權限的團體名還可以對設備進行配置。
3.設置團體名指定的基本訪問控制列表。
設備支持的MIB
在SNMP報文中用管理變量來描述設備中的管理對象。為了唯一標識設備中的管理對象,SNMP用層次結構命名方案來識別管理對象。整個層次結構就像一棵樹,樹的節點表示管理對象,如下圖1-1所示。每一個節點,都可以用從根開始的一條路徑唯一地標識。
MIB(Management Information Base,管理信息庫)的作用就是用來描述樹的層次結構,它是所監控網絡設備的標准變量定義的集合。在圖1-1中,管理對象B可以用一串數字{1.2.1.1}唯一確定,這串數字是管理對象的對象標識符(Object Identifier)。
系統支持的常見MIB如下表1-1所示。
二、案例分析及使用:
1.實驗拓撲圖:
注意:windows server 2003 是在虛擬機中安裝,橋接到本地連接1上使用!
2.設備配置:
交換機配置:
[Quidway]int Vlan-interface 1
[Quidway-Vlan-interface1]ip add 192.168.1.2 255.255.255.0
[Quidway-Vlan-interface1]quit
[Quidway]ip route-static 0.0.0.0 0.0.0.0 192.168.1.3 //默認網關
[Quidway]snmp-agent // 啟動snmp
[Quidway]snmp-agent ?
community Set a community for the access of SNMPv1&SNMPv2c
group Set an SNMP group based on USM
local-engineid Set the engineID of local SNMP entity
mib-view Set SNMP MIB view information
packet Set SNMP packet's parameters
sys-info Set system information of the node
target-host Set the target hosts to receive SNMP notification/trap
packets
trap Set trap or notification parameters
usm-user Set a new user for access to SNMP entity
<cr>
[Quidway]snmp-agent sys-info ?
contact Set the contact information for system maintenance
location Set the physical position information of this node
version Enable the SNMP protocol version
[Quidway]snmp-agent sys-info contact zhaoke
[Quidway]snmp-agent sys-info location zhengzhou
[Quidway]snmp-agent sys-info version ? //版本信息
all Enable the device to support SNMPv1, SNMPv2c and SNMPv3
v1 Enable the device to support SNMPv1
v2c Enable the device to support SNMPv2c
v3 Enable the device to support SNMPv3
[Quidway]snmp-agent sys-info version all
[Quidway]snmp-agent community ?
read Read-only access for this community in the view
write Read-write access for this community in the view
[Quidway]snmp-agent community read public
[Quidway]snmp-agent community write private
[Quidway]snmp-agent trap ?
enable SNMP trap/notification enable commands group
life Set the trap aging time
queue-size Length of each TRAP message queue
source Set the source address of SNMPv1 trap packet
[Quidway]snmp-agent trap enable //打開陷阱功能
[Quidway]snmp-agent target-host ?
trap Specify the target to be trap host
[Quidway]snmp-agent target-host trap ?
address Specify the transport addresses to be used in the generation of SNMP
messages
[Quidway]snmp-agent target-host trap address ?
udp-domain Specify transport domain over UDP for the target host
[Quidway]snmp-agent target-host trap address udp-d
[Quidway]snmp-agent target-host trap address udp-domain ?
X.X.X.X IP address of target host
[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 ?
params Specify SNMP target information to be used in the generation of
SNMP messages
udp-port Set port to receive traps/notifications for this target host
[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params ?
securityname Specify the name for the principal on whose behalf SNMP
messages will be generated
[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params secu
[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname ?
STRING<1-32> Specify the character string of security name
[Quidway]snmp-agent target-host trap address udp-domain 192.168.1.100 params securityname public
路由器R2的配置:
[Router]sysname R2
[R2]int e1
[R2-Ethernet1]ip add 192.168.1.3 24
[R2-Ethernet1]int s0
[R2 -Serial0]ip add 192.168.2.1 24
[R2-Serial0]
%01:02:44: Line protocol ip on the interface Serial0 is UP
[Router-Serial0]quit
[R2]display ip routing
Routing Tables:
Destination/Mask Proto Pref Metric Nexthop Interface
127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
192.168.1.0/24 Direct 0 0 192.168.1.3 Ethernet1
192.168.1.3/32 Direct 0 0 127.0.0.1 LoopBack0
192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0
192.168.2.1/32 Direct 0 0 127.0.0.1 LoopBack0
[R2]ip route-static 192.168.3.0 24 192.168.2.2
[R2]ping 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time = 32 ms
Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time = 14 ms
Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time = 9 ms
Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time = 12 ms
[R2]snmp-agent ?
