CN104518907A - Network device and network management system management authority limit synchronizing method - Google Patents
Network device and network management system management authority limit synchronizing method Download PDFInfo
- Publication number
- CN104518907A CN104518907A CN201410452679.8A CN201410452679A CN104518907A CN 104518907 A CN104518907 A CN 104518907A CN 201410452679 A CN201410452679 A CN 201410452679A CN 104518907 A CN104518907 A CN 104518907A
- Authority
- CN
- China
- Prior art keywords
- network
- management system
- delineation
- network management
- power strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a network device and network management system management authority limit synchronizing method. The method includes that firstly, a database for inputting and storing authority limit division policies is set; secondly, MIB (management information base) files of network devices provide nodes used for setting parameters of the access authority limit division policies; thirdly, a network management system sets the network devices in batches by an SNMP (simple network management protocol) and sets access parameters of the authority limit division policies; fourthly, the network devices shield or start configuration function items of command lines and device management pages according to content of the authority limit division policies; finally, the network management system shields or starts configuration function items of the network management system to the network devices according to the authority limit division policies. The synchronizing method has the advantages that conflict possibly occurring among a command line mode, a device management page mode and a network management system mode is avoided effectively during network device configuration; by means of authority limit division, operating authority limits of network management personnel different in role are defined, and security and reliability during network maintenance are improved.
Description
Technical field
The present invention relates to network communication technology field, particularly relate to a kind of method of synchronous network device and network management system administration authority.
Background technology
Along with the network size of government, enterprise, public institution etc. constantly expand, the complexity of network improves constantly, network manager carry out the intensity of device management configurations and difficulty also increasing.At present, network manager mainly adopts three kinds of modes to carry out device management configurations: command line mode, device management pages mode and network management system mode.
Command line mode; it is the most basic way; the Console port of Telnet Telnet or direct-connected device can be utilized the most comprehensively to configure equipment; but this requires that keeper possesses more comprehensive network knowledge and higher network equipments configuration technical ability; webmaster keeper is also needed to carry out manual key entry according to Network Topology Design and network configuration planning table to each equipment in addition; workload is huge, often can cause configuration error because manually typing in.
Device management pages mode is comparatively directly perceived, and can contain the conventional configuration item of daily management, is comparatively simple collocation method.But this mode need network manager one by one logging device administration page operate, when network size is larger, workload also can be very complicated.
Network management system mode is a kind of mode of the multiple stage network equipment being carried out to centralized management, can carry out mass configuration, greatly reduce the workload of network manager under large-scale network environment to the network equipment, is comparatively common way to manage.But the mib file that this mode relies on snmp protocol and equipment to be provided manages, and the fine degree of configuration and fullest extent are all not so good as first two mode.
In the work of real network device management configurations, network managers can be different according to the task division of labor, and figure is different thus select different modes to be managed for configuration equipment.This just brings the problem of configuration conflict: the configuration as carried out under command line mode may cause the configuration management under network management system occur contradiction and change unrest; The mode switching operation just carried out in device management pages may cause the configuration operation under network management system to eject abnormal prompt; Etc. these situations be all because three kinds of configuration management modes are mutually intersected in configuration authority, can not be synchronous caused very well.
Key nouns
Network management system: network management system is the distribute network application system of a software and hardware combining based on software, its objective is supervising the network, network-efficient is normally run.The function of network management system is generally divided into performance management, configuration management, safety management, accounting management and the large management function of fault management five.
Snmp protocol: SNMP (Simple Network Management Protocol) is widely accepted and the industrial standard come into operation, its target ensures that management information transmits in any two points, be convenient to any Nodes Retrieval information of network manager on network, modify, trouble-shooting; Complete failure diagnosis, capacity planning and report generation.It adopts polling mechanism, provides the most basic function collection.The most applicable environment that is small-sized, quick, low price uses.It only requires the transport layer protocol UDP without confirming, is subject to the extensive support of many products.
Mib file: MIB (Management Information Base) is one of key components of snmp protocol network frame.It allly by the set of the object of snmp management, can comprise each class variable to be managed.The basic operations such as Get, Set of snmp protocol are all carry out for the management object in MIB.
