《网络设备巡检报告模板(共27页).doc》由会员分享,可在线阅读,更多相关《网络设备巡检报告模板(共27页).doc(27页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、精选优质文档-倾情为你奉上大地保险内蒙古分公司网络巡检报告Version 呼和浩特智安科技有限责任公司巡检人员日期20 年 月 日网络巡检项目网络拓扑、拓扑分析、拓扑建议网络带宽、链路类型、链路信息网络设备信息、设备品牌、设备型号、设备放置、设备性能参数、设备内存大小、设备槽位、设备序列号、设备购买年限、设备保修状态、设备备件状况、设备标签完善程度网络设备软件版本信息、当前IOS版本信息、最新IOS版本信息、设备持续运行时间、设备IOS备份情况、设备CPU利用率、设备内存利用率、设备模块运行状态、设备风扇及电源状况、设备端口数量、设备端口类别、设备端口类型、设备运行机箱温度设备连通性、冗余协议
2、运行状态、VLAN信息、以太通道信息、路由协议、邻居关系、交换协议、生成树STP协议、NAT连接数状态、FLASH信息、设备配置信息分析、多余配置信息分析、配置精简建议、IOS安全建议、防火墙信息、防火墙策略、防火墙DMZ区检查、防火墙Xlate状态、应用业务、IP地址使用状况简单机房环境检查检查指导检查设备IOS软件版本编号:C-A-01检查项目:cisco设备IOS软件版本检查命令:CISCO#show version检查期待结果:同合同备注:主要显示IOS的版本、路由器持续运行的时间约、最近一次重启动的原因、路由器主存的大小、共享存储器的大小、闪存的大小、IOS映像的文件名,以及路由器I
3、OS从何处启动等信息。show version命令显示了路由器的许多非常有用的信息检查范例:(由于现实内容过多,这里只截取部分)可把实际配置贴此处Cisco Internetwork Operating System Software IOS (tm) s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version (18)SXF15, RELEASE SOFTWARE (fc1)Technical Support: (c) 1986-2008 by cisco Systems, Inc.Compiled Sat 30-Aug-08 00:
4、00 by kellythwImage text-base: 0x, data-base: 0x42DD04B0检查结果:正常 不正常检查设备持续运行时间编号:C-A-02检查项目:cisco设备持续运行时间检查命令:CISCO#show version检查期待结果:一般情况下网络设备在网络上线后不会中断。备注:如果设备uptime时间比较短,一定在利用show version命令查看设备最近一次重启动的时间和原因,便于分析各种潜在风险。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_1 uptime is 1 year, 22 weeks, 4 days, 17 hours
5、, 2 minutesTime since ksy_c6509_1 switched to active is 1 year, 22 weeks, 4 days, 17 hours, 1 minuteSystem returned to ROM by reload at 08:57:57 PST Tue Feb 5 2008 (SP by reload)System restarted at 12:19:06 UTC Wed Oct 15 2008System image file is sup-bootdisk:/检查结果:正常 不正常设备CPU利用率情况检查编号:C-A-03检查项目:ci
6、sco设备CPU利用率情况检查 检查命令:CISCO#show processes cpu CISCO#show processes cpu history检查期待结果:CPU利用率平均值50%;最大值2M ,Free memory 2*largest(b), i/o free memory 2M备注:show memory显示了存储器的一般信息,它表明系统可用的内存。同时它还显示内存中有没有碎片,内存碎片表明内存被划分为了许多不连续的块。它将导致内存的利用率降低,严重时可能产生内存错误从而也严重影响路由器的性能。 如下例,此时我们有足够多的可用内存(兆),但是其中最大的块为兆。说明连续内存中
7、还有足够大的可用块。路由器中存在一定数量的内存碎片是正常的。虽然并没有一个很严格的界限来划分内存碎片的可接受程度,但是可用块的大小至少应该不小于可用内存的一半。否则,有可能导致严重的内存分配问题。这些问题有时表现为一个或多个接口间歇性的丢失报文,此例中可用块大于可用内存312兆字节的一半156兆,内存处于正常状态。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_1#show memory summary Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)Processor 44B0B830 8 2 8 8 I/O 检查结果:正
8、常 不正常设备系统模块运行状况检查编号:C-A-05检查项目:cisco设备模块运行状况检查 检查命令:CISCO#show module检查期待结果:所有模块运行OK备注:此命令还可以看到设备各个模块的SN号及各个设备模块的型号。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_1#show module Mod Ports Card Type Model Serial No.- - - - - 1 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL1213KCUP 2 24 CEF720 24 port 1
9、000mb SFP WS-X6724-SFP SLA11509Y03 3 6 Firewall Module WS-SVC-FWM-1 SADWP 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B JAF1201AHHRMod MAC addresses Hw Fw Sw Status- - - - - - 1 to (14r)S5 (18)SXF1 Ok 2 to (18r)S1 (18)SXF1 Ok 3 to (1) (2) Ok 5 to (2) (18)SXF1 OkMod Sub-Module Model Serial Hw Statu
10、s - - - - - - 1 Centralized Forwarding Card WS-F6700-CFC SAL1213K3XH Ok 2 Centralized Forwarding Card WS-F6700-CFC SAL11455X9M Ok 5 Policy Feature Card 3 WS-F6K-PFC3B JAF1202AKTB Ok 5 MSFC3 Daughterboard WS-SUP720 JAF1202ACCD Ok检查结果:正常 不正常设备电源及风扇检查编号:C-A-06检查项目:cisco设备系统电源及风扇检查 检查命令: CISCO#show envi
