網管人員常使用自動化的機制來減輕網路管理的負擔。包括許多大專院校的電算中心在內,有很多人投入這個領域,致力於開發出適合自己網路架構以及符合自訂網路政策的管理系統。這些系統通常都是以監控用戶端的IP或網路卡卡號為主要依據,例如哪個IP的電腦中了病毒正在對外攻擊,或是哪個IP的網路流量超過了單位訂定的使用上限。在本篇論文中,我們提出一個可以解決多數網管人員頭痛問題的網管系統,藉由單一的系統確實掌握內部的使用者是由哪台的交換器的哪個埠來連上內部網路。 本系統是以達成此功能為設計理念,運用SNMP協定及在Linux系統上的PHP程式碼,透過 ”crontab” 定時執行,將所要的資訊整理、過濾完後,寫入後端的MySQL資料庫。搭配單位既有的網路監控機制及過濾出來的使用者IP位址或是網路卡卡號,本系統可以快速地查出這些位址所使用的交換器埠是哪一個,並且也會有異動過的記錄可供稽核。若是問題嚴重,也可直接關閉這個交換器埠,在第一時間且最接近問題點的地方把它隔離開來,避免問題擴散到其他地方,影響到更多的使用者。等問題排除後,也可透過本系統再將此交換器埠開啟。
Network administrators often use automatic mechanism to reduce the load of the network management. Including the computer centers of many universities, many people invest in this field to develop the management system which is suitable for their network architecture and meets the requirements of their network policy. These systems are usually base on monitoring IP address or MAC address of the client. For example, which IP address is attacking other nodes or which IP address is over the maximum traffic limited by the organization. In this thesis, we propose a network management system to resolve some common management problems. The system will collect the information about the relationship between user and switch port in multi-vendor environment. The proposed system is based on SNMP and runs scripts written in PHP on the Linux system with Apache server. Using the crontab, the system periodically fetches the information we need and writes the information into the MySQL database. According to the IP address or MAC address fetched from the existing hardware, the system can find out the relationship between user and the switch port quickly. The system will record the change of this relationship for auditing purpose. If, for example, a computer is infected by virus and is sending out large number of packets, the network administrator can turn off the corresponding port to avoid the spread of the influence if necessary.