<cr> Enable SNMP agent
community Configure community string access
group Configure a group security version
local-engineID Configure the local-engine ID string
mib-view Specify MIB family inclusions and exclusions
packet Configure the max packet size
sys-info Specify the SNMP system information
target-host Specify the SNMP trap host address
trap Configure SNMP traps
usm-user Configure a SNMP user
[R2]snmp-agent
[R2]snmp-agent sys-info contact zouyunxia
[R2]snmp-agent sys-info location xuchang
[R2]snmp-agent sys-info version all
[R2]snmp-agent community ?
read Specify read-only access
write Specify read-write access
[R2]snmp-agent community read public
[R2]snmp-agent community write private
[R2]snmp-agent trap ?
enable Enable SNMP trap
life Specify timeout of SNMP trap
queue-size Specify the length of SNMP trap queue
source Specify source address for sending SNMP trap
[R2]snmp-agent trap enable
[R2]snmp-agent target-host ?
trap Specify trap host information
[R2]snmp-agent target-host trap ?
address host IP address
[R2]snmp-agent target-host trap address ?
X.X.X.X IP address
[R2]snmp-agent target-host trap address 192.168.1.100 ?
parameters Specify SNMP parameters
port Specify host's UDP port
securityname Specify securityname string information
[R2]snmp-agent target-host trap address 192.168.1.100 securityname ?
STRING<1-32> SNMP securityname string
[R2]snmp-agent target-host trap address 192.168.1.100 securityname public
路由器R1的配置:
[Router]sysname R1
[R1]int e1
[R1-Ethernet1]ip add 192.168.3.1 24
[R1-Ethernet1]int s0
[R1-Serial0]ip address 192.168.2.2 24
[R1-Serial0]
%01:37:43: Line protocol ip on the interface Serial0 is UP
[R1-Serial0]shutdown
% Interface Serial0 is shut down
[R1-Serial0]
%01:37:48: Interface Serial0 is DOWN
[R1-Serial0]undo shutdown
% Interface Serial0 is reset
[R1-Serial0]
%01:38:01: Interface Serial0 is UP
%01:38:01: Line protocol ip on the interface Serial0 is UP
[R1-Serial0]quit
[R1]ip route-static 192.168.1.0 24 192.168.2.1
[R1]snmp-agent
[R1]snmp-agent sys-info contact guojiping
[R1]snmp-agent sys-info location shanghai
[R1]snmp-agent sys-info version all
[R1]snmp-agent community read public
[R1]snmp-agent community write private
[R1]snmp-agent trap enable
[R1]snmp-agent target-host ?
trap Specify trap host information
[R1]snmp-agent target-host trap address 192.168.1.100 securityname ?
STRING<1-32> SNMP securityname string
[R1]snmp-agent target-host trap address 192.168.1.100 securityname public
[R1]display ip routing
Routing Tables:
Destination/Mask Proto Pref Metric Nexthop Interface
127.0.0.0/8 Direct 0 0 127.0.0.1 LoopBack0
127.0.0.1/32 Direct 0 0 127.0.0.1 LoopBack0
192.168.1.0/24 Static 60 0 192.168.2.1 Serial0
192.168.2.0/24 Direct 0 0 192.168.2.1 Serial0
192.168.2.1/32 Direct 0 0 192.168.2.1 Serial0
192.168.2.2/32 Direct 0 0 127.0.0.1 LoopBack0
192.168.3.0/24 Direct 0 0 192.168.3.1 Ethernet1
192.168.3.1/32 Direct 0 0 127.0.0.1 LoopBack0
[R1]ping 192.168.3.100
PING 192.168.3.100: 56 data bytes, press CTRL_C to break
Reply from 192.168.3.100: bytes=56 Sequence=0 ttl=64 time = 1 ms
3.測試:
Windows server 2003 的配置:
安裝what‘s up軟件 並設置:
整個網絡拓撲圖:
[R1]snmp-agent trap enable standard ?
authentication Send authentication trap
coldstart Send coldstart trap
linkdown Send linkdown trap
linkup Send linkup trap
warmstart Send warmstart trap
<cr>
[R1]snmp-agent trap enable standard linkup
[R1]snmp-agent trap enable standard linkdown
