常用网络设备巡检命令参考

网络设备安全巡检命令参考为了提高安全巡检工作效率，快速完成对网络设备交换机、路由器和防火墙的例行巡检，建议利用SecureCRT终端登录管理工具及拷贝粘贴批处理命令脚本快速完成网络设备巡检数据采集工作。客户设备本地或远程登录统一采用SecureCRT工具，对所有巡检客户网络设备预先编辑好登录脚本，方便后期巡检和维护快速登录客户设备。对要巡检的客户采用以下批处理执行命令快速完成数据采集任务。在执行以下批处理命令前先使用SecureCRT软件设置logsession到一个新建txt文件，然后选取全部以下命令拷贝粘贴到设备特权模式#下，以下命令所显示的信息会自动发送到新建的txt文件里。目录1CISCO网络设备例行巡检数据采集任务..............................................................................31.1CISCO交换机..............................................................................................................31.2CISCO路由器.............................................................................................................41.3CISCO防火墙.............................................................................................................41.4CISCO网络设备巡检命令解释..................................................................................52华为网络设备例行巡检数据采集任务...................................................................................82.1华为交换机...................................................................................................................82.2华为路由器...................................................................................................................82.3华为网络设备巡检命令解释.....................................................................................103H3C网络设备例行巡检数据采集任务................................................................................123.4H3C交换机................................................................................................................123.5H3C路由器...............................................................................................................123.6H3C网络设备巡检命令解释....................................................................................134港湾网络设备例行巡检数据采集任务.................................................................................144.7港湾交换机.................................................................................................................144.8港湾路由器.................................................................................................................144.9港湾网络设备巡检命令解释.....................................................................................145HP网络设备例行巡检数据采集任务...................................................................................145.10HP交换机...................................................................................................................145.11HP路由器..................................................................................................................155.12HP网络设备巡检命令解释.......................................................................................151CISCO网络设备例行巡检数据采集任务1.1CISCO交换机==================================================================terminallength0showrunnshowvershowipsocketshowipsocketdetailshowtcpshowclockshowvtpstatusshowvtppassshowenvallshowinventoryshowspanningrootshowspanningblockshowspanningshowcdpneishowcdpneidetshowarpshowmac-address-tabledirall-showinterstatusshowintersummshowinter|ierrors|FastEthernet|GigabitEthernetclearcountersshowproccpu|ex0.00%showprocmemshowdebugshloggingshowiprouteterminallength451.2CISCO路由器=====================================================================terminallength0showvershowrunnshowclockshowtcpbriefallshowtcpshowenvallshowinventoryshowcdpneishowcdpneidetshowarpdirall-showinterfaceshowintersummshowinter|ierrors|FastEthernet|GigabitEthernet|Serialclearcountersshowproccpuhisshowproccpu|ex0.00%showprocmemshowdebugshowaccess-listshloggingshowiprouteterminallength451.3CISCO防火墙======================================================================terminalpager0showrunnshowvershowclockshownameifshowinventoryshowresourceusageshowaspdropshowconncountshowxlatecountshowfirewallshowperfmondetailshowipauditcountdirall-showinterfaceshowinter|ierrors|FastEthernet|GigabitEthernet|Serialclearcountersshowcpuusashowmemshowdebugshowaccess-listshloggingshowrouteshowlocal-hostterminalpager241.4CISCO网络设备巡检命令解释======================================================================1terminallength0；设置终端显示行数不做限制（使所有show命令完全显示，不做暂停）2showrunning-config；查看当前设备配置3showversion；查看IOS版本信息及设备正常运行时间4showclock；查看设备时钟信息5showtcpbriefall；查看当前设备开发的TCP服务状态6showvtpstatus；查看交换机vtp配置模式7showvtppassword；查看交换机vtp配置口令8showenvall；查看设备温度，电源和风扇运转参数及是否报警（注意：中高端设备不带参数all）9showinventory；调取设备内部板卡出厂模块型号及序列号（可作为资产梳理和设备维保依据）10showspanning-treeroot；查看交换机生成树根位置11showspanning-treeblock；查看交换机block端口12showspanning-tree；查看全部VLAN生成树信息13showcdpneighbors；查看邻接cisco设备基本信息14showcdpneighborsdetail；查看邻接cisco设备详细信息15showmac-address-table；通过查看MAC地址表信息，确认目的MAC地址是否正确。16dirall-filesystems；查看交换机或路由器内部操作系统及其它文件系统（主要关注是否存在crash文件）17showinterfacestatus；查看交换机接口状态是否存在errordisable接口或disable（shundown）接口18showinterfacesummary；查看交换机所有接口当前接口流量19showinterface|ierrors|FastEthernet|GigabitEthernet；查看接口是否存在大量input或outputerrors包错误20clearcounters；使所有接口计数器归零（注意后面加两个回车符，因为存在提示确认信息）21showprocessescpu；查看设备cpu负载22showcpuusa；查看CISCO防火墙cpu负载23showprocessesmem；查看设备mem占用率24showmem；查看CISCO防火墙