扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
作者:zdnet安全频道 来源:论坛整理 2008年10月17日
关键字: 静态路由
防火墙
外网接口192.168.2.2/29
内网:10.20.1.250/16
由于主干链路采用静态路由,同时光线与路由器外网接口之间还有光电转换设备,所以即使光线中断,路由器端的外网接口物理链路也不会报告错误。于是一些常用的方法例如:backup interface,watch group等都不启作用。最后还是想到了利用两条静态路由的不同metric值来定义备份链路,同时在主链路故障时,手动将FastEthernet0/0端口shutdown。要完成以上工作,靠人工监控很难做到即时有效。于是设计如下脚本,在windows中设置计划任务,每15分钟执行一次。基本思想就是每15分钟ping 外网网关:218.25.158.1,如果正常,则在日志文件中添加一个时间纪录,如果不正常,再ping 路由器的内网接口:192.168.2.1 如果通,则表明骨干链路故障,执行telnet路由器的批处理,shutdown FastEthernet0/0 ,同时发送邮件给网管,提示故障是主链路故障;如果不通,则表明是内网自身问题,可能是防火墙或者路由器故障,则直接发送邮件给网管。
路由器的配置就不给出了,只要配置两条不同metric的静态路由即可。比较有借鉴意义的是通过脚本登录路由器并进行相关配置和通过脚本运行一些windows命令,例如ping,这些对我们日常网管还是非常有用的
网络拓扑:
Monitor.vbs 每15分钟运行一次
Set FileSys = CreateObject("Scripting.FileSystemObject")
Set WShShell = CreateObject("WScript.Shell")
RetCode = WShShell.Run("ping " &"218.25.158.1" , 0, True ) 'ping外网网关
if RetCode <> 0 Then ' ping 测试未通过
RetCode = WShShell.Run("ping " &"192.168.2.1" , 0, True ) 'ping路由器内网ip
if RetCode <> 0 Then '如果还ping不通
RetCode = WShShell.Run("sendmail2.vbs") '网络内部故障,发送相关邮件
else
RetCode = WShShell.Run("temp.bat")
RetCode = WShShell.Run("sendmail.vbs") '否则运行批处理并发送相关邮件
end if
else 'ping 外网网关通过,则每天形成一个日志文档,文档内容为每次脚本运行的时间
dim path,file,fso,ctf,str,strhtml,strnohtml
Set fso = CreateObject("Scripting.FileSystemObject")
Set CTF = FSO.OpenTextFile("network_"&date()&".txt",8,true,0)
ctf.writeline(now())
ctf.close
end if
temp.bat
@ECHO OFF
:: Create SendKeys script
ECHO.set sh=WScript.CreateObject("WScript.Shell")>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
:: Send “open” for Connect and wait 1 second
ECHO.sh.SendKeys "%%open " >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
:: Send R for sub-item Remote system
::ECHO.sh.SendKeys "R" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
:: Send Host Name
ECHO.sh.SendKeys "192.168.2.1" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
:: Send the key of “enter” to press Connect button
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "the password of vty" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "enable" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "the password of enable" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "conf t" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
:: del the static nat
ECHO.sh.SendKeys "no ip nat insi sour stat 192.168.2.3 218.25.158.28" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "no ip nat insi sour stat 192.168.2.4 218.25.158.29" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "int fa0/0" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "shut" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "exit" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "exit" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "exit" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
ECHO.WScript.Sleep 1000 >>_TEMP.VBS
ECHO.sh.SendKeys "quit" >>_TEMP.VBS
ECHO.sh.SendKeys "{enter}" >>_TEMP.VBS
:: Open a Telnet window - it will be the window with focus
start /B TELNET.EXE
:: Run the script to send keys to Telnet window
cscript//nologo _TEMP.VBS
:: Clear away workfile
del _temp.vbs
exit
sendmail.vbs
Set objMail = CreateObject("CDO.Message")
Set objConfig = CreateObject ("CDO.Configuration")
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mail.aaa.com" 'mail.aaa.com 为smtp服务器
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "networkerror@aaa.com" '发送者账号
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "******" '发送者密码
objConfig.Fields("http://schemas.microsoft.com/cdo/configuration/languagecode") = "0x0804"
objConfig.Fields.Update()
Set objMail.Configuration = objConfig
objMail.Subject = "network error"
objMail.From = chr(34) & "networkerror" & chr(34) & "networkerror@beiliang.com"
objMail.To = "networkerror@aaa.com" '接受者邮箱
objMail.HTMLBody = "Now pinging 192.168.2.1 is ok,but pinging 218.25.158.1 is not ok!!!"
'objMail.AddAttachment(http://xxxxxx/xxxx.xxx) '或者其他任何正确的url,包括http,ftp,file等等。
objMail.Send
sendmail2.vbs 参照sendmail.vbs 即可,这里就不给了。
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者