This is an old revision of the document!
ntp server 172.16.1.254 clock timezone MSK 3 service timestamps log datetime localtime
no ip http server
no access-list 1 ! access-list 1 permit host 192.168.X.101 access-list 1 permit host 192.168.X.10 access-list 1 deny any line vty 0 15 ! no login ! for no password access ! privilege level 15 access-class 1 in end
Вариант 1
ip domain-name corpX.un crypto key generate rsa general-keys modulus 1024 ip ssh version 2 username root privilege 15 secret cisco line vty 0 4 login local transport input ssh
Вариант 2
crypto key generate rsa label MY_KEYS modulus 1024 ip ssh rsa keypair-name MY_KEYS
ip scp server enable
root@helper:~# cat .ssh/id_rsa.pub
...
!!! Разбить вывод на несколько строк !!!
ip ssh pubkey-chain username rancid key-string ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9KLTWwi8BTLMW6r79wgrfXrUOwai/smc ... 36w0k+JeK/WqJr5X80yX7fLbP root@helper exit exit exit
ip rcmd rcp-enable ip rcmd rsh-enable
ip rcmd remote-host root server root enable ip rcmd remote-host mrtg server mrtg enable ip rcmd remote-host nagios server nagios enable ip rcmd remote-host zabbix server zabbix enable
router# terminal monitor
router(config)# logging console
router(config)#logging facility local0 router(config)#logging host server
router(config)# snmp-server community public RO
switch(config)# snmp-server community write RW
switch(config)# snmp-server host server writetrap
switch(config)# snmp-server enable traps snmp linkdown linkup
Определение OID (таблица соответствий имен переменных их числовым значениям в оборудовании может быть не полной)
server# snmptranslate .1.3.6.1.2.1.2.2.1 IF-MIB::ifEntry server# snmptranslate -Tp .1.3.6.1.2.1.2.2.1 server# snmptranslate .1.3.6.1.2.1.2.2.1.10 IF-MIB::ifInOctets server# snmpwalk -c public -v2c router ifDescr ... IF-MIB::ifDescr.2 = STRING: FastEthernet1/0 ... server# snmpget -c public -v2c router ifEntry.10.2 server# snmpget -c public -v2c router ifInOctets.2
Настройка router:
snmp-server host server writetrap rmon event 111 log trap writetrap description "Change bandwith" rmon alarm 222 ifEntry.10.2 10 delta rising-threshold 10000 111 falling-threshold 10000 111
Коментарии:
Тестирование:
C:\>ping -n 1000 -l 1500 -w 1 172.16.1.254 server# tail -f /tmp/traps
rmon event 4 log trap public description "Cpu hight load" rmon alarm 8 .1.3.6.1.4.1.9.2.1.56.0 10 absolute rising-threshold 80 4 falling-threshold 6 20