11、ronment status Cisco#show power Cisco# show power status fan-tray Cisco#show environment all检查期待结果:电源及风扇运行正常备注:对于思科的交换机与路由器命令可能会不大相同,此外命令show power还能看到电源的冗余状态(对于有两个或两个以上电源的设备),电源冗余状态有两种模式: redundant(冗余)与combined(组合)。根据用户实际网络环境与设备负载模块的数量决定电源模式。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show environment statu
12、sfan-tray 1: fan-tray 1 type: WS-C6509-E-FAN fan-tray 1 mode: Restricted-power fan-tray 1 fan-fail: OKpower-supply 1: power-supply 1 fan-fail: OK power-supply 1 power-input: AC high power-supply 1 power-output-mode: high power-supply 1 power-output-fail: OK检查结果:正常 不正常设备运行温度检查编号:C-A-07检查项目:cisco设备运行检
13、查 检查命令:CISCO#show environment status检查期待结果: 设备内部各部分工作温度小于45摄氏度检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show environment temperature all VTT 1 outlet temperature: 28C VTT 2 outlet temperature: 30C VTT 3 outlet temperature: 26C检查结果:正常 不正常设备系统LOG日志检查编号:C-A-08检查项目:cisco设备系统LOG日志检查 检查命令:CISCO#show logging备注: 如
14、果有SYSLOG日志服务器可以更好的分析日志的时间及错误级别。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2# show loggingLog Buffer (8192 bytes):NDBY-6-STATECHANGE: Vlan140 Group 140 state Active - Init2w6d: %STANDBY-6-STATECHANGE: Vlan150 Group 150 state Active - Init2w6d: %STANDBY-6-STATECHANGE: Vlan251 Group 210 state Active - Init2w6d:
15、%STANDBY-6-STATECHANGE: Vlan100 Group 100 state Standby - Active有无异常日志:有 没有设备冗余协议检查编号:C-B-01检查项目:HSRP、VRRP、GLBP热备协议检查检查命令:CISCO#show standby brief Cisco#show standby all Cisco# show standby (以HSRP协议为例,其他协议原理基本上差不多)检查期待结果:主备用状态正常备注: 检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show standby brief P indicates co
16、nfigured to preempt. |Interface Grp Prio P State Active addr Standby addr Group addr Vl1 1 100 P Standby local 2 100 P Standby local 3 100 P Standby local standby Vlan1 - Group 1 Local state is Standby, priority 100, may preempt Hellotime 3 sec, holdtime 10 sec Next hello sent in Virtual IP address
17、is configured Active router is priority 120 expires in Standby router is local 63 state changes, last state change 1w3d IP redundancy name is hsrp-Vl1-1 (default)检查结果:正常 不正常VLAN状态检查编号:C-B-02检查项目:VLAN状态检查检查命令:CISCO#show vlan检查期待结果: Vlan名称、标示符合设计要求,vlan里所含端口符合设计检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show
18、vlanVLAN Name Status Ports- - - -1 default active Gi1/7, Gi1/8, Gi1/34, Gi1/42, Gi1/46, Gi2/8 Gi2/9, Gi2/10, Gi2/11, Gi2/12, Gi2/13 Gi2/14, Gi2/15, Gi2/16, Gi2/17, Gi2/18 Gi2/19, Gi2/20, Gi2/21, Gi2/222 VLAN0002 active Gi1/1, Gi1/2, Gi1/19, Gi1/20, Gi1/23 Gi1/24, Gi1/25, Gi1/26, Gi1/27, Gi1/28 Gi1/4
19、03 VLAN0003 active Gi1/3, Gi1/44 VLAN0004 active Gi1/5, Gi1/6检查结果:正常 不正常EtherChannel检查编号:C-B-03检查项目:EtherChannel检查检查命令:CISCO#show etherchannel port-channel检查期待结果: 显示正确的etherchannel数量及每个etherchannel 包含应有的端口备注: show etherchannel port-channel 显示本交换机中含有的portchannl的情况,具体查看每个portchannel的状态使用show int port-
20、channel n检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show etherchannel port-channel Channel-group listing: -Group: 1 - Port-channels in the group: -Port-channel: Po1Ports in the Port-channel: Index Load Port EC state No of bits-+-+-+-+- 1 55 Gi5/1 On 4 0 AA Gi5/2 On 4检查结果:正常 不正常trunk检查编号:C-B-04检查项目:trunk检查检查
21、命令:CISCO#show interface trunk检查期待结果: trunk正常备注:命令显示trunk信息,其中port是指参与trunk的端口,应与设计相符,mode应为on模式,status 状态为trunking, 同时对于每个trunk端口,正在trunking的vlan应与设计相符检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show interfaces trunk Port Mode Encapsulation Status Native vlanGi2/1 on trunking 1Gi2/2 on trunking 1Gi2/3 on tru
