Shulou(Shulou.com)06/01 Report--

Introduction: SNMP (Simple Network Management Protocol, simple Network Management Protocol) is the most widely used network management protocol. SNMP is an industry standard widely accepted and put into use, which is used to ensure that management information is transmitted between any two points in the network. It is convenient for network administrators to retrieve information, modify information, locate faults, complete fault diagnosis, carry out capacity planning and generate reports at any node on the network. SNMP uses a polling mechanism and provides only the most basic feature set, which is especially suitable for use in small, fast and low-cost environments. The implementation of SNMP is based on the connectionless transport layer protocol UDP, so it can realize barrier-free connection with many products. At present, there are three versions of SNMP: V1, V2C and V3. V1 and V2C use group name (Community Name) authentication to define the relationship between SNMP NMS and SNMP Agent. Users can specify one or more characteristics related to the community name: define the MIB (ManagementInformation Base, management information base) view that the group name can access, set the access permission of the group name to read-write (write) or read-only (read) to the MIB object, and set the basic access control list specified by the group name. Because V3 version is too complex, easy to use is not as high as V1 and V2C, so the utilization rate of V3 is not high, many equipment manufacturers are more keen on V1 and V2C version.

In order to facilitate the management of objects, SNMP uses MIB to realize the tree-like hierarchical structure of the network, thus uniquely identifying the management objects in the network.

Principle: SNMP is divided into two parts: NMS and Agent:

NMS (Network Management Station, network management station) is a workstation that runs client programs. At present, the commonly used network management platforms are QuidView, Sun NetManager, cisco workers, hp openview and IBM NetView. Agent is server-side software that runs on network devices. NMS can send GetRequest, GetNextRequest and SetRequest messages to Agent. After receiving these request messages from NMS, Agent performs Read or Write operations according to the message type to generate Response messages and return the messages to NMS. Agent will also actively send Trap messages to NMS to report events to NMS when abnormal conditions or state changes occur in the device (such as device restart). Trap is a message sent by the managed device to NMS without request, which is used to report some urgent and important events.

Case study:

Environment: two windows 2003 PC, two H3C SecPath F100MurC firewalls, and one Huawei switch S2000. One PC is a SNMP NMS running What's_up_Gold_v8.01 network management tools, and the other is a Web server.

What's_up_Gold_v8.01 download address: http://http://down.51cto.com/data/10127

Requirements: NMS can not only monitor the status of two firewalls and a switch and www host in the network, but also monitor its own status.

Topology Diagram:

Address Planning:

Equipment

Port

Ip address and mask

Firewall 1

Eth0

192.168.2.1/24

Eth5

10.0.0.1/8

Firewall 2

Eth0

192.168.3.1/24

Eth5

10.0.0.2/8

Switch

Vlan-interface 1

192.168.3.2/24

NMS

192.168.2.100/24

WWW

192.168.3.100/24

Specific implementation:

Configuration of FW-1:

[H3C] sysname fw-1

[fw-1] int eth0/0

[fw-1-Ethernet0/0] ip add 192.168.2.1 24

[fw-1-Ethernet0/0] int eth0/4

[fw-1-Ethernet0/4] ip add 10.0.0.1 8

[fw-1-Ethernet0/4]

% Aug 26 03VOV 56MUR 49PUR 783 2013 fw-1 IFNET/4/UPDOWN:Lineprotocol on the interface Ethernet0/4 is UP

[fw-1-Ethernet0/4] q

[fw-1] ip route-static 192.168.3.0 24 10.0.0.2 defines a default route to the 3.0 network segment

[fw-1] firewall zone untrust

[fw-1-zone-untrust] add int eth0/4 adds eth0/4 to the untrust area

[fw-1] snmp-agent starts snmp-agent

[fw-1] snmp-agent community read public sets read permissions for community names

[fw-1] snmp-agent community write private sets read and write permissions for community names

[fw-1] snmp-agent sys-info contact zhangsan sets up system contacts

[fw-1] snmp-agent sys-info location jifang-1 sets the location of the machine

[fw-1] snmp-agent sys-info version all sets the version supported by snmp

[fw-1] snmp-agent trap enable initiates proactive reporting

[fw-1] snmp-agent target-host trap address udp-domain192.168.2.100 params securityname public sets the host to which the report is sent

