5424 (8-SNMP).pdf
5424 (8-SNMP).pdf
5424 (8-SNMP).pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Chapter 8<br />
Configuring <strong>SNMP</strong> and RMON<br />
This chapter describes how to configure <strong>SNMP</strong> and RMON on the Corecess <strong>5424</strong>.<br />
Configuring <strong>SNMP</strong> 8 -2<br />
This section introduces some basic information on <strong>SNMP</strong> and describes how to configure the<br />
<strong>SNMP</strong> on the Corecess <strong>5424</strong>.<br />
Configuring RMON 8-18<br />
This section introduces some basic information on the RMON protocol and describes how to<br />
configure the RMON on the Corecess <strong>5424</strong>.<br />
<strong>SNMP</strong> and RMON Configuration Commands 8-34<br />
This section lists the commands for configuring the <strong>SNMP</strong> and the RMON.<br />
Configuring <strong>SNMP</strong> and RMON 8-1
Configuring <strong>SNMP</strong><br />
<strong>SNMP</strong>(Simple Network Management Protocol) Overview<br />
8-2<br />
The Simple Network Management Protocol (<strong>SNMP</strong>) is an application layer protocol that<br />
facilitates the exchange of management information between network devices. It is part of the<br />
Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. <strong>SNMP</strong> enables<br />
network administrators to manage network performance, find and solve network problems,<br />
and plan for network growth.<br />
<strong>SNMP</strong> Basic Components<br />
<strong>SNMP</strong> consists of the following three key components:<br />
Managed Device<br />
<strong>SNMP</strong> Agent and Management Information Base (MIB)<br />
<strong>SNMP</strong> Manager<br />
Managed Device<br />
Managed<br />
Device<br />
<strong>SNMP</strong> Agent<br />
MIB<br />
A managed device is a network node that contains an <strong>SNMP</strong> agent and that resides on a<br />
managed network. Managed devices collect and store management information and make this<br />
information available to NMSs using <strong>SNMP</strong>. Managed devices, sometimes called network<br />
elements, can be routers and access servers, switches and bridges, hubs, computer hosts, or<br />
printers.<br />
Corecess <strong>5424</strong> User’s Guide<br />
<strong>SNMP</strong><br />
Manager<br />
Managed<br />
Device<br />
<strong>SNMP</strong> Agent<br />
MIB<br />
Managed<br />
Device<br />
<strong>SNMP</strong> Agent<br />
MIB
<strong>SNMP</strong> Agent and MIB<br />
The <strong>SNMP</strong> agent is a network management module running in the managed device. The<br />
<strong>SNMP</strong> agent responds to <strong>SNMP</strong> manager requests as follows:<br />
Get a MIB variable: The <strong>SNMP</strong> agent initiates this function in response to a request from<br />
the NMS. The agent retrieves the value of the requested MIB variable and responds to<br />
the NMS with that value.<br />
Set a MIB variable: The <strong>SNMP</strong> agent initiates this function in response to a message from<br />
the NMS. The <strong>SNMP</strong> agent changes the value of the MIB variable to the value requested<br />
by the NMS.<br />
The <strong>SNMP</strong> agent also sends unsolicited trap messages to notify an NMS that a significant<br />
event has occurred on the agent. Examples of traps conditions include, but are not limited to,<br />
when a port or module goes up or down, when spanning-tree topology changes occur, and<br />
when authentication failures occur.<br />
The MIB is the information base, the <strong>SNMP</strong> agent must keep available for the managers. This<br />
information base contains objects whose values provide information on the status of the<br />
checked system or objects whose values can be modified by a manager to control the system.<br />
Each object is identified by an Object ID (OID). There are two kinds of MIBs, standard MIB<br />
and enterprise-specific MIB.<br />
<strong>SNMP</strong> Manager<br />
<strong>SNMP</strong> Manager is an integrated management module which collects information from <strong>SNMP</strong><br />
agent and sometimes sends warning messages depending on the each <strong>SNMP</strong> agent relations.<br />
In other words, the actual data is collected from <strong>SNMP</strong> agent and this data will be processed<br />
by management module and saved. To request information or configuration changes, respond<br />
to requests, and send unsolicited alerts, the <strong>SNMP</strong> manger and <strong>SNMP</strong> agent use the four<br />
messages (Get, GetNext, Set, trap). For more information on these messages, refer to the<br />
following section.<br />
Configuring <strong>SNMP</strong> and RMON 8-3
