snmp toan tap _diep thanh nguyen_ - chuong 2

Chng

2

Qun l mng vi SNMP ng dng qun l mng vi SNMP Cch thc khai bo SNMP manager v SNMP agent Gim st router ADSL bng SNMP Gim st my ch Windows & Linux bng SNMP Gim st switch bng SNMP

SNMP ton tp

Chng 2 : Qun l mng vi SNMP

1. ng dng qun l mng vi SNMPTrong chng ny tc gi s gii thiu cc ng dng qun l thit b mng bng SNMP v lm th no trin khai chng vo thc t. Cc phn mm c gii thiu u d tm v cc v d th n gin nhng thc t mi c gi u c th thc hin c. Cc bn s thc hin nhng bi sau : + Gim st lu lng v cnh bo ca ADSL router (modem internet adsl) bng phn mm SNMP Traffic Monitor v SNMP Trap Receiver. Loi ADSL router c ly lm v d l loi Dlink DSL-520T. + Gim st ti nguyn v cnh bo ca my ch Windows v Linux bng phn mm Solarwinds. Cc bn ang cng tc v tr qun tr mng my ch ti cc doanh nghip c th thc hin bi ny trn h thng m cc bn ang qun l. + Gim st lu lng v cnh bo ca mt switch Cisco Catalyst 2950 bng phn mm PRTG. Cc bn ang cng tc v tr qun tr mng phn cng c th thc hin bi ny v switch C2950 l loi ph bin. Thay v ch gii thiu mt phn mm thng mi c y chc nng nh Solarwinds th tc gi s gii thiu nhiu phn mm nhm gip ngi c d dng tm kim, v quan trng hn l lm quen cch cu hnh nhng phn mm khc nhau t n gin n phc tp.

2. Cch thc khai bo SNMP manager v SNMP agentNhiu bn ci t cc phn mm gim st v chy nhng khng thu c thng tin g c, l v cc bn cha thc hin cc khai bo cu hnh y . thc hin gim st mt thit b (agent) bng phn mm gim st (manager), cc bn phi cu hnh SNMP manager v SNMP agent ng cch. Cc manager v agent c giao din hay cu lnh cu hnh khc nhau, nhng chng u c cc thng s chung cn ci t. Bn phi cu hnh 2 phn cho SNMP Get/Set v SNMP Trap. Nh trnh by trong chng 1, Get/Set dng ly/thit lp thng tin cn trap dng cnh bo. Bn hy ghi nh cc bc cu hnh c trnh by di y, n s gip bn cu hnh ng cc manager v agent khc nhau, gip bn nhanh chng pht hin ra cc thiu st. Cu hnh Get/Set trn SNMP agent + Bt tnh nng SNMP agent trn thit b cn gim st : cc thit b h tr SNMP c th khng mc nh bt tnh nng ny, bn phi bt n ln tin trnh agent hot ng. + Khai bo community-string v quyn truy cp tng ng : bn phi khai bo cc community string v ch ra community no c quyn g (read, write, set). + Khai bo phin bn SNMP : ch nh agent s hot ng bng phin bn SNMP no (v1, v2, v3). Nu agent khng cho php khai bo version th agent ny c th ch h tr SNMPv1. + Khai bo SNMP ACL : ACL cho php ch nhng dy IP no mi c gim st agent. + Khai bo Location, Contact, HostName : y l cc tham s ph, khng quan trng. Cu hnh trn SNMP manager + Khai bo IP ca thit b cn gim st. + Khai bo community-string : community string c khai bo trn manager phi ging nh khai bo trn agent. + Khai bo phin bn SNMP : phin bn m manager s dng gim st phi ging vi phin bn khai bo trn agent. + Chu k ly mu : do SNMP Get/Set s dng phng thc poll nn bn cn khai bo chu k ly thng tin ca manger. Cu hnh Trap trn SNMP agent + + + + Bt tnh nng trap sender. Khai bo a ch IP ca trap receiver. Khai bo community-string ca bn tin trap. Khai bo version ca SNMP trap.

DIP THANH NGUYN, 2010

Trang|

2

SNMP ton tp


Cu hnh Trap trn SNMP Trap Receiver + Bt tnh nng trap receiver. + Khai bo dy a ch IP ca sender m trap receiver s nhn, nhng IP nm ngoi dy ny th trap receiver s khng nhn trap. Tnh nng ny l ty chn, c th nhiu trap receiver khng h tr. + Khai bo b lc kiu trap : y l danh sch cc kiu trap s c hin ra trn mn hnh ca trap receiver. Tnh nng ny cng l ty chn. Cu hnh SNMPv3 + i vi SNMPv3 cc bn s phi cu hnh thm cc thng s : engineId, user, authentiation-type, authen-password, encryption algorithm, encryption key. Trong chng ny chng ta khng kho st cch thc hin vi SNMPv3, chng ta s c mt chng ring v version 3.

