Snmp在企业网中的应用
Snmp在企业网中的应用
SNMP(Simple Network Management Protocol,简单网络管理协议)的前身是简单网关监控协议(SGMP),用来对通信线路进行管理。随后,人们对SGMP进行了很大的修改,特别是加入了符合Internet定义的SMI和MIB:体系结构,改进后的协议就是著名的SNMP。SNMP的目标是管理互联网Internet上众多厂家生产的软硬件平台,因此SNMP受Internet标准网络管理框架的影响也很大。现在SNMP已经出到第三个版本的协议,其功能较以前已经大大地加强和改进了。
【实验拓扑】
【实验环境】
H3C防火墙 F100-C 两台
Quitway交换机 s2000 一台
NMS windows xp
Web server windows server 2003
【设备参考配置】
Fw-1
<fw-1>dis cu
#
sysname fw-1
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
snmp-detector agent
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 192.168.3.1 255.255.255.0
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 192.168.4.0 255.255.255.0 192.168.3.2 preference 60
#
snmp-agent
snmp-agent local-engineid 000063A27F00000100001560
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact zhangsan
snmp-agent sys-info location jifang-1
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
Fw-2
<fw-2>dis cu
#
sysname fw-2
#
firewall packet-filter enable
firewall packet-filter default permit
#
insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.4.1 255.255.255.0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
ip address 192.168.3.2 255.255.255.0
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet0/4
set priority 5
#
firewall zone DMZ
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local DMZ
#
firewall interzone trust untrust
#
firewall interzone trust DMZ
#
firewall interzone DMZ untrust
#
FTP server enable
#
ip route-static 192.168.2.0 255.255.255.0 192.168.3.1 preference 60
#
snmp-agent
snmp-agent local-engineid 000063A27F0000010000131B
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact lisi
snmp-agent sys-info location jifang-2
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
Sw-1
[sw-1]dis cu
#
sysname sw-1
#
radius scheme system
#
domain system
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.4.2 255.255.255.0
#
interface Aux1/0/0
#
interface Ethernet1/0/1
#
interface Ethernet1/0/2
#
interface Ethernet1/0/3
#
interface Ethernet1/0/4
#
interface Ethernet1/0/5
#
interface Ethernet1/0/6
#
interface Ethernet1/0/7
#
interface Ethernet1/0/8
#
interface Ethernet1/0/9
#
interface Ethernet1/0/10
#
interface Ethernet1/0/11
#
interface Ethernet1/0/12
#
interface Ethernet1/0/13
#
interface Ethernet1/0/14
#
interface Ethernet1/0/15
#
interface Ethernet1/0/16
#
interface Ethernet1/0/17
#
interface Ethernet1/0/18
#
interface Ethernet1/0/19
#
interface Ethernet1/0/20
#
interface Ethernet1/0/21
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.4.1 preference 60
#
snmp-agent
snmp-agent local-engineid 800007DB000FE2428A416877
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info contact gangang
snmp-agent sys-info location jifang-2
snmp-agent sys-info version all
snmp-agent target-host trap address udp-domain 192.168.2.200 params securityname public
#
user-interface aux 0
user-interface vty 0 4
#
return
NMS地址分配
安装监管软件What's up Gold v8.01
安装成功之后我们开始扫描整个网络
此处注意 一定要将limit scan to ip class of root 选项勾掉
选择扫描的服务器和接口
正在扫描
看着太乱了,我们需要编辑一下。至于编辑的过程小编就不多说了,下面是编辑好的图。
我们来看看管理起来怎么样
各种管理看起来都很不错,那我们访问以下web服务器试试
那么停掉服务器呢
我们可以在图中很清楚的观察到每一部分的变化和改变,非常直观。所以snmp管理起来是很不错的。