8-4<br />
<strong>SNMP</strong> Messages<br />
The <strong>SNMP</strong> manger and <strong>SNMP</strong> agent use the following <strong>SNMP</strong> messages to request<br />
information or configuration changes, respond to requests, and send unsolicited alerts.<br />
Get-Request / Get-Response Message<br />
GetNext-Request / GetNext-Request Message<br />
Set-Request Message<br />
Trap Message<br />
Get-Request Message<br />
Get-Request Message is the basic <strong>SNMP</strong> request message. Sent by an <strong>SNMP</strong> manager, it<br />
requests information about a single MIB entry on an <strong>SNMP</strong> agent. For example, the amount of<br />
free drive space.<br />
GetNext-Request Message<br />
GetNext-Request Message is an extended type of request message that can be used to browse<br />
the entire tree of management objects. When processing a Get-next request for a particular<br />
object, the agent returns the identity and value of the object which logically follows the object<br />
from the request. The Get-next request is useful for dynamic tables, such as an internal IP<br />
route table.<br />
Set-Request Message<br />
If write access is permitted, Set-Request message can be used to send and assign an updated<br />
MIB value to the agent.<br />
Trap Message<br />
An unsolicited message sent by an <strong>SNMP</strong> agent to an <strong>SNMP</strong> manager when the agent detects<br />
that a certain type of event has occurred locally on the managed device. For example, a trap<br />
message might be sent on a system restart event.<br />
Corecess <strong>5424</strong> User’s Guide
<strong>SNMP</strong> Community Strings<br />
<strong>SNMP</strong> community strings authenticate access to MIB objects and function as embedded<br />
passwords. In order for the NMS to access the system, the community string definitions on the<br />
NMS must match at least one of the three community string definitions on the system.<br />
A community string can have one of the following attributes:<br />
| Table 8-1 Types of community strings |<br />
Read-only<br />
Read-write<br />
Types Access Right<br />
Read-write-all<br />
Trap<br />
Gives read access to authorized management stations to all objects in the MIB<br />
except the community strings, but does not allow write access<br />
Gives read and write access to authorized management stations to all objects in the<br />
MIB, but does not allow access to the community strings<br />
Gives read and write access to authorized management stations to all objects in the<br />
MIB, including the community strings<br />
Trap is a defined status of event or system. For example, event generated when port<br />
configuration is changed or a host having not-allowed IP address accesses can be defined as a<br />
trap. You can configure the level of trap according to the kind of events. If a trap occurs on the<br />
system, the <strong>SNMP</strong> agent send <strong>SNMP</strong> trap message to the registered trap host.<br />
Configuring <strong>SNMP</strong> and RMON 8-5
Configuring <strong>SNMP</strong><br />
8-6<br />
<strong>SNMP</strong> Default Configuration<br />
The default <strong>SNMP</strong> configuration of the Corecess <strong>5424</strong> is as follows:<br />
| Table 8-2 Default <strong>SNMP</strong> configuration |<br />
Corecess <strong>5424</strong> User’s Guide<br />
<strong>SNMP</strong> Configuration Element Default Setting<br />
Agent contact information (MIB-II System Contact variable) None configured<br />
Agent location information (MIB-II System Location variable) None configured<br />
Community strings None configured<br />
Trap None enabled<br />
Trap Host None configured<br />
RMON Enabled<br />
Setting the System Contact and Location Information<br />
In the system group of MIB-II (Public MIB) supported by the Corecess <strong>5424</strong> has System Contact<br />
variable and System Location variable displaying the system contact information and system<br />
location information.<br />
The values of these variables can be browsed or modified via ViewlinX, NMS of the Corecess<br />
or NMS of other companies. To specify these values, use the following commands:<br />
| Table 8-3 Setting the system contact and location information |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server contact <br />
snmp-server location <br />
end 4. Return to Privileged mode.<br />
2. Set the system contact information.<br />
: String described for system contact information.<br />
3. Set the system location information.<br />
: String described for system location information.<br />
show snmp-server 5. Verify the system contact and location information.
