- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
04-H3C_EAA典型配置举例
本章节下载: 04-H3C_EAA典型配置举例 (174.59 KB)
H3C EAA典型配置举例
资料版本:6W100-20190330
产品版本:Release 7577P04
|
Copyright © 2019 新华三技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。 除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。 本文档中的信息可能变动,恕不另行通知。 |
目 录
本文档介绍使用EAA的典型配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EAA特性,对于同一需求,Tcl和CLI监控策略的实现效果是一致的,用户可以根据习惯选择任意一种策略。
为设备配置Tcl监控策略,当检测接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,执行如下操作:
· 生成流量超范围的日志。
· 显示当前cpu状态,并保存至文件。
· 显示接口Ten-GigabitEthernet1/0/1状态,并保存至文件。
如果后续入流量大于等于200Mbps时会再次启动监控,当再次检测到接口入流量大于500Mbps时,执行上述操作。
本举例是在S7600X-CMW710-R7577P01版本上进行配置和验证的。
# 使用写字板编辑文件test.tcl,如下:
# 定义监控事件,监控接口为Ten-GigabitEthernet1/0/1,关注入方向流量,当入流量大于等于500Mbps时,执行动作;再次开启轮询的条件为接口流量大于等于200Mbps。
::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op XGE start-val 500000000 restart-op XGE restart-val 200000000 user-role network-admin
# 当监控事件发生时执行动作为:发送优先级为1、设备号为local1、信息为XGE1/0/1 input rate exceeded 500000000bps的日志。
::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
# 创建监控事件的执行动作。
::comware::create-cli
# 当监控事件发生时执行动作为:执行display cpu-usaXGE命令,显示CPU利用率的统计信息,并将信息保存在文件XGE0_info.txt中。
::comware::write-cli cli0 "display cpu-usaXGE >> XGE0_info.txt"
# 当监控事件发生时执行动作为:执行display interface ten-gigabitetherne 1/0/1命令,显示Ten-GigabitEthernet1/0/1当前的运行状态和相关信息,并将信息保存在文件XGE0_info.txt中。
::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"
::comware::write-cli cli0 "end"
# 配置接口Ten-GigabitEthernet1/0/1的IP地址。
<Device> system-view
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] ip address 192.168.100.66 255.255.255.0
[Device-Ten-GigabitEthernet1/0/1] quit
[Device] quit
# 通过TFTP将test.tcl下载到设备上。
<Device> tftp 192.168.100.14 XGEt test.tcl
% Total % Received % Xferd AveraXGE Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 189 100 189 0 0 7900 0 --:--:-- --:--:-- --:--:-- 12600
# 创建并启用Tcl监控策略,并将其和Tcl脚本test.tcl绑定。
<Device> system-view
[Device] rtm tcl-policy test test.tcl
[Device] quit
# 通过display rtm policy registered命令可以看到存在策略名为test,策略类型为Tcl的策略。
<Device> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
TCL INTERFACE May 05 06:46:20 2014 test
# 当检测到接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,查看设备中所有的文件及文件夹信息,存在XGE0_info.txt。
<Device> dir
Directory of cfa0:
0 -rw- 3227 Nov 19 2013 17:28:36 1.cfg
1 -rw- 2296 Apr 26 2013 18:55:08 5660_data.ak
2 -rw- 2304 Apr 26 2013 18:54:56 5660_security.ak
3 -rw- 2298 Apr 26 2013 18:55:16 5660_voice.ak
4 -rw- 3227 Nov 19 2013 17:15:19 STARTUP110.CFG
5 drw- - Mar 10 2013 04:10:10 diagfile
6 -rw- 567 Jul 17 2013 14:25:00 dsakey
7 -rw- 223 Jul 17 2013 14:25:00 ecdsakey
8 -rw- 278 Jul 17 2013 14:25:00 XGE0_info.txt
9 -rw- 735 Jul 17 2013 14:25:00 hostkey
10 -rw- 492 Nov 18 2013 16:40:50 ifindex.dat
11 -rw- 276 Apr 23 2013 19:00:00 lauth.dat
12 drw- - Jul 17 2013 11:26:34 license
13 drw- - Apr 24 2013 12:39:38 logfile
14 -rw- 18839552 Nov 14 2013 16:42:12 msr56-cmw710-boot-r000706.bin
