分类: 系统运维
2008-05-24 23:34:13
Freebsd%
17.15. 设定SNMP包大小
提问 修改缺省的SNMP包大小
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server packetsize 1480
Router(config)#end
Router#
注释 缺省为1500字节
17.16. 设定SNMP队列大小
提问 增加SNMP Trap队列大小
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server queue-length 25
Router(config)#snmp-server inform pending 40
Router(config)#end
Router#
注释 缺省对Trap的队列是10个trap消息,对Inform是25个。可以通过show snmp来查看队列配置和丢弃的Trap包
17.17. 设定SNMP 超时时长
提问 调整SNMP Trap的超时时长
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server trap-timeout 60
Router(config)#snmp-server inform timeout 120
Router(config)#end
Router#
注释 准确说是重传等待时长
17.18. 禁止端口的Up/Down Traps
提问 忽略特定端口的链路状态告警
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0/0
Router(config-if)#no snmp trap link-status
Router(config-if)#exit
Router(config)#end
Router#
注释 比如特定的拨号接口等
17.19. 设定SNMP Traps的源发送地址
提问 设定SNMP Traps消息的源发送地址
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server host 172.25.1.1 ORATRAP
Router(config)#snmp-server trap-source loopback0
Router(config)#end
Router#
注释 无
17.20. 使用RMON来发送Traps
提问 实现当CPU超过警戒后发送trap或者其他重要事件发送trap
回答
CPU超过特定阀值
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#rmon event 1 log trap ORATRAP description "CPU on Router has exceeded threshold" owner ijbrown
Router(config)#rmon event 2 log description "CPU on Router has normalized" owner ijbrown
Router(config)#rmon alarm 1 lsystem.57.0 60 absolute rising-threshold 70 1 falling-threshold 40 2 owner ijbrown
Router(config)#end
Router#
内存利用超过特定阀值
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#rmon event 4 log trap ORATRAP description "Low memory condition on Router" owner ijbrown
Router(config)#rmon event 5 log trap ORATRAP description "Low Memory condition cleared on Router" owner ijbrown
Router(config)#rmon alarm 3 lsystem.8.0 60 absolute rising-threshold 1500000 5 falling-threshold 1000000 4 owner ijbrown
Router(config)#end
Router#
链路利用率超过固定阀值
er#confi
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#rmon event 6 log trap ORATRAP description "Bandwidth utilization has exceeded threshold on Router interface Serial 0/0" owner ijbrown
Router(config)#rmon event 7 log trap ORATRAP description "Bandwidth utilization has normalized on Router interface Serial 0/0" owner ijbrown
Router(config)#! Configure inbound alarm on Serial0/0 (ifNumber 3)
Router(config)#rmon alarm 4 lifEntry.6.3 300 absolute rising-threshold 1000000 6 falling-threshold 800000 7 owner ijbrown
Router(config)#! Configure outbound alarm on Serial0/0 (ifNumber 3)
Router(config)#rmon alarm 5 lifEntry.8.3 300 absolute rising-threshold 1000000 6 falling-threshold 800000 7 owner ijbrown
Router(config)#end
Router#
注释 路由器内置了这种廉价的监控方案
Router>show rmon events
Event 1 is active, owned by ijbrown
Description is CPU on Router has exceeded threshold
Event firing causes log and trap to community ORATRAP, last fired 00:00:00
Event 2 is active, owned by ijbrown
Description is CPU on Router has normalized
Event firing causes log, last fired 2w2d
Current log entries:
index time description
1 2w2d CPU on Router has normalized
Router>
17.21. 启用SNMPv3
提问 启用SNMPv3提供安全性
回答
(noAuthNoPriv):
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server view TESTV3 mib-2 include
Router(config)#snmp-server group NOTSAFE v3 noauth read TESTV3
Router(config)#snmp-server user WEAK NOTSAFE v3
Router(config)#end
Router#
(authNoPriv):
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server view TESTV3 mib-2 include
Router(config)#snmp-server group ORAROV3 v3 auth read TESTV3
Router(config)#snmp-server user cking ORAROV3 v3 auth md5 daytona19y
Router(config)#end
Router#
(authPriv)
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#snmp-server view TESTV3 mib-2 include
Router(config)#snmp-server group ORAROV3 v3 auth read TESTV3
Router(config)#snmp-server user bpugsley ORAROV3 v3 auth md5 hockeyrules priv des56 shortguy
Router(config)#end
Router#
注释 v3最大的优点就是增加了安全性,有例子中三种模式可以选择
17.22. 高强度SNMPv3加密
提问 增强V3的加密
回答
从12.4(2)T开始增强了加密方法
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#snmp-server user wbrejniak ORAROV3 v3 auth md5 authpass priv 3des privpass
Router1(config)#end
Router1#
或者
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#snmp-server user wbrejniak ORAROV3 v3 auth md5 authpass priv aes 128 privpass
Router1(config)#end
Router1#
注释 无
17.23. 使用 SAA
提问 配置路由器自动轮询另一台设备来获得性能统计
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#rtr responder
Router1(config)#rtr 10
Rou
Router1(config-rtr)#tag ECHO_TEST
Router1(config-rtr)#threshold 1000
Router1(config-rtr)#frequency 300
Router1(config-rtr)#exit
Router1(config)#rtr schedule 10 life 2147483647 start-time now
Router1(config)#rtr 20
Router1(config-rtr)#type jitter dest-ipaddr 10.1.2.3 dest-port 99 num-packets 100
Router1(config-rtr)#tag JITTER_TEST
Router1(config-rtr)#frequency 300
Router1(config-rtr)#exit
Router1(config)#rtr schedule 20 life 100000 start-time now ageout 3600
Router1(config)#exit
Router1#
目标路由器,用来响应SAA测试
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#rtr responder
Router2(config)#exit
Router2#
注释 无