Summary of the invention
The present invention, in order to solve problems of the prior art, provides the synchronous method of a kind of network equipment and network management system administration authority.
In order to realize above-mentioned object, technical scheme of the present invention is: the synchronous method of a kind of network equipment and network management system administration authority, comprises the following steps:
Steps A: arrange one be used for typing, preserve the database of delineation of power strategy;
Step B: the mib file of the network equipment provides node, for setting the parameter of access rights partition strategy;
Step C: network management system utilizes the snmp protocol batch setting network equipment, the access parameter of setting delineation of power strategy;
Step D: the delineation of power strategy in each network equipment timer access database, and according to the configuration feature item of the shielding of the content of delineation of power strategy or enable command row, device management pages;
Step e: the delineation of power strategy in network management system timer access database, the content according to delineation of power strategy shields or enables the configuration feature item of network management system to the network equipment;
Preferably, the step that network management system provides interface to edit this delineation of power strategy is also comprised.
Preferably, in described step B, described node comprises IP, port, user name, password, table name.
Preferably, in described step D, the value whether network equipment " allows order line " according to authority items each in delineation of power strategy, the configurable project of dynamic conditioning " command line system "; According to the value whether authority items each in delineation of power strategy " allows administration page ", the configurable project of dynamic conditioning " device management pages ".
Preferably, in step e, the value whether network management system " allows network management system " according to authority items each in delineation of power strategy, dynamic conditioning " network element configuration mould certainly " is for the configurable project of this network equipment.
By synchronous method provided by the invention, effectively prevent the conflict that command line mode, device management pages mode and network management system mode may occur when carrying out network equipments configuration; By delineation of power, specify that the operating right of different role network management personnel, improve the safety and reliability in network operation process.
Accompanying drawing explanation
Fig. 1 shows network design schematic diagram of the present invention.
Fig. 2 is cooperative system figure of the present invention.
Fig. 3 is the physical model figure of " delineation of power strategy ".
Embodiment
The technical problem solved to make the present invention, the technical scheme of employing, the technique effect easy to understand obtained, below in conjunction with concrete accompanying drawing, be described further the specific embodiment of the present invention.
The invention provides the synchronous method of a kind of network equipment and network management system administration authority, Fig. 1 is network design schematic diagram of the present invention, comprise network management system server 1, network management system 2, database 3, the equipment such as the network equipment 4, command line system 5, device management pages 6, switch 7.Each network equipment 4, database 3, network management system server 1 are all connected with switch 7.
Fig. 2 is cooperative system figure of the present invention, and first network management system 2 can be edited " the delineation of power strategy " that be arranged in database 3; Network management system 2 sets policy lookup method by snmp protocol to the network equipment 4; The network equipment 4 can regularly be inquired about " delineation of power strategy "; The content of " delineation of power strategy " returns to the network equipment 4.Fig. 3 is the physical model figure of " delineation of power strategy "; According to " ID " shown in figure as index, a certain authority of unique sign; " rely on ID " as external key, to depend on " ID ", represent that authority has subordinate hierarchical relationship; " authority name " and " authority description " is used for describing a certain authority; " sequentially " for the sequence of each authority when showing; " whether allow order line " and represent whether this authority allows to configure in the command line system of the network equipment; " whether allow administration page " and represent whether this authority allows to configure in the administration page of the network equipment; " whether allow network management system " and represent whether this authority allows to configure in network management system.
