- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
04-H3C_EAA典型配置舉例
本章節下載: 04-H3C_EAA典型配置舉例 (226.63 KB)
資料版本:6W100-20200330
產品版本:Release 7585P05
|
Copyright © 2020 bobty下载软件 版權所有,保留一切權利。 非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。 除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。 本文檔中的信息可能變動,恕不另行通知。 |
目 錄
本文檔介紹使用EAA的典型配置舉例。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解EAA特性,對於同一需求,Tcl和CLI監控策略的實現效果是一致的,用戶可以根據習慣選擇任意一種策略。
為設備配置Tcl監控策略,當檢測接口Ten-GigabitEthernet1/0/1入流量值大於等於500Mbps時,執行如下操作:
· 生成流量超範圍的日誌。
· 顯示當前cpu狀態,並保存至文件。
· 顯示接口Ten-GigabitEthernet1/0/1狀態,並保存至文件。
如果後續入流量大於等於200Mbps時會再次啟動監控,當再次檢測到接口入流量大於500Mbps時,執行上述操作。
# 使用寫字板編輯文件test.tcl,如下:
# 定義監控事件,監控接口為Ten-GigabitEthernet1/0/1,關注入方向流量,當入流量大於等於500Mbps時,執行動作;再次開啟輪詢的條件為接口流量大於等於200Mbps。
::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op XGE start-val 500000000 restart-op XGE restart-val 200000000 user-role network-admin
# 當監控事件發生時執行動作為:發送優先級為1、設備號為local1、信息為XGE1/0/1 input rate exceeded 500000000bps的日誌。
::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
# 創建監控事件的執行動作。
::comware::create-cli
# 當監控事件發生時執行動作為:執行display cpu-usaXGE命令,顯示CPU利用率的統計信息,並將信息保存在文件XGE0_info.txt中。
::comware::write-cli cli0 "display cpu-usaXGE >> XGE0_info.txt"
# 當監控事件發生時執行動作為:執行display interface ten-gigabitetherne 1/0/1命令,顯示Ten-GigabitEthernet1/0/1當前的運行狀態和相關信息,並將信息保存在文件XGE0_info.txt中。
::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"
::comware::write-cli cli0 "end"
# 配置接口Ten-GigabitEthernet1/0/1的IP地址。
<Device> system-view
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] ip address 192.168.100.66 255.255.255.0
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] quit
# 通過TFTP將test.tcl下載到設備上。
<Device> tftp 192.168.100.14 XGEt test.tcl
% Total % Received % Xferd AveraXGE Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 189 100 189 0 0 7900 0 --:--:-- --:--:-- --:--:-- 12600
# 創建並啟用Tcl監控策略,並將其和Tcl腳本test.tcl綁定。
<Device> system-view
[Device] rtm tcl-policy test test.tcl
[Device] quit
# 通過display rtm policy registered命令可以看到存在策略名為test,策略類型為Tcl的策略。
<Device> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
TCL INTERFACE May 05 06:46:20 2019 test
# 當檢測到接口Ten-GigabitEthernet1/0/1入流量值大於等於500Mbps時,查看設備中所有的文件及文件夾信息,存在XGE0_info.txt。
<Device> dir
Directory of cfa0:
0 -rw- 3227 Nov 19 2019 17:28:36 1.cfg
1 -rw- 2296 Apr 26 2019 18:55:08 5660_data.ak
2 -rw- 2304 Apr 26 2019 18:54:56 5660_security.ak
3 -rw- 2298 Apr 26 2019 18:55:16 5660_voice.ak
4 -rw- 3227 Nov 19 2019 17:15:19 STARTUP110.CFG
5 drw- - Mar 10 2019 04:10:10 diagfile
6 -rw- 567 Jul 17 2019 14:25:00 dsakey
7 -rw- 223 Jul 17 2019 14:25:00 ecdsakey
8 -rw- 278 Jul 17 2019 14:25:00 XGE0_info.txt
9 -rw- 735 Jul 17 2019 14:25:00 hostkey
10 -rw- 492 Nov 18 2019 16:40:50 ifindex.dat
11 -rw- 276 Apr 23 2019 19:00:00 lauth.dat
12 drw- - Jul 17 2019 11:26:34 license
13 drw- - Apr 24 2019 12:39:38 logfile
14 -rw- 18839552 Nov 14 2019 16:42:12 msr56-cmw710-boot-r000706.bin
15 -rw- 1150976 Nov 14 2019 16:43:00 msr56-cmw710-data-r000706.bin
16 -rw- 47470592 Nov 14 2019 16:42:24 msr56-cmw710-system-r000706.bin
17 -rw- 2975744 Nov 14 2019 16:42:56 msr56-cmw710-voice-r000706.bin
18 -rw- 70445056 Nov 14 2019 17:41:08 msr56.ipe
19 -rw- 70445056 Nov 14 2019 16:40:00 msr56NN.ipe
20 drw- - Aug 21 2019 16:23:10 pkey
21 -rw- 189 Nov 19 2019 17:49:34 test.tcl
22 drw- - Mar 10 2019 04:10:10 seclog
23 -rw- 591 Jul 17 2019 14:25:00 serverkey
24 -rw- 3227 Nov 18 2019 16:40:50 startup.cfg
507492 KB total (298412 KB free)
# 使用TFTP方式,將XGE0_info.txt文件複製到TFTP服務器上。
<Device> tftp 192.168.100.14 put XGE0_info.txt
# 查看XGE0_info.txt文件,顯示包含當前CPU和接口Ten-GigabitEthernet1/0/1狀態。
Unit CPU usage:
15% in last 5 seconds
14% in last 1 minute
13% in last 5 minutes
Ten-GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
Internet address: 192.168.100.66/24 (primary)
IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
Loopback is not set
Media type is twisted pair, port hardware type is 1000_BASE_T
Port priority: 0
1000Mbps-speed mode, Full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 9216
Last link flapping: 0 hours 0 minutes 14 seconds
Last clearing of counters: Never
Peak input rate: 4 bytes/sec, at 2019-09-21 15:09:37
Peak output rate: 1 bytes/sec, at 2019-09-21 15:09:37
Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec
Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total): 1703 packets, 2336882000 bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input (normal): 1703 packets, - bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 1706 packets, 2337062000 bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output (normal): 1706 packets, - bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
· test.tcl腳本文本:
::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000 user-role network-admin
::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
::comware::create-cli
::comware::write-cli cli0 "display cpu-usage >> XGE0_info.txt"
::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"
::comware::write-cli cli0 "end"
· Device:
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
ip address 192.168.100.66 255.255.255.0
#
rtm tcl-policy test test.tcl
#
為設備配置Tcl監控策略,當檢測接口Ten-GigabitEthernet1/0/1入流量值大於等於500Mbps時,執行如下操作:
· 生成流量超範圍的日誌。
· 顯示當前cpu狀態,並保存至文件。
· 顯示接口Ten-GigabitEthernet1/0/1狀態,並保存至文件。
如果後續入流量大於等於200Mbps時會再次啟動監控,當再次檢測到接口入流量大於500Mbps時,執行上述操作。
· 同一個策略下,隻能配置一個觸發事件和運行時間。當多次執行event或者running-time命令時,則最近配置並且commit的生效。
· 如果新配置的動作的編號和已有動作的編號相同,則執行commit命令後最近配置生效。
· 給CLI監控策略配置事件、動作、用戶角色和運行時間後,必須執行commit命令,該策略才會啟用,該策略下的配置才會生效。
# 配置接口Ten-GigabitEthernet1/0/1的IP地址。
<Device> system-view
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] ip address 192.168.100.66 255.255.255.0
[Device-Ten-GigabitEthernet1/0/1] quit
# 創建CLI策略1。
[Device] rtm cli-policy 1
# 配置監控事件,監控接口為Ten-GigabitEthernet1/0/1,當入流量大於等於500Mbps時執行動作;再次開啟輪詢的條件為接口流量大於等於200Mbps。
[Device-rtm-1] event interface ten-gigabitethernet 1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000
# 當事件發生時,發送優先級為1、日誌記錄工具為local1、信息為XGE1/0/1 input rate exceeded 500000000bps的日誌。
[Device-rtm-1] action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
# 當事件發生時,執行display cpu-usage命令,顯示CPU利用率的統計信息,並將信息保存在文件XGE0_info.txt中。
[Device-rtm-1] action 2 cli display cpu-usage >> XGE0_info.txt
# 當事件發生時,執行display interface ten-gigabitetherne 1/0/1命令,顯示Ten-GigabitEthernet1/0/1當前的運行狀態和相關信息,並將信息保存在文件XGE0_info.txt中。
[Device-rtm-1] action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt
# 配置策略運行時間為30s。
[Device-rtm-1] running-time 30
# 配置執行CLI監控策略1時使用的用戶角色為network-admin。
[Device-rtm-1] user-role network-admin
# 啟用CLI監控策略1。
[Device-rtm-1] commit
[Device-rtm-1] quit
# 通過display rtm policy registered命令查看,可以看到策略名為1,策略類型為CLI的策略。
<Device> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
CLI INTERFACE May 04 00:12:40 2019 1
# 當檢測到接口Ten-GigabitEthernet1/0/1入流量值大於等於500Mbps時,查看設備中所有的文件及文件夾信息,存在XGE0_info.txt。
<Device> dir
Directory of cfa0:
0 -rw- 3227 Nov 19 2019 17:28:36 1.cfg
1 -rw- 2296 Apr 26 2019 18:55:08 5660_data.ak
2 -rw- 2304 Apr 26 2019 18:54:56 5660_security.ak
3 -rw- 2298 Apr 26 2019 18:55:16 5660_voice.ak
4 -rw- 3227 Nov 19 2019 17:15:19 STARTUP110.CFG
5 drw- - Mar 10 2019 04:10:10 diagfile
6 -rw- 567 Jul 17 2019 14:25:00 dsakey
7 -rw- 223 Jul 17 2019 14:25:00 ecdsakey
8 -rw- 278 Jul 17 2019 14:25:00 XGE0_info.txt
9 -rw- 735 Jul 17 2019 14:25:00 hostkey
10 -rw- 492 Nov 18 2019 16:40:50 ifindex.dat
11 -rw- 276 Apr 23 2019 19:00:00 lauth.dat
12 drw- - Jul 17 2019 11:26:34 license
13 drw- - Apr 24 2019 12:39:38 logfile
14 -rw- 18839552 Nov 14 2019 16:42:12 msr56-cmw710-boot-r000706.bin
15 -rw- 1150976 Nov 14 2019 16:43:00 msr56-cmw710-data-r000706.bin