15 -rw- 1150976 Nov 14 2013 16:43:00 msr56-cmw710-data-r000706.bin
16 -rw- 47470592 Nov 14 2013 16:42:24 msr56-cmw710-system-r000706.bin
17 -rw- 2975744 Nov 14 2013 16:42:56 msr56-cmw710-voice-r000706.bin
18 -rw- 70445056 Nov 14 2013 17:41:08 msr56.ipe
19 -rw- 70445056 Nov 14 2013 16:40:00 msr56NN.ipe
20 drw- - Aug 21 2013 16:23:10 pkey
21 -rw- 189 Nov 19 2013 17:49:34 test.tcl
22 drw- - Mar 10 2013 04:10:10 seclog
23 -rw- 591 Jul 17 2013 14:25:00 serverkey
24 -rw- 3227 Nov 18 2013 16:40:50 startup.cfg
507492 KB total (298412 KB free)
# 使用TFTP方式,将XGE0_info.txt文件复制到TFTP服务器上。
<Device> tftp 192.168.100.14 put XGE0_info.txt
# 查看XGE0_info.txt文件,显示包含当前CPU和接口Ten-GigabitEthernet1/0/1状态。
Unit CPU usage:
15% in last 5 seconds
14% in last 1 minute
13% in last 5 minutes
Ten-GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
Internet address: 192.168.100.66/24 (primary)
IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
Loopback is not set
Media type is twisted pair, port hardware type is 1000_BASE_T
Port priority: 0
1000Mbps-speed mode, Full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 9216
Last link flapping: 0 hours 0 minutes 14 seconds
Last clearing of counters: Never
Peak input rate: 4 bytes/sec, at 2017-09-21 15:09:37
Peak output rate: 1 bytes/sec, at 2017-09-21 15:09:37
Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec
Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total): 1703 packets, 2336882000 bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input (normal): 1703 packets, - bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 1706 packets, 2337062000 bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output (normal): 1706 packets, - bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
· test.tcl脚本文本:
::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000 user-role network-admin
::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
::comware::create-cli
::comware::write-cli cli0 "display cpu-usage >> XGE0_info.txt"
::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"
::comware::write-cli cli0 "end"
· Device:
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
ip address 192.168.100.66 255.255.255.0
#
rtm tcl-policy test test.tcl
#
为设备配置Tcl监控策略,当检测接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,执行如下操作:
· 生成流量超范围的日志。
· 显示当前cpu状态,并保存至文件。
· 显示接口Ten-GigabitEthernet1/0/1状态,并保存至文件。
如果后续入流量大于等于200Mbps时会再次启动监控,当再次检测到接口入流量大于500Mbps时,执行上述操作。
本举例是在S7600X-CMW710-R7577P01版本上进行配置和验证的。
· 同一个策略下,只能配置一个触发事件和运行时间。当多次执行event或者running-time命令时,则最近配置并且commit的生效。
· 如果新配置的动作的编号和已有动作的编号相同,则执行commit命令后最近配置生效。
· 给CLI监控策略配置事件、动作、用户角色和运行时间后,必须执行commit命令,该策略才会启用,该策略下的配置才会生效。
# 配置接口Ten-GigabitEthernet1/0/1的IP地址。
<Device> system-view
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] ip address 192.168.100.66 255.255.255.0
[Device-Ten-GigabitEthernet1/0/1] quit
# 创建CLI策略1。
[Device] rtm cli-policy 1
# 配置监控事件,监控接口为Ten-GigabitEthernet1/0/1,当入流量大于等于500Mbps时执行动作;再次开启轮询的条件为接口流量大于等于200Mbps。
[Device-rtm-1] event interface ten-gigabitethernet 1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000