3. Gim st router ADSLCu hnh tnh nng SNMP agent cho ADSL Router Dlink DSL-520T Kt ni my tnh ca bn vo mt ADSL Router DLink DSL-520T. Login vo trang web ca modem, chuyn qua tab [Advanced], chn nt [SNMP] vo trang cu hnh SNMP Management. Nhn chn checkbox [Enabled SNMP Agent], cc mc [Name], [Location] v [Contact] l ty chn. Trong phn [Community] nhp community string l public, quyn ReadOnly. Tip theo l cu hnh Trap. Nhp IP my tnh ca bn vo [Destination IP], nhp community cho bn tin trap vo [Trap Community] v chn version ca trap l SNMPv1. Cui cng nhn nt Apply.


Trang|

3

SNMP ton tp


Gim st lu lng bng phn mm SNMP Traffic Monitor SNMP Traffic Monitor l phn mm c tc gi vit demo cho quyn ti liu ny, dng gim st lu lng ca interface bng SNMP. Mc ch ca phn mm ny khng phi l dng trong thc t m l h tr cho cc bn mi tm hiu SNMP mt cng c n gin nht thc tp khi cu hnh SNMP cho thit b. Phn mm v source code c th download ti trang ch ca quyn ti liu ny. Trong chng 5, tc gi s trnh by cch vit phn mm ny. Phn mm ny gip ngi mi lm quen vi SNMP c th s dng nhanh chng. Thc t trong doanh nghip cc bn nn dng nhng phn mm chuyn nghip hn nh PRTG, Solarwinds. Sau khi ci t v khi ng, phn mm c giao din nh sau :

Cch s dng phn mm gim st : + Nhp a ch IP ca thit b cn gim st vo a ch IP + Nhp read-community vo Read community string, gi tr mc nh l public. + Nhn nt Ly thng tin, phn mm s ly v cc thng tin ca thit b, tng s interface (port) ang c v thng tin ca tng interface. + Chn mt interface cn gim st trong danh sch interface. + Chn chu k ly mu. + Nhn nt Bt u gim st, biu lu lng s c v ra bn di, ng mu GREEN l input, BLUE l ouput. V d gim st ADSL Router DLink DSL-520T : + Nhp IP router l 192.168.1.1 + Sau khi nhn Ly thng tin th s xut hin nhiu interface. i vi thit b Dlink DSL-520T c chn lm minh ha th n ch c 1 interface ethernet tn l eth0 (modem 1 port), cn nu bn dng modem 4 port th n s c 4 interface ethernet. Nu bn chn gim st interface ethernet th phn mm s theo di lu lng ca port , cn nu bn chn gim st interface nas0 th phn mm s gim st lu lng ca port adsl (port u ni vi nh cung cp), tc l gim st ton b lu lng ra vo modem. + Chn chu k l 1 giy.DIP THANH NGUYN, 2010 Trang|

4

SNMP ton tp


+ Chn interface nas0 v nht Bt u gim st, lu lng s c v ra. Ch : phn mm s dng SNMPv1, nu thit b ca bn h tr nhiu version th bn phi cu hnh SNMP agent cho php dng v1.

Nhn trap bng phn mm SNMP Trap Receiver SNMP Trap Receiver l phn mm nhn trap SNMPv1 do tc gi vit demo cho quyn ti liu ny. Mc ch ca n cng khng phi l dng trong thc t m l cc bn mi lm quen c c cng c n gin nht c trap ca thit b. Sau khi ci t v khi ng th giao din ca phn mm nh sau :

SNMP Trap Receiver s t ng nhn trap port UDP 162. Cc bn tin trap c gi n my tnh chy SNMP Trap Receiver s c hin ln mn hnh. Ch rng bn ch c th c c d dng cc bn tin trap thuc loi generic v chng c m t trong chun, cn trap loi specific th vn hin ln mn hnh nhng bn s khng hiu c nu khng c ti liu m t ca hng. 5


Trang|

SNMP ton tp


Sau khi bt SNMP Trap Receiver, bn rt dy cp adsl ra khi router DSL-520T th router s gi trap linkDown n my tnh ca bn (ch rt dy adsl ch khng phi dy cp mng). Sau bn cm li cp adsl th router s gi trap linkUp. Hnh di l trap nhn c t con DSL-520T, bn s nhn thy Source IP l 0.0.0.0. iu ny l do trong bn tin trap ca router DSL-520T gi c trng agent-address = 0.0.0.0. y l IP cha trong bn tin trap ch khng phi source IP cha trong bn tin IP. Bn hy tt router v bt li, mt lc sau bn s nhn c trap warmStart bo hiu thit b va khi ng li. Sau cc trap linkUp s xut hin do sau khi khi ng th cc port s chuyn sang trng thi up.

