发布时间 : 星期二 文章各品牌网络设备SNMP及NetFlow配置集更新完毕开始阅读7041c02d2af90242a895e555
一、JUNIPER设备
1.Snmp的配置
set system static-host-mapping E450 inet 192.168.1.45 set system syslog user * any emergency set system syslog host E450 any any
set system syslog host 192.168.1.251 any any set snmp community net123 authorization read-write set snmp community net123 clients 192.168.1.251 set snmp community net123 clients 192.168.1.251 set snmp community net123 clients 0.0.0.0/0 set snmp trap-group
set snmp trap-group
set snmp trap-group
set routing-options options syslog level emergency alert critical error warning notice info debug commit
2.NetFlow配置
set firewall filter gd-ipnet-m160-1 term net123 then sample set firewall filter gd-ipnet-m160-1 term net123 then accept
set interfaces ge-4/1/1 unit 0 family inet filter input net123 \在ge-4/1/1口上对input包作采样
set interfaces ge-4/1/1 unit 0 family inet filter output net123 \对output包作采样 set forwarding-options sampling input family inet rate 1000 \采样率为1000 set forwarding-options sampling input family inet run-length 0
set forwarding-options sampling output cflowd 211.139.136.108 port 3055 \接受NetFlow采样包的目的主机为211.139.136.108
set forwarding-options sampling output cflowd 211.139.136.108 version 5 set forwarding-options sampling output cflowd 211.139.136.108 no-local-dump
set forwarding-options sampling output cflowd 211.139.136.108 autonomous-system-type origin \和peer选一 commit
\在这里,sampling_rate=(run_length+1)/rate, \即sampling_rate=(1+1)/1000
\缺省为0) 3.SLA配置
set snmp view ping-view oid .1.3.6.1.2.1.80 include \set snmp view ping-view oid .1.3.6.1.4.1.2636.3.7 include
\\set snmp community ping-community authorization read-write set snmp community ping-community view ping-view
set snmp community ping-community clients 211.139.136.108 commit
4.采样进程的停止与重新启动 先查出sampled进程的PID号:
juniper>show system processes extensive 再juniper>start shell %su
#kill PID号 退出:#exit %exit
如果要重新开起sampled进程:
juniper>restart sampling immediately
二、CISCO设备 1、snmp、traps: router#config t
router(config)#snmp community net123 rw
router(config)#snmp host 192.168.1.45 traps version 2c xxxxxxxx router(config)#snmp enable traps
router(config-if)#snmp trap link-status 2、syslog:
router(config)#logging 192.168.1.45
router(config)#logging source-interface loopback0
3、netflow:
cisco目前还不支持双向netflow,缺省是针对input
router(config-if)#ip route-cache flow sampled \支持sampled参数,其他的可能不支持sampled参数
router(config)#ip flow-export version 5 origin-as as_id router(config)#ip flow-export destination 192.168.1.45 3055 router(config)#ip flow-sampling-mode packet-interval 1000 router#ip flow-export source Loopback0 router#show ip flow sampling router#show ip flow export
router#show ip cache flow \这些命令查看netflow的状态
从12.1(3)T版本开始,cisco IOS允许netflow发给多个目的主机(当前版本最多支持2个)。 (12.2T)
(rsp-jsv-mz.123-4.T1.bin ,最少128M mem,最少32M flash MEM。)
4、PIX防火墙
PIX: conduit permit icmp any any
conduit permit tcp host 172.10.17.141 eq 5016 host 139.126.254.1 conduit permit udp any host 132.96.20.9
route outside 10.3.81.0 255.255.255.0 172.10.17.150 1 snmp-server host outside 132.96.20.9 poll no snmp-server location no snmp-server contact snmp-server community net123 snmp-server enable traps PIX的规则:
外网的地址不能访问pix的outside接口的地址的 如果要访问inside接口的地址的话 那需要做nat
把采集机地址映射成内网的一个地址 然后才能snmp访问inside接口
如果不做nat要snmp访问inside接口的话 必须要走ipsec方式
三、华为设备 1、huawei R3640EP:
[router]display saved-config !查看保存的配置 [router]undo ..... !相当于cisco里的no命令 [router]interface loopback1