[fw-1] snmp-agent trap enable standard linkdown linkupwarmstart sets the contents of the report

Configuration of FW-2:

[H3C] sysname ^

[H3C] sysname fw-2

[fw-2] int eth0/0

[fw-2-Ethernet0/0] ip add 192.168.3.1 24

[fw-2-Ethernet0/0]

% Aug 25 18 18 18 15 fw-2 IFNET/4/UPDOWN:Lineprotocol on the interface Ethernet0/0 is UP 944 2013

[fw-2-Ethernet0/0] int eth0/4

[fw-2-Ethernet0/4] ip add 10.0.0.2 8

[fw-2-Ethernet0/4]

% Aug 25 18 1853 53 fw-2 IFNET/4/UPDOWN:Lineprotocol on the interface Ethernet0/4 is UP 693 2013

[fw-2-Ethernet0/4] q

[fw-2] ip route-static 192.168.2.0 24 10.0.0.1

[fw-2] firewall zone untrust

[fw-2-zone-untrust] add int eth0/4

[fw-2] snmp-agent

[fw-2] snmp-agent community read public

[fw-2] snmp-agent community write private

[fw-2] snmp-agent sys-info contact lisi

[fw-2] snmp-agent sys-info location jifang-2

[fw-2] snmp-agent sys-info version all

[fw-2] snmp-agent trap enable

[fw-2] snmp-agent target-host trap address udp-domain192.168.2.100 params securityname public

[fw-2] snmp-agent trap enable standard linkdown linkupwarmstart

Configuration of switch sw:

[Quidway] sysname SW

[SW] int Vlan-interface 1

[SW-Vlan-interface1]

% Apr 209 1940 383 2000 SW L2INF/5/VLANIF LINK STATUS CHANGE:- 1-

Vlan-interface1: is UP

[SW-Vlan-interface1] ip add 192.168.3.2 24

[SW-Vlan-interface1]

% Apr 209 virtual 19 Line protocol on the interfaceVlan-interface1 is UP 50 40 2000 SW IFNET/5/UPDOWN:- 1-Line protocol on the interfaceVlan-interface1 is UP

[SW-Vlan-interface1] q

[SW] ip route-static 0.0.0.0 192.168.3.1 switch sets gateway parameters

[SW] snmp-agent

[SW] snmp-agent community read public

[SW] snmp-agent community write private

[SW] snmp-agent sys-info contact lisi

[SW] snmp-agent sys-info location jifang-2

[SW] snmp-agent sys-info version all

[SW] snmp-agent trap enable

[SW] snmp-agent target-host trap address udp-domain192.168.2.100 params securityname public

[SW] snmp-agent trap enable standard linkdown linkupwarmstart

SW] local-user admin add administrative user

New local user added.

[SW-luser-admin] password cipher admin sets administrator password

[SW-luser-admin] service-type telnet level 3 service run level

[SW-luser-admin] q

[SW] user-interface vty 0 4

[SW-ui-vty0-4] authentication-modescheme authentication type scheme

Configuration of the www server:

First, to install snmp protocol support, click start à Settings Control Panel à to add and remove programs:

Click OK, and then next, complete the installation. Use netstat-na | more to view the open ports:

Since this PC is only used as a SNMP Agent, to disable port 162of SNMP NMS, right-click my computer à à services and applications à services:

Use netstat-na again | more to check the open ports:

Then configure Agent-related content:

The following interface appears:

Then select the trap:

Then select Security:

Then apply and click OK to complete the configuration of Agent.

Next, install IIS on this host, set up a home page, and implement the web service. There will be no demonstration here.

Configuration of NMS:

First of all, install snmp protocol support, in this pc to act as a network management station, so port 162must be opened, other operations are the same as above.

Then, we upload the What's_up_Gold_v8.01 network management tool to PC for installation. After the installation, the following interface appears:

Then, select file à new map wizard:

Then make the appropriate choices:

When you click finish, the following interface appears:

Due to problems with the software itself, not all the generated pictures are connected, so we need to connect and change the corresponding icons to make it easier for us to identify what kind of device it is:

Then, based on this diagram, we can check the status and manage the devices through the telent and web interfaces, and we can explore other corresponding functions on our own.

When the device is in different states, the color of the icon will be different, if the normal display of green, if not green means that there is a problem, is not very smart ah!

The color changes with the extension of time, it is very eye-catching!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.