16 -rw- 47470592 Nov 14 2019 16:42:24 msr56-cmw710-system-r000706.bin
17 -rw- 2975744 Nov 14 2019 16:42:56 msr56-cmw710-voice-r000706.bin
18 -rw- 70445056 Nov 14 2019 17:41:08 msr56.ipe
19 -rw- 70445056 Nov 14 2019 16:40:00 msr56NN.ipe
20 drw- - Aug 21 2019 16:23:10 pkey
21 -rw- 189 Nov 19 2019 17:49:34 test.tcl
22 drw- - Mar 10 2019 04:10:10 seclog
23 -rw- 591 Jul 17 2019 14:25:00 serverkey
24 -rw- 3227 Nov 18 2019 16:40:50 startup.cfg
507492 KB total (298412 KB free)
# 使用TFTP方式,將XGE0_info.txt文件複製到TFTP服務器上。
<Device> tftp 192.168.100.14 put XGE0_info.txt
# 查看XGE0_info.txt文件,顯示包含當前CPU和接口Ten-GigabitEthernet1/0/1狀態。
Unit CPU usage:
15% in last 5 seconds
14% in last 1 minute
13% in last 5 minutes
Ten-GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
Internet address: 192.168.100.66/24 (primary)
IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
Loopback is not set
Media type is twisted pair, port hardware type is 1000_BASE_T
Port priority: 0
1000Mbps-speed mode, Full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 9216
Last link flapping: 0 hours 0 minutes 14 seconds
Last clearing of counters: Never
Peak input rate: 4 bytes/sec, at 2019-09-21 15:09:37
Peak output rate: 1 bytes/sec, at 2019-09-21 15:09:37
Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec
Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total): 1703 packets, 2336882000 bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input (normal): 1703 packets, - bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 1706 packets, 2337062000 bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output (normal): 1706 packets, - bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
ip address 192.168.100.66 255.255.255.0
#
rtm cli-policy 1
event interface Ten-GigabitEthernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000
action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
action 2 cli display cpu-usage >> XGE0_info.txt
action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt
running-time 30
user-role network-admin
#
Device A和Device D、Device E已經建立BGP會話,正常情況下,Device D、Device E發往外網的流量通過Device A轉發。現要求實現:當Device A連接Device C的接口Ten-GigabitEthernet1/0/1狀態變為Down時,Device A能夠自動感知,並禁止和Device D、Device E建立BGP會話,這樣,Device D、Device E發往外網的流量可通過Device B轉發。
圖1 EAA和Track聯動配置組網圖
# 查看當前的BGP對等體的狀態和統計信息。
<DeviceA> display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 3 Peers in established state: 3
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.2.1.2 200 13 16 0 0 00:16:12 Established
10.3.1.2 300 13 16 0 0 00:10:34 Established
10.3.2.2 300 13 16 0 0 00:10:38 Established
# 配置Track項監控接口Ten-GigabitEthernet1/0/1的狀態。
<DeviceA> system-view
[DeviceA] track 1 interface ten-gigabitethernet 1/0/1
# 配置Tcl監控策略,當Ten-GigabitEthernet1/0/1狀態變為Down之後,Device A能夠自動感知,並禁止和Device D、Device E建立BGP會話。
[DeviceA] rtm cli-policy test
[DeviceA-rtm-test] event track 1 state negative
[DeviceA-rtm-test] action 0 cli system-view
[DeviceA-rtm-test] action 1 cli bgp 100
[DeviceA-rtm-test] action 2 cli peer 10.3.1.2 ignore
[DeviceA-rtm-test] action 3 cli peer 10.3.2.2 ignore
[DeviceA-rtm-test] user-role network-admin
[DeviceA-rtm-test] commit
[DeviceA-rtm-test] quit
# 將Ten-GigabitEthernet1/0/1關閉。
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] shutdown
# 查看BGP對等體的狀態和統計信息,會顯示BGP對等體數量為0。
<DeviceA> display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 0 Peers in established state: 0
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
#
rtm cli-policy test
event track 1 state negative
action 0 cli system-view
action 1 cli bgp 100
action 2 cli peer 10.3.1.2 ignore
action 3 cli peer 10.3.2.2 ignore
user-role network-operator
user-role network-admin
#
track 1 interface ten-gigabitethernet 1/0/1
#
· H3C S10500係列以太網交換機 網絡管理和監控配置指導-R758X
· H3C S10500係列以太網交換機 網絡管理和監控命令參考-R758X
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