Synchronous method of the present invention is as follows:
Steps A: arrange one be used for typing, preserve the database 3 of delineation of power strategy;
Step B: the mib file of the network equipment 4 provides node, for setting the parameter of access rights partition strategy; As the node of the information such as IP, port, user name, password, table name for setting data storehouse;
Step C: network management system 2 utilizes the snmp protocol batch setting network equipment 4, the access parameter of setting delineation of power strategy;
Step D: the delineation of power strategy in each network equipment 4 timer access database 3, and according to the configuration feature item of the shielding of the content of delineation of power strategy or enable command row, device management pages;
Step e: the delineation of power strategy in network management system 2 timer access database 3, the content according to delineation of power strategy shields or enables the configuration feature item of network management system to the network equipment;
Further preferably, also comprise the step that network management system 2 provides interface to edit this delineation of power strategy, network management system 2 can be revised " delineation of power strategy " at any time, and amended strategy comes into force immediately in network management system 2, and each network equipment 4 also can come into force successively;
Preferably, in described step D, the value whether network equipment " allows order line " according to authority items each in delineation of power strategy, the configurable project of dynamic conditioning " command line system "; According to the value whether authority items each in delineation of power strategy " allows administration page ", the configurable project of dynamic conditioning " device management pages ".
Preferably, in step e, the value whether network management system " allows network management system " according to authority items each in delineation of power strategy, dynamic conditioning " network element configuration module " is for the configurable project of this network equipment.
Synchronous method of the present invention is when application, and network management system server 1, database 3 and each network equipment 4 are in consolidated network and IP address can reach.Network management system 2 provides corresponding interface for " the delineation of power strategy " of edit and storage in database 3, and network management system 2 can in any time Editing Strategy content of the whole network operation.All network equipments 4 by pipe support snmp protocol, and provide suitable mib file, and network management system 2 sets the relevant parameter of database access on each managed device by snmp protocol.
By synchronous method provided by the invention, effectively prevent the conflict that command line mode, device management pages mode and network management system mode may occur when carrying out network equipments configuration; By delineation of power, specify that the operating right of different role network management personnel, improve the safety and reliability in network operation process.
The present invention is by preferred embodiment having carried out detailed explanation.But, by studying carefully above, concerning the change of each execution mode with to increase be apparent for one of ordinary skill in the art.Being intended that these changes all and increasing of applicant has all dropped in scope that the claims in the present invention protect.
Claims (5)
1. a synchronous method for the network equipment and network management system administration authority, is characterized in that, comprises the following steps:
Steps A: arrange one be used for typing, preserve the database of delineation of power strategy;
Step B: the mib file of the network equipment provides node, for setting the parameter of access rights partition strategy;
Step C: network management system utilizes the snmp protocol batch setting network equipment, the access parameter of setting delineation of power strategy;
Step D: the delineation of power strategy in each network equipment timer access database, and according to the configuration feature item of the shielding of the content of delineation of power strategy or enable command row, device management pages;
Step e: the delineation of power strategy in network management system timer access database, the content according to delineation of power strategy shields or enables the configuration feature item of network management system to the network equipment.
2. synchronous method according to claim 1, is characterized in that: also comprise the step that network management system provides interface to edit this delineation of power strategy.
3. synchronous method according to claim 1, is characterized in that: in described step B, and described node comprises IP, port, user name, password, table name.
4. synchronous method according to claim 1, is characterized in that: in described step D, the value whether network equipment " allows order line " according to authority items each in delineation of power strategy, the configurable project of dynamic conditioning " command line system "; According to the value whether authority items each in delineation of power strategy " allows administration page ", the configurable project of dynamic conditioning " device management pages ".