The following is an example of setting the system contact information and system location<br />
information:<br />
Parameter Value<br />
System contact information TEL: +82-2-3016-6900<br />
System location information Daechi-dong Seoul Korea<br />
# configure terminal<br />
(config)# snmp-server contact "TEL:+82-2-3016-6900"<br />
(config)# snmp-server location "Daechi-dong Seoul Korea"<br />
(config)# end<br />
# show snmp-server<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
sysContact TEL:+82-2-3016-6900<br />
sysLocation Daechi-dong Seoul Korea<br />
...<br />
#<br />
Configuring Community Strings<br />
You use the <strong>SNMP</strong> community string to define the relationship between the <strong>SNMP</strong> manager<br />
and the agent. The community string acts like a password to permit access to the agent on the<br />
system. One thing to be aware of is that in case of adding new community string using the<br />
Corecess <strong>5424</strong> CLI command, this community string must be added in NMS in order to<br />
connect to the system using this community string. To define <strong>SNMP</strong> community strings, use<br />
the following commands in Privileged mode:<br />
| Table 8-4 Configuring <strong>SNMP</strong> community strings |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server community<br />
<br />
<br />
end 3. Return to Privileged mode.<br />
show snmp-server<br />
community-list<br />
2. Define the <strong>SNMP</strong> community strings for each access type.<br />
: The <strong>SNMP</strong> community name for this system.<br />
Enter an unquoted text string with no space and a maximum length<br />
of 12 characters.<br />
: Access type for this community (read-only, read-write)<br />
4. Verify new community string.<br />
Configuring <strong>SNMP</strong> and RMON 8-7
8-8<br />
The following example defines new community string:<br />
# configure terminal<br />
(config)# snmp-server community cc<strong>5424</strong> rw<br />
(config)# end<br />
# show snmp-server<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
sysContact Dial System Administrator at phone #2734<br />
sysLocation 1st_floor_lab<br />
Community-Access Community-String<br />
---------------- ----------------<br />
read-write cc<strong>5424</strong><br />
...<br />
#<br />
To delete a community string, use the no snmp-server community command in Global<br />
configuration mode as follows:<br />
(config)# no snmp-server community cc<strong>5424</strong><br />
(config)# end<br />
# show snmp-server community-list<br />
#<br />
Configuring Trap Host<br />
Trap host is the host to receive traps from an <strong>SNMP</strong> agent. Trap is message sent by an <strong>SNMP</strong><br />
agent to an NMS, a console, or a terminal to indicate the occurrence of a significant event, such<br />
as a specifically defined condition or a threshold that was reached. By default, no trap host is<br />
configured. To receive the trap generated on your managed device using NMS, you must add<br />
the NMS as a trap host. You can specify up to twenty trap hosts on the Corecess <strong>5424</strong>.<br />
Corecess <strong>5424</strong> User’s Guide
To add or modify trap hosts, use the following commands in Privileged mode:<br />
| Table 8-5 Configuring a trap host |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server host <br />
port <br />
end 3. Return to Privileged mode.<br />
show snmp-server traphost 4. Verify the trap host entries<br />
The following example shows how to add a trap host:<br />
2. Add a trap host.<br />
: The IP address or host name of an <strong>SNMP</strong><br />
host that has been configured to receive traps.<br />
: The community name to use when<br />
sending traps to the specified <strong>SNMP</strong> host.<br />
: The UDP port number to use when sending<br />
traps to the specified <strong>SNMP</strong> host (1 ~ 65535, default<br />
setting: 165).<br />
# configure terminal<br />
(config)# snmp-server host 172.168.2.23 cc<strong>5424</strong> port default<br />
(config)# end<br />