Nu bn nhn chn Nhn trap enterpriseSpecific th phn mm s hin ra cc trap khng chun (do cc hng t nh ngha) v bn cn c ti liu m t mi c th hiu c. VD hnh di l trap ca mt switch Cisco 2950, n gi trap thng bo rng OID x c gi tr l x; bn cn c file mib ca C2950 mi hiu c x l object no v y c ngha l g.


Trang|

6

SNMP ton tp


4. Gim st my ch bng SNMPTrong phn ny bn s thc hin gim st my ch Windows Server 2003 v CentOS 5.x bng phn mm Solarwinds 1. Cu hnh SNMP agent trn h iu hnh Windows 2 Tnh nng SNMP trn HH Windows phi c ci t v cu hnh trc khi bn c th gim st n bng mt phn mm SNMP manager. SNMP Service trn Windows l mt SNMP agent, n s p ng cc request ca phn mm gim st, gip phn mm gim st ly c cc thng tin t mt my ch Windows. ci t dch v SNMP, vo [Add/remove Windows components], chn [Management and Monitoring Tools], click nt [Details]. Trong hp thoi [Management and Monitoring Tools], chn [Simple Network Management Protocol], nhn OK ci t dch v SNMP.

Kim tra li service SNMP phi ang hot ng.

1 2

Trang ch ca Solarwinds : http://www.solarwinds.com Ti liu chnh thc ca Microsoft ti http://support.microsoft.com/kb/324263


Trang|

7

SNMP ton tp


Double click ln SNMP Service vo [SNMP Service Propertites]. Chuyn qua tab [Security]. Groupbox [Accepted community names] l ni bn to cc community, bn hy thm mt read-community string l public. Danh sch Accept SNMP packets from these hosts l ni bn t SNMP ACL, ch cho php mt s SNMP manager no qun l. Chuyn qua tab [Agent]. Chn tt c cc Service c sn (nht l Physical).

Cui cng l cu hnh Trap, chuyn qua tab [Traps], nhp vo community name ca bn tin trap v ni nhn trap.


Trang|

8

SNMP ton tp


Cu hnh SNMP agent trn h iu hnh Linux Trn CentOS, bt dch v snmp agent th bn cn ci t package net-snmp, thc hin c cc phng thc snmp bng dng lnh th bn cn ci t package net-snmp-utils. Phn ny hng dn cch cu hnh snmp agent trn CentOS, cn cch s dng net-snmp-utils th s c trnh by trong chng 3. u tin bn nn kim tra xem cc package c ci t hay cha, trong hnh di l kt qu khi package c ci t.[root@localhost ~]# yum list installed net-snmp net-snmp-utils ... Installed Packages net-snmp.i386 1:5.3.2.2-7.el5_4.2 net-snmp-utils.i386 1:5.3.2.2-7.el5_4.2

installed installed

Nu package cha c ci t, bn c th t ng download v ci t cc package bng lnh yum install (my ch phi c kt ni internet).[root@localhost ~]# yum install net-snmp, net-snmp-utils Loading "installonlyn" plugin Setting up Install Process Setting up repositories Reading repository metadata in from local files Parsing package install arguments Resolving Dependencies ... Installed: net-snmp-utils.i386 1:5.3.2.2-7.el5_4.2 Dependency Installed: net-snmp.i386 1:5.3.2.2-7.el5_4.2 Dependency Updated: net-snmp-libs.i386 1:5.3.2.2-7.el5_4.2 Complete!