# 当事件发生时,发送优先级为1、日志记录工具为local1、信息为XGE1/0/1 input rate exceeded 500000000bps的日志。
[Device-rtm-1] action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
# 当事件发生时,执行display cpu-usage命令,显示CPU利用率的统计信息,并将信息保存在文件XGE0_info.txt中。
[Device-rtm-1] action 2 cli display cpu-usage >> XGE0_info.txt
# 当事件发生时,执行display interface ten-gigabitetherne 1/0/1命令,显示Ten-GigabitEthernet1/0/1当前的运行状态和相关信息,并将信息保存在文件XGE0_info.txt中。
[Device-rtm-1] action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt
# 配置策略运行时间为30s。
[Device-rtm-1] running-time 30
# 配置执行CLI监控策略1时使用的用户角色为network-admin。
[Device-rtm-1] user-role network-admin
# 启用CLI监控策略1。
[Device-rtm-1] commit
[Device-rtm-1] quit
# 通过display rtm policy registered命令查看,可以看到策略名为1,策略类型为CLI的策略。
<Device> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
CLI INTERFACE May 04 00:12:40 2014 1
# 当检测到接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,查看设备中所有的文件及文件夹信息,存在XGE0_info.txt。
<Device> dir
Directory of cfa0:
0 -rw- 3227 Nov 19 2013 17:28:36 1.cfg
1 -rw- 2296 Apr 26 2013 18:55:08 5660_data.ak
2 -rw- 2304 Apr 26 2013 18:54:56 5660_security.ak
3 -rw- 2298 Apr 26 2013 18:55:16 5660_voice.ak
4 -rw- 3227 Nov 19 2013 17:15:19 STARTUP110.CFG
5 drw- - Mar 10 2013 04:10:10 diagfile
6 -rw- 567 Jul 17 2013 14:25:00 dsakey
7 -rw- 223 Jul 17 2013 14:25:00 ecdsakey
8 -rw- 278 Jul 17 2013 14:25:00 XGE0_info.txt
9 -rw- 735 Jul 17 2013 14:25:00 hostkey
10 -rw- 492 Nov 18 2013 16:40:50 ifindex.dat
11 -rw- 276 Apr 23 2013 19:00:00 lauth.dat
12 drw- - Jul 17 2013 11:26:34 license
13 drw- - Apr 24 2013 12:39:38 logfile
14 -rw- 18839552 Nov 14 2013 16:42:12 msr56-cmw710-boot-r000706.bin
15 -rw- 1150976 Nov 14 2013 16:43:00 msr56-cmw710-data-r000706.bin
16 -rw- 47470592 Nov 14 2013 16:42:24 msr56-cmw710-system-r000706.bin
17 -rw- 2975744 Nov 14 2013 16:42:56 msr56-cmw710-voice-r000706.bin
18 -rw- 70445056 Nov 14 2013 17:41:08 msr56.ipe
19 -rw- 70445056 Nov 14 2013 16:40:00 msr56NN.ipe
20 drw- - Aug 21 2013 16:23:10 pkey
21 -rw- 189 Nov 19 2013 17:49:34 test.tcl
22 drw- - Mar 10 2013 04:10:10 seclog
23 -rw- 591 Jul 17 2013 14:25:00 serverkey
24 -rw- 3227 Nov 18 2013 16:40:50 startup.cfg
507492 KB total (298412 KB free)
# 使用TFTP方式,将XGE0_info.txt文件复制到TFTP服务器上。
<Device> tftp 192.168.100.14 put XGE0_info.txt
# 查看XGE0_info.txt文件,显示包含当前CPU和接口Ten-GigabitEthernet1/0/1状态。
Unit CPU usage:
15% in last 5 seconds
14% in last 1 minute
13% in last 5 minutes
Ten-GigabitEthernet1/0/1
Current state: UP
Line protocol state: UP
Description: Ten-GigabitEthernet1/0/1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Allow jumbo frames to pass
Broadcast max-ratio: 100%
Multicast max-ratio: 100%
Unicast max-ratio: 100%
Internet address: 192.168.100.66/24 (primary)
IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c
Loopback is not set
Media type is twisted pair, port hardware type is 1000_BASE_T
Port priority: 0
1000Mbps-speed mode, Full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
