• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们




本章节下载 04-H3C_EAA典型配置举例  (174.59 KB)


H3C EAA典型配置举例


























产品版本:Release 7577P04


Copyright © 2019 新华三技术有限公司 版权所有,保留一切权利。





1  简介


2  配置前提




3  EAA Tcl监控策略典型配置举例

3.1  组网需求


·              生成流量超范围的日志。

·              显示当前cpu状态,并保存至文件。

·              显示接口Ten-GigabitEthernet1/0/1状态,并保存至文件。


3.2  使用版本


3.3  配置步骤

3.3.1  编辑Tcl脚本

# 使用写字板编辑文件test.tcl,如下:

# 定义监控事件,监控接口为Ten-GigabitEthernet1/0/1,关注入方向流量,当入流量大于等于500Mbps时,执行动作;再次开启轮询的条件为接口流量大于等于200Mbps。

::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op XGE start-val 500000000 restart-op XGE restart-val 200000000 user-role network-admin

# 当监控事件发生时执行动作为:发送优先级为1、设备号为local1、信息为XGE1/0/1 input rate exceeded 500000000bps的日志。

::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"

# 创建监控事件的执行动作。


# 当监控事件发生时执行动作为:执行display cpu-usaXGE命令,显示CPU利用率的统计信息,并将信息保存在文件XGE0_info.txt中。

::comware::write-cli cli0 "display cpu-usaXGE >> XGE0_info.txt"

# 当监控事件发生时执行动作为:执行display interface ten-gigabitetherne 1/0/1命令,显示Ten-GigabitEthernet1/0/1当前的运行状态和相关信息,并将信息保存在文件XGE0_info.txt中。

::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"

::comware::write-cli cli0 "end"

3.3.2  Device的配置

# 配置接口Ten-GigabitEthernet1/0/1的IP地址。

<Device> system-view

[Device] interface ten-gigabitethernet 1/0/1

[Device-Ten-GigabitEthernet1/0/1] ip address

[Device-Ten-GigabitEthernet1/0/1] quit

[Device] quit

# 通过TFTP将test.tcl下载到设备上。

<Device> tftp XGEt test.tcl

  % Total    % Received % Xferd  AveraXGE Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   189  100   189    0     0   7900      0 --:--:-- --:--:-- --:--:-- 12600

# 创建并启用Tcl监控策略,并将其和Tcl脚本test.tcl绑定。

<Device> system-view

[Device] rtm tcl-policy test test.tcl

[Device] quit

3.4  验证配置

# 通过display rtm policy registered命令可以看到存在策略名为test,策略类型为Tcl的策略。

<Device> display rtm policy registered

Total number: 1

Type  Event      TimeRegistered        PolicyName

TCL   INTERFACE  May 05 06:46:20 2014  test

# 当检测到接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,查看设备中所有的文件及文件夹信息,存在XGE0_info.txt。

<Device> dir

Directory of cfa0:

   0 -rw-        3227 Nov 19 2013 17:28:36   1.cfg

   1 -rw-        2296 Apr 26 2013 18:55:08   5660_data.ak

   2 -rw-        2304 Apr 26 2013 18:54:56   5660_security.ak

   3 -rw-        2298 Apr 26 2013 18:55:16   5660_voice.ak

   4 -rw-        3227 Nov 19 2013 17:15:19   STARTUP110.CFG

   5 drw-           - Mar 10 2013 04:10:10   diagfile

   6 -rw-         567 Jul 17 2013 14:25:00   dsakey

   7 -rw-         223 Jul 17 2013 14:25:00   ecdsakey

   8 -rw-         278 Jul 17 2013 14:25:00   XGE0_info.txt

   9 -rw-         735 Jul 17 2013 14:25:00   hostkey

  10 -rw-         492 Nov 18 2013 16:40:50   ifindex.dat

  11 -rw-         276 Apr 23 2013 19:00:00   lauth.dat

  12 drw-           - Jul 17 2013 11:26:34   license

  13 drw-           - Apr 24 2013 12:39:38   logfile

  14 -rw-    18839552 Nov 14 2013 16:42:12   msr56-cmw710-boot-r000706.bin

  15 -rw-     1150976 Nov 14 2013 16:43:00   msr56-cmw710-data-r000706.bin

  16 -rw-    47470592 Nov 14 2013 16:42:24   msr56-cmw710-system-r000706.bin

  17 -rw-     2975744 Nov 14 2013 16:42:56   msr56-cmw710-voice-r000706.bin

  18 -rw-    70445056 Nov 14 2013 17:41:08   msr56.ipe

  19 -rw-    70445056 Nov 14 2013 16:40:00   msr56NN.ipe

  20 drw-           - Aug 21 2013 16:23:10   pkey

  21 -rw-         189 Nov 19 2013 17:49:34   test.tcl

  22 drw-           - Mar 10 2013 04:10:10   seclog

  23 -rw-         591 Jul 17 2013 14:25:00   serverkey

  24 -rw-        3227 Nov 18 2013 16:40:50   startup.cfg


507492 KB total (298412 KB free)

# 使用TFTP方式,将XGE0_info.txt文件复制到TFTP服务器上。

<Device> tftp put XGE0_info.txt

# 查看XGE0_info.txt文件,显示包含当前CPU和接口Ten-GigabitEthernet1/0/1状态。

Unit CPU usage:

      15% in last 5 seconds

      14% in last 1 minute

      13% in last 5 minutes



Current state: UP

Line protocol state: UP

Description:  Ten-GigabitEthernet1/0/1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Allow jumbo frames to pass

Broadcast max-ratio: 100%

Multicast max-ratio: 100%

Unicast max-ratio: 100%

Internet address: (primary)

IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c

IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c

Loopback is not set

Media type is twisted pair, port hardware type is 1000_BASE_T

Port priority: 0

1000Mbps-speed mode, Full-duplex mode

Link speed type is autonegotiation, link duplex type is autonegotiation

Flow-control is not enabled

Maximum frame length: 9216

Last link flapping: 0 hours 0 minutes 14 seconds

Last clearing of counters: Never

 Peak input rate: 4 bytes/sec, at 2017-09-21 15:09:37

 Peak output rate: 1 bytes/sec, at 2017-09-21 15:09:37

 Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec

 Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total):  1703 packets, 2336882000 bytes

          0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses

 Input (normal):  1703 packets, - bytes

          0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses

 Input:  0 input errors, 0 runts, 0 giants, 0 throttles

          0 CRC, 0 frame, - overruns, 0 aborts

          - ignored, - parity errors

 Output (total): 1706 packets,  2337062000 bytes

          0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses

 Output (normal): 1706 packets, - bytes

          0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses

 Output: 0 output errors, - underruns, - buffer failures

          0 aborts, 0 deferred, 0 collisions, 0 late collisions

          0 lost carrier, - no carrier

3.5  配置文件

·              test.tcl脚本文本:

::comware::rtm::event_register interface ten-gigabitethernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000 user-role network-admin

::comware::rtm::action syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"


::comware::write-cli cli0 "display cpu-usage >> XGE0_info.txt"

::comware::write-cli cli0 "display interface ten-gigabitethernet1/0/1 >> XGE0_info.txt"

::comware::write-cli cli0 "end"

·              Device:


interface Ten-GigabitEthernet1/0/1

 port link-mode route

 ip address


rtm tcl-policy test test.tcl


4  EAA CLI监控策略典型配置举例

4.1  组网需求


·              生成流量超范围的日志。

·              显示当前cpu状态,并保存至文件。

·              显示接口Ten-GigabitEthernet1/0/1状态,并保存至文件。


4.2  使用版本


4.3  配置注意事项

·              同一个策略下,只能配置一个触发事件和运行时间。当多次执行event或者running-time命令时,则最近配置并且commit的生效。

·              如果新配置的动作的编号和已有动作的编号相同,则执行commit命令后最近配置生效。

·              给CLI监控策略配置事件、动作、用户角色和运行时间后,必须执行commit命令,该策略才会启用,该策略下的配置才会生效。

4.4  配置步骤

# 配置接口Ten-GigabitEthernet1/0/1的IP地址。

<Device> system-view

[Device] interface ten-gigabitethernet 1/0/1

[Device-Ten-GigabitEthernet1/0/1] ip address

[Device-Ten-GigabitEthernet1/0/1] quit

# 创建CLI策略1。

[Device] rtm cli-policy 1

# 配置监控事件,监控接口为Ten-GigabitEthernet1/0/1,当入流量大于等于500Mbps时执行动作;再次开启轮询的条件为接口流量大于等于200Mbps。

[Device-rtm-1] event interface ten-gigabitethernet 1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000

# 当事件发生时,发送优先级为1、日志记录工具为local1、信息为XGE1/0/1 input rate exceeded 500000000bps的日志。

[Device-rtm-1] action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"