5. synchronous method according to claim 1, it is characterized in that: in step e, the value whether network management system " allows network management system " according to authority items each in delineation of power strategy, dynamic conditioning " network element configuration module " is for the configurable project of this network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410452679.8A CN104518907A (en) | 2014-09-05 | 2014-09-05 | Network device and network management system management authority limit synchronizing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410452679.8A CN104518907A (en) | 2014-09-05 | 2014-09-05 | Network device and network management system management authority limit synchronizing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104518907A true CN104518907A (en) | 2015-04-15 |
Family
ID=52793678
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410452679.8A Pending CN104518907A (en) | 2014-09-05 | 2014-09-05 | Network device and network management system management authority limit synchronizing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104518907A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259214A (en) * | 2017-08-31 | 2018-07-06 | 新华三技术有限公司 | A kind of configuration order management method, device and machine readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547357A (en) * | 2003-12-16 | 2004-11-17 | 北京航空航天大学 | Dynamically constructed network management method |
| CN1617510A (en) * | 2003-11-12 | 2005-05-18 | 华为技术有限公司 | Method for realizing management authorization in network management system |
| US20070245012A1 (en) * | 1996-07-23 | 2007-10-18 | Server Technology, Inc. | Remote power control system with tickle capability |
-
2014
- 2014-09-05 CN CN201410452679.8A patent/CN104518907A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070245012A1 (en) * | 1996-07-23 | 2007-10-18 | Server Technology, Inc. | Remote power control system with tickle capability |
| CN1617510A (en) * | 2003-11-12 | 2005-05-18 | 华为技术有限公司 | Method for realizing management authorization in network management system |
| CN1547357A (en) * | 2003-12-16 | 2004-11-17 | 北京航空航天大学 | Dynamically constructed network management method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108259214A (en) * | 2017-08-31 | 2018-07-06 | 新华三技术有限公司 | A kind of configuration order management method, device and machine readable storage medium |
| CN108259214B (en) * | 2017-08-31 | 2021-03-23 | 新华三技术有限公司 | Configuration command management method, device and machine-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sung et al. | Robotron: Top-down network management at facebook scale | |
| US10476912B2 (en) | Creating, visualizing, and simulating a threat based whitelisting security policy and security zones for networks | |
| CN105224351B (en) | Rapid configuration implementation method and rapid configuration server | |
| US9369431B1 (en) | Security device controller | |
| CN104363122B (en) | A kind of method for pre-configuration and system of network element | |
| CN103001806B (en) | For the distributed O&M monitoring system of IT system | |
| CN102571420B (en) | Method and system for network element data management | |
| CN104394008A (en) | A method for configuring uniformly different types of intelligent electronic devices and the system thereof | |
| CN103281197A (en) | ForCES configuration method based on NETCONF | |
| CN104486103A (en) | Message transmission method and equipment | |
| CN102866998A (en) | Centralized password management method and centralized password management system in synchronous system | |
| CN103944763A (en) | Network-assistant management system and method of electrical power system | |
| CN103235558A (en) | Intelligent communication terminal for numerical control machine tool | |
| CN105094961A (en) | Task scheduling management system based on quartz frame and method thereof | |
| CN104184616A (en) | Intelligent management system for local area network resources | |
| CN108848132A (en) | A kind of distribution scheduling station system based on cloud | |
| CN104993964A (en) | Method for compliance check of data configuration of PTN L3 (Packet Transport Network Layer3) network based on regularization algorithm | |
| CN103595727A (en) | Cross-domain incremental data exchange model and method based on exchange identification | |
| WO2019223178A1 (en) | Cross-platform task scheduling method and system, computer device, and storage medium | |
| US20200293502A1 (en) | Systems and methods for database management system (dbms) discovery | |
| WO2016177054A1 (en) | Charging equipment management method and device | |
| CN104518907A (en) | Network device and network management system management authority limit synchronizing method | |
| CN103281202A (en) | System of browser/server architecture and front-end presentation method of system | |
| KR20070083139A (en) | Network management system using xml and method thereof | |
| CN114363164B (en) | Cloud network service arrangement control method, system, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: NANJING HUAXUN ARK COMMUNICATION EQUIPMENT CO., LT Free format text: FORMER OWNER: SHENZHEN CITY HUAXUN FANGZHOU TECHNOLOGY CO., LTD. Effective date: 20150416 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518000 SHENZHEN, GUANGDONG PROVINCE TO: 210000 NANJING, JIANGSU PROVINCE |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20150416 Address after: 210000, Room 301, 502 Hanzhoung Avenue, Gulou District, Jiangsu, Nanjing Applicant after: NANJING HUAXUN ARK COMMUNICATION EQUIPMENT CO., LTD. Address before: 518000 Guangdong city of Shenzhen province Baoan District Xixiang Bao Tian Yi Lu Chen Tian Industrial District 37 Building 1 floor Applicant before: Shenzhen City Huaxun Fangzhou Technology Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150415 |