Maximum frame length: 9216
Last link flapping: 0 hours 0 minutes 14 seconds
Last clearing of counters: Never
Peak input rate: 4 bytes/sec, at 2017-09-21 15:09:37
Peak output rate: 1 bytes/sec, at 2017-09-21 15:09:37
Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec
Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total): 1703 packets, 2336882000 bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input (normal): 1703 packets, - bytes
0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles
0 CRC, 0 frame, - overruns, 0 aborts
- ignored, - parity errors
Output (total): 1706 packets, 2337062000 bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output (normal): 1706 packets, - bytes
0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
ip address 192.168.100.66 255.255.255.0
#
rtm cli-policy 1
event interface Ten-GigabitEthernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000
action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"
action 2 cli display cpu-usage >> XGE0_info.txt
action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt
running-time 30
user-role network-admin
#
Device A和Device D、Device E已经建立BGP会话,正常情况下,Device D、Device E发往外网的流量通过Device A转发。现要求实现:当Device A连接Device C的接口Ten-GigabitEthernet1/0/1状态变为Down时,Device A能够自动感知,并禁止和Device D、Device E建立BGP会话,这样,Device D、Device E发往外网的流量可通过Device B转发。
图1 EAA和Track联动配置组网图
本举例是在S7600X-CMW710-R7577P01版本上进行配置和验证的。
# 查看当前的BGP对等体的状态和统计信息。
<DeviceA> display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 3 Peers in established state: 3
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
10.2.1.2 200 13 16 0 0 00:16:12 Established
10.3.1.2 300 13 16 0 0 00:10:34 Established
10.3.2.2 300 13 16 0 0 00:10:38 Established
# 配置Track项监控接口Ten-GigabitEthernet1/0/1的状态。
<DeviceA> system-view
[DeviceA] track 1 interface ten-gigabitethernet 1/0/1
# 配置Tcl监控策略,当Ten-GigabitEthernet1/0/1状态变为Down之后,Device A能够自动感知,并禁止和Device D、Device E建立BGP会话。
[DeviceA] rtm cli-policy test
[DeviceA-rtm-test] event track 1 state negative
[DeviceA-rtm-test] action 0 cli system-view
[DeviceA-rtm-test] action 1 cli bgp 100
[DeviceA-rtm-test] action 2 cli peer 10.3.1.2 ignore
[DeviceA-rtm-test] action 3 cli peer 10.3.2.2 ignore
[DeviceA-rtm-test] user-role network-admin
[DeviceA-rtm-test] commit
[DeviceA-rtm-test] quit
# 将Ten-GigabitEthernet1/0/1关闭。
[DeviceA] interface ten-gigabitethernet 1/0/1
[H3C-Ten-GigabitEthernet1/0/1] shutdown
# 查看BGP对等体的状态和统计信息,会显示BGP对等体数量为0。
<DeviceA> display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 0 Peers in established state: 0
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
#
rtm cli-policy test
event track 1 state negative
action 0 cli system-view
action 1 cli bgp 100
action 2 cli peer 10.3.1.2 ignore
action 3 cli peer 10.3.2.2 ignore
user-role network-operator
user-role network-admin
#
track 1 interface ten-gigabitethernet 1/0/1
#
· H3C S7600-X系列以太网交换机 网络管理和监控配置指导-R757X
· H3C S7600-X系列以太网交换机 网络管理和监控命令参考-R757X
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