Sau khi ci t bn nn khi ng snmpd (snmp agent) m bo bn ci t l tt[root@localhost ~]# service snmpd start Starting snmpd:

[

OK

]

Cu hnh ca snmpd nm trong file /etc/snmp/snmp.conf. Cch cu hnh snmp agent c hng dn ngay trong file ny, bao gm cc bc nh sau : + Bc 1 : Khai bo community-string v nh x n vo mt secutiryName no . + Bc 2 : Khai bo version snmp tng ng vi securityName , nh x vo mt groupName. + Bc 3 : To cc view, cho php bao gm (include) hoc khng gm (exclude) mt nhnh con no trong mib. + Bc 4 : To mt truy cp bng cch gn mt view cho mt groupName.# First, map the community name "public" into a "security name" # sec.name source community com2sec ConfigUser default public # Second, map the security name into a group name: # groupName securityModel securityName group ConfigGroup v1 ConfigUser group ConfigGroup v2c ConfigUser # Third, create a view # name view systemview view systemview for us to let the group have rights to: incl/excl subtree mask(optional) included .1.3.6.1.2.1.1 included .1.3.6.1.2.1.25.1.1

# Finally, grant the group read-only access to the systemview view. # group context sec.model sec.level prefix read write notif access ConfigGroup "" any noauth exact systemview none none


Trang|

9

SNMP ton tp


+ Mc nh sau khi ci t th snmp agent trn my ch CentOS ch cho php 2 view hn ch l : . iso.org.dod.internet.mgmt.mib-2.system (1.3.6.1.2.1.1) 3 . iso.org.dod.internet.mgmt.mib-2.host.hrSystem.hrSystemUptime (1.3.6.1.2.1.25.1.1) 4 + Cc view ny ch cha thng tin dng tn tui ca agent, khng cho php view cc OID cha cc thng tin khc nh thng k lu lng card mng, dung lng cng. cc chng trnh SNMP manager c th ly c cc thng tin khc bn cn sa 2 dng view thnh nh sau :# view view name systemview systemview incl/excl included included subtree .1.3.6.1.2.1 .1.3.6.1.2.1.25 mask(optional)

Sau bn khi ng li snmpd cc thay i c hiu lc[root@localhost ~]# service snmpd restart Stopping snmpd: Starting snmpd:

[ [

OK OK

] ]

Mc ch ca vic thay i ny l t li OID ca view. Ban u server ch cho php view t 1.3.6.1.2.1.1 (iso.org.dod.internet.mgmt.mib-2.system) tr xung, nhnh ny khng cha nhnh iso.org.dod.internet.mgmt.mib-2.if (1.3.6.1.2.1.2) cha cc thng tin v interface (card mng) do manager s khng th ly cc thng tin thng k tc card mng; sau khi sa li thnh 1.3.6.1.2.1 (iso.org.dod.internet.mgmt.mib-2) th view s bt u t nhnh mib-2, tc l bao gm mib-2.if, v manager s ly c cc thng tin thng k. Tng t ta cng t li dng th 2 thnh 1.3.6.1.2.1.25 (iso.org.dod.internet.mgmt.mib-2.host) cho php view tt c cc object t host tr xung, bao gm cc thng tin v Storage, Device, Software. Bn hy dng 1 bao trm dng 2, nh vy bn c th xa dng 2 i cng c. Cui cng l t ch t chy snmpd khi my khi ng[root@localhost ~]# chkconfig snmpd on

Gim st my ch bng phn mm Solarwinds Bn hy ci t Solarwinds gim st cc my ch (cch ci t khng c trnh by y). Sau khi ci t, bn dng chng trnh Orion System Manager ca b Solarwinds add thm cc server cn gim st. Trn giao din ca Orion System Manager, nhn nt Add hin hp thoi Add Device. Nhp IP ca server vo [Hostname or IP Address], chn [SNMP Community String] l public do trc y bn cu hnh server c read-community l public, chn [Node Type] l SNMPv1 hay SNMPv2c u c, sau nhn nt [Next].

3 4

RFC1213 MIB for network management : http://www.ietf.org/rfc/rfc1213.txt RFC2790 Host resources MIB : http://www.ietf.org/rfc/rfc2790.txt


Trang|

10

SNMP ton tp


Solarwinds s tin hnh scan cc ti nguyn trn my ch v hin danh sch cho bn chn. Bn hy chn gim st nhng th mong mun v nhn OK.

Minh ha resource trn server Win2003

Minh ha resource trn server CentOS 5

xem kt qu gim st, bn ng nhp vo trang web qun tr Solarwinds, bn s thy cc server va add. Solarwinds nhn din c cc agent l Windows v net-snmp.


Trang|

11

SNMP ton tp


Click vo server Windows 2003 cn gim st bn s thy Solarwinds hin th thng tin trng thi bao gm tc ca cc card mng, tnh trng chim dng b nh v a.