# 当事件发生时,执行display cpu-usage命令,显示CPU利用率的统计信息,并将信息保存在文件XGE0_info.txt中。

[Device-rtm-1] action 2 cli display cpu-usage >> XGE0_info.txt

# 当事件发生时,执行display interface ten-gigabitetherne 1/0/1命令,显示Ten-GigabitEthernet1/0/1当前的运行状态和相关信息,并将信息保存在文件XGE0_info.txt中。

[Device-rtm-1] action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt

# 配置策略运行时间为30s。

[Device-rtm-1] running-time 30

# 配置执行CLI监控策略1时使用的用户角色为network-admin。

[Device-rtm-1] user-role network-admin

# 启用CLI监控策略1。

[Device-rtm-1] commit

[Device-rtm-1] quit

4.5  验证配置

# 通过display rtm policy registered命令查看,可以看到策略名为1,策略类型为CLI的策略。

<Device> display rtm policy registered

Total number: 1

Type  Event      TimeRegistered        PolicyName

CLI   INTERFACE  May 04 00:12:40 2014  1

# 当检测到接口Ten-GigabitEthernet1/0/1入流量值大于等于500Mbps时,查看设备中所有的文件及文件夹信息,存在XGE0_info.txt。

<Device> dir

Directory of cfa0:

   0 -rw-        3227 Nov 19 2013 17:28:36   1.cfg

   1 -rw-        2296 Apr 26 2013 18:55:08   5660_data.ak

   2 -rw-        2304 Apr 26 2013 18:54:56   5660_security.ak

   3 -rw-        2298 Apr 26 2013 18:55:16   5660_voice.ak

   4 -rw-        3227 Nov 19 2013 17:15:19   STARTUP110.CFG

   5 drw-           - Mar 10 2013 04:10:10   diagfile

   6 -rw-         567 Jul 17 2013 14:25:00   dsakey

   7 -rw-         223 Jul 17 2013 14:25:00   ecdsakey

   8 -rw-         278 Jul 17 2013 14:25:00   XGE0_info.txt

   9 -rw-         735 Jul 17 2013 14:25:00   hostkey

  10 -rw-         492 Nov 18 2013 16:40:50   ifindex.dat

  11 -rw-         276 Apr 23 2013 19:00:00   lauth.dat

  12 drw-           - Jul 17 2013 11:26:34   license

  13 drw-           - Apr 24 2013 12:39:38   logfile

  14 -rw-    18839552 Nov 14 2013 16:42:12   msr56-cmw710-boot-r000706.bin

  15 -rw-     1150976 Nov 14 2013 16:43:00   msr56-cmw710-data-r000706.bin

  16 -rw-    47470592 Nov 14 2013 16:42:24   msr56-cmw710-system-r000706.bin

  17 -rw-     2975744 Nov 14 2013 16:42:56   msr56-cmw710-voice-r000706.bin

  18 -rw-    70445056 Nov 14 2013 17:41:08   msr56.ipe

  19 -rw-    70445056 Nov 14 2013 16:40:00   msr56NN.ipe

  20 drw-           - Aug 21 2013 16:23:10   pkey

  21 -rw-         189 Nov 19 2013 17:49:34   test.tcl

  22 drw-           - Mar 10 2013 04:10:10   seclog

  23 -rw-         591 Jul 17 2013 14:25:00   serverkey

  24 -rw-        3227 Nov 18 2013 16:40:50   startup.cfg


507492 KB total (298412 KB free)

# 使用TFTP方式,将XGE0_info.txt文件复制到TFTP服务器上。

<Device> tftp put XGE0_info.txt

# 查看XGE0_info.txt文件,显示包含当前CPU和接口Ten-GigabitEthernet1/0/1状态。

Unit CPU usage:

      15% in last 5 seconds

      14% in last 1 minute

      13% in last 5 minutes



Current state: UP

Line protocol state: UP

Description:  Ten-GigabitEthernet1/0/1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1500

Allow jumbo frames to pass

Broadcast max-ratio: 100%

Multicast max-ratio: 100%

Unicast max-ratio: 100%

Internet address: (primary)

IP packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c

IPv6 packet frame type: Ethernet II, hardware address: 5cdd-7000-a07c

Loopback is not set

Media type is twisted pair, port hardware type is 1000_BASE_T

Port priority: 0

1000Mbps-speed mode, Full-duplex mode

Link speed type is autonegotiation, link duplex type is autonegotiation

Flow-control is not enabled

Maximum frame length: 9216

Last link flapping: 0 hours 0 minutes 14 seconds

Last clearing of counters: Never

 Peak input rate: 4 bytes/sec, at 2017-09-21 15:09:37

 Peak output rate: 1 bytes/sec, at 2017-09-21 15:09:37

 Last 300 seconds input rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec

 Last 300 seconds output rate: 568710000.25 bytes/sec, 64970 bits/sec, 4.96 packets/sec Input (total):  1703 packets, 2336882000 bytes