22、nking 1Gi2/4 on trunking 1Gi2/5 on trunking 1Gi2/6 on trunking 1Gi2/7 on trunking 1Po1 on trunking 1Port Vlans allowed on trunkGi2/1 1-4094Gi2/2 1-4094Gi2/3 1-4094Gi2/4 1-4094Gi2/5 1-4094Gi2/6 1-4094Gi2/7 1-4094Po1 1-4094Port Vlans allowed and active in management domainGi2/1 1-15,20,100-112,120,130
23、-132,140,150,251,253-254,430Gi2/2 1-15,20,100-112,120,130-132,140,150,251,253-254,430Po1 1-15,20,100-112,120,130-132,140,150,251,253-254,430检查结果:正常 不正常路由状况检查编号:C-B-05检查项目:路由状况检查检查命令:CISCO#show ip route 6509_1#show ip route summary检查期待结果:路由表应包含正确的路由信息备注: 对于企业一般都是交换网,一条默认路由指出,只是注意VLAN信息与此直连路由是否相符。检查范例
24、:(由于现实内容过多,这里只截取部分)ksy_c6509_2# show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 ia - IS-IS inter area, * - candidate default, U - per-user static
25、 route o - ODR, P - periodic downloaded static routeGateway of last resort is to network is directly connected, Vlan106C is directly connected, Vlan107C is directly connected, Vlan105C is directly connected, Vlan11C is directly connected, Vlan100C is directly connected, Vlan101S* 1/0 via show ip rou
26、te summary IP routing table name is Default-IP-Routing-Table(0)Route Source Networks Subnets Overhead Memory (bytes)connected 30 0 1920 4800static 1 0 64 160rip 0 0 0 0Total 31 0 1984 4960Removing Queue Size 0检查结果:正常 不正常生成树STP检查编号:C-B-06检查项目:生成树STP检查检查命令:CISCO#show spanning-tree brief 6509_1#show sp
27、an sum CISCO#show spanning-tree inte (可看具体VLAN或端口号)检查期待结果: 跟节点,端口forwarding和blocking状态符合设计备注: 注意根网桥的位置及优先级,最好采用命令spanning-tree vlan X root primary 设置根网桥,并相应设定备份根网桥,维护STP树的稳定。检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show spanning-tree brief MST0 Spanning tree enabled protocol mstp Root ID Priority 32768 Ad
28、dress Cost 20001 Port 1665 (Port-channel1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 (priority 32768 sys-id-ext 0) Address Hello Time 2 sec Max Age 20 sec Forward Delay 15 secInterface Role Sts Cost Type- - - - - -Gi1/2 Desg FWD 20000 P2p Gi1/19 Desg FWD P2p Gi1/2
29、0 Desg FWD P2p Gi1/21 Desg FWD 20000 P2p Bound(STP) Gi1/23 Desg FWD 20000 P2p Gi1/24 Desg FWD P2p Gi1/27 Desg FWD 20000 P2p检查结果:正常 不正常接口状态检查编号:C-B-07检查项目:接口状态检查检查命令:CISCO#show interface (可加具体端口号或VLAN)CISCO#show interface sum检查期待结果: 接口运行正常,无过多的错误,广播及冲突包, 显示工作的端口为UP状态;端口冲突、错误等非信息小于1/10000。端口名称正确;端口双工状
30、态正常。 备注: 检查范例:(由于现实内容过多,这里只截取部分)ksy_c6509_2#show interfacesGigabitEthernet2/1 is up, line protocol is up (connected) Hardware is C6k 1000Mb , address is (bia Description: connect jiulouhexin86 12#10#(1,2)-12#5#(11,12) MTU 1500 bytes, BW Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/
31、255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is LHinput flow-control is off, output flow-control is on Output queue: 0/40 (size/max) 5 minute input rate 15000 bits/sec, 20 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 18 packets input
32、, 4191 bytes, 0 no buffer Received 15 broadcasts (68 multicasts) 0 runts, 0 giants, 0 throttles 1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 72 packets output, 1183 bytes, 0 underruns 0 output errors, 0 co
33、llisions, 6 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out检查结果:正常 不正常NAT检查编号:C-B-08检查项目: NAT配置及NAT连接数状态检查命令:router#show running-config (看NAT具体配置)router#show ip nat translations(看NAT转换情况)router#show ip nat statistics(看NAT连接数情况)检查期待结果:NAT配置正常,连接装换情况正常,连接数没有太多丢失情况。备注: 由于P2P等并发连接特别多,如果网络环境中发现NAT连接数丢失情况比较大,而又没有流量控制设备,建议在NAT设备上做NAT连接数限制,每个用户限制100个连接,防止网络中连接数过多,超出路由器承载能力。检查范例:(由于现