Click vo server CentOS bn cng c th thy cc thng tin tng t.

Click vo tng card mng hay partition ang c gim st bn s thy nhiu biu khc. Tuy nhin ti liu ny khng phi l ti liu hng dn s dng phn mm nn chng ta s dng y.


Trang|

12

SNMP ton tp


5. Gim st switch bng SNMPTrong phn ny bn s tham kho cch gim st mt switch C2950 bng mt phn mm gim st ph bin khc l PRTG. Ti liu y v ci t, cu hnh v vn hnh PRTG c th tm thy trn trang ch ca sn phm 5. Cu hnh SNMP trn switch Cisco C2950 Khng phi mi switch u c th gim st c qua SNMP. phi l switch h tr SNMP, cc switch bnh thng nh switch phng net thng khng h tr SNMP. Cch cu hnh SNMP agent trn C2950 theo trnh t chung nh phn trn trnh by.C2950#configure terminal C2950(config)#snmp-server C2950(config)#snmp-server C2950(config)#snmp-server C2950(config)#snmp-server C2950(config)#snmp-server

enable enable traps community public ro community private rw host 192.168.1.100 version 1 public

Sau khi cu hnh xong th ta show li ton b cu hnh SMP m bo agent c ci t y .C2950#show snmp Chassis: FOC0833X23A Contact: Location: 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 1 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 1 Trap PDUs SNMP global trap: enabled SNMP logging: enabled Logging to 192.168.1.100.162, 0/10, 1 sent, 0 dropped. SNMP agent enabled

Gim st switch bng phn mm PRTG Gim st my ch khc vi gim st lu lng ca switch hay router. Gim st lu lng l theo di tc , lu lng truyn nhn trn cc cng ca thit b, cn gim st my ch ngoi lu lng cng mng cn c cc thng s CPU, RAM, diskfree. PRTG l phn mm c th gim st cc thit b mng phn cng v cc server. Cch ci t v hng dn s dng y c th tm thy trn trang ch ca PRTG hoc trong rt nhiu ti liu khc trn internet. Trong ti liu ny tc gi ch hng dn mt s bc ti thiu bn c th gim st c mt server. Sau khi ci t PRTG Network Monitor, ta vo phn mm qua giao din web, ng nhp bng account v password mc nh prtgadmin, chuyn qua tab [Devices] v nhn link [+Add Device].

5

Trang ch PRTG : http://www.paessler.com/prtg


Trang|

13

SNMP ton tp


Nhp tn ca my ch cn gim st vo [Device Name], nhp IP ca my ch vo [Ip-Address/DNS Name], chn Automatic device identification (standard, recommended) PRTG t ng d tm thit b SNMP ang c to l g. Nhn nt Continue, PRTG s bt u tin trnh d tm.


Trang|

14

SNMP ton tp


Sau cc ti nguyn c th gim st c s hin ra mn hnh.

hnh trn ta thy PRTG pht hin c 28 object c th gim st. Click vo tn thit b m ra mn hnh gim st, lit k danh sch cc port FastEthernet ca switch v bng thng ang s dng.

Nh bn bit, SNMP manager ch ly c nhng thng tin m SNMP agent cung cp, do khng phi tt c mi th trn my ch u hin ra trn PRTG gim st. Nhiu bn khi cha hiu c ch ca SNMP cho rng PRTG khng gim st c mt ci g trn my ch l do nhc im ca PRTG v mong mun tm kim mt cng c khc hay hn. Thc cht nu agent trn thit b khng h tr thng tin th mi phn mm gim st u khng th ly thng tin .

Tm tt+ Khai bo trn SNMP Agent gm : enabled, read/write community string, snmp version, access list. + Khai bo trn SNMP manager gm : host cn gim st, read/write community string, snmp version, chu k poll. + Khai bo trn Trap Sender gm : enabled, IP ca thit b nhn trap, trap-community string, snmp version. + gim st c my ch Windows cn : ci t SNMP service, t read/write community string, t danh sch cc host c php gi snmp request. + gim st c my ch Linux cn : ci t mt dch v SNMP nh net-snmp, kim tra li cc khai bo trong file /etc/snmp/snmp.conf, m cc view cn thit, t snmpd ch t khi ng. + gim st c mt switch cn : khai bo snmp agent y cc bc trn switch. + PRTG v Solarwinds l cc phn mm gim st SNMP mnh m, Solarwinds thch hp vi mng ln hn.


Trang|

15

snmp toan tap _diep thanh nguyen_ - chuong 2

Documents