          0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses

 Input (normal):  1703 packets, - bytes

          0 unicasts, 0 broadcasts, 4 multicasts, 0 pauses

 Input:  0 input errors, 0 runts, 0 giants, 0 throttles

          0 CRC, 0 frame, - overruns, 0 aborts

          - ignored, - parity errors

 Output (total): 1706 packets,  2337062000 bytes

          0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses

 Output (normal): 1706 packets, - bytes

          0 unicasts, 5 broadcasts, 0 multicasts, 0 pauses

 Output: 0 output errors, - underruns, - buffer failures

          0 aborts, 0 deferred, 0 collisions, 0 late collisions

          0 lost carrier, - no carrier

4.6  配置文件


interface Ten-GigabitEthernet1/0/1

 port link-mode route

 ip address


rtm cli-policy 1

 event interface Ten-GigabitEthernet1/0/1 monitor-obj rcv-bps start-op ge start-val 500000000 restart-op ge restart-val 200000000

 action 1 syslog priority 1 facility local1 msg "XGE1/0/1 input rate exceeded 500000000bps"

 action 2 cli display cpu-usage >> XGE0_info.txt

 action 3 cli display interface ten-gigabitethernet 1/0/1 >> XGE0_info.txt

 running-time 30

 user-role network-admin



5  EAA和Track联动配置举例

5.1  组网需求

Device A和Device D、Device E已经建立BGP会话,正常情况下,Device D、Device E发往外网的流量通过Device A转发。现要求实现:当Device A连接Device C的接口Ten-GigabitEthernet1/0/1状态变为Down时,Device A能够自动感知,并禁止和Device D、Device E建立BGP会话,这样,Device D、Device E发往外网的流量可通过Device B转发。

图1 EAA和Track联动配置组网图


5.2  使用版本


5.3  配置步骤

# 查看当前的BGP对等体的状态和统计信息。

<DeviceA> display bgp peer ipv4


 BGP local router ID:

 Local AS number: 100

 Total number of peers: 3                  Peers in established state: 3


  * - Dynamically created peer

  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State                200       13       16    0       0 00:16:12 Established                300       13       16    0       0 00:10:34 Established                300       13       16    0       0 00:10:38 Established

# 配置Track项监控接口Ten-GigabitEthernet1/0/1的状态。

<DeviceA> system-view

[DeviceA] track 1 interface ten-gigabitethernet 1/0/1

# 配置Tcl监控策略,当Ten-GigabitEthernet1/0/1状态变为Down之后,Device A能够自动感知,并禁止和Device D、Device E建立BGP会话。

[DeviceA] rtm cli-policy test

[DeviceA-rtm-test] event track 1 state negative

[DeviceA-rtm-test] action 0 cli system-view

[DeviceA-rtm-test] action 1 cli bgp 100

[DeviceA-rtm-test] action 2 cli peer ignore

[DeviceA-rtm-test] action 3 cli peer ignore

[DeviceA-rtm-test] user-role network-admin

[DeviceA-rtm-test] commit

[DeviceA-rtm-test] quit

5.4  验证配置

# 将Ten-GigabitEthernet1/0/1关闭。

[DeviceA] interface ten-gigabitethernet 1/0/1

[H3C-Ten-GigabitEthernet1/0/1] shutdown

# 查看BGP对等体的状态和统计信息,会显示BGP对等体数量为0。

<DeviceA> display bgp peer ipv4

 BGP local router ID:

 Local AS number: 100

 Total number of peers: 0                  Peers in established state: 0

  * - Dynamically created peer

  Peer                    AS  MsgRcvd  MsgSent OutQ PrefRcv Up/Down  State

5.5  配置文件


rtm cli-policy test

 event track 1 state negative

 action 0 cli system-view

 action 1 cli bgp 100

 action 2 cli peer ignore

 action 3 cli peer ignore

 user-role network-operator

 user-role network-admin


track 1 interface ten-gigabitethernet 1/0/1


6  相关资料

·              H3C S10500系列以太网交换机 网络管理和监控配置指导-R757X

·              H3C S10500系列以太网交换机 网络管理和监控命令参考-R757X

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