# show snmp-server<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
:<br />
Trap-Rec-Address Trap-Rec-Community<br />
------------------------- ------------------<br />
udp:172.168.2.23:162 cc<strong>5424</strong><br />
:<br />
#<br />
To delete a trap host, use the no snmp-server host command in Global configuration<br />
mode. The following example deletes a trap host 172.168.2.23:<br />
(config)# no snmp-server host 168.28.1.1<br />
(config)# end<br />
# show snmp-server traphost<br />
#<br />
Configuring <strong>SNMP</strong> and RMON 8-9
8-10<br />
Configuring Trap Type<br />
Traps are system alerts that the Corecess <strong>5424</strong> generates when certain events occur. The<br />
Corecess <strong>5424</strong> supports the following trap types:<br />
| Table 8-6 Types of trap supported by Corecess <strong>5424</strong> |<br />
Trap Types Description<br />
chassis<br />
Corecess <strong>5424</strong> User’s Guide<br />
Sends a trap message when power supply is installed or uninstalled,<br />
temperature limitations are exceeded, or fan errors occur.<br />
module Sends a trap message when a module goes up or down.<br />
port Sends a trap message when a port goes up or down.<br />
bridge<br />
Sends a trap message when there are spanning tree topology<br />
changes.<br />
repeater Sends a trap message when Ethernet hub repeater state is changed.<br />
ip_permit<br />
sysconfig<br />
entity<br />
auth<br />
sysauth<br />
Sends a trap message when there are access attempts with<br />
unauthorized IP address.<br />
Sends a trap message when the system backup configuration is<br />
changed.<br />
Sends a trap message when there is Entity Management Information<br />
Base (MIB) change.<br />
Sends a trap message when there are access attempts with<br />
unauthorized community string.<br />
Sends a trap message when unauthorized user attempts access to the<br />
system.<br />
cpuload Sends a trap message when CPU load limitations are exceeded.<br />
bgp<br />
dhcp<br />
Sends a trap message when Border Gateway Protocol (BGP) state is<br />
changed.<br />
Sends a trap message when Dynamic Host Configuration Protocol<br />
(DHCP) state is changed.<br />
When a trap is enabled, if an error occurs in the device where corresponding trap is enabled or<br />
if problem occurs in the part defined by the trap, such error status (trap message) are<br />
transmitted to the trap receiving host and NMS, the <strong>SNMP</strong> agent. By default, all trap types are<br />
disabled. To send traps to the trap hosts, the trap types should be enabled.
To enable a trap type, use the following commands in Privileged mode:<br />
| Table 8-7 Enabling a trap type |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server enable traps<br />
<br />
2. Enable the specified trap type.<br />
: Trap type to be enabled (all: all trap types).<br />
end 3. Return to Privileged mode.<br />
show snmp-server 4. Check the state of the trap.<br />
The following example enables the port and auth traps:<br />
# configure terminal<br />
(config)# snmp-server enable traps port<br />
(config)# snmp-server enable traps auth<br />
(config)# end<br />
# show snmp-server<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
:<br />
Trap-Rec-Address Trap-Rec-Community<br />
------------------------- ------------------<br />
Traps Enabled<br />
------------------------- ------------------<br />
chassis disabled<br />
module disabled<br />
port enabled<br />
bridge disabled<br />
repeater disabled<br />
ip_permit disabled<br />
sysconfig disabled<br />
entity disabled<br />
cpuload disabled<br />
auth enabled<br />
sysauth disabled<br />
bgp disabled<br />
dhcp disabled<br />
atm disabled<br />
#<br />
To disable the trap type, use the no snmp-server enable traps command as follows:<br />
(config)# no snmp-server enable traps port<br />
Configuring <strong>SNMP</strong> and RMON 8-11
8-12<br />
Configuring <strong>SNMP</strong> Access Groups<br />
You can configure an <strong>SNMP</strong> access group by using access lists. The hosts that are permitted in<br />
the access lists can access to the system via <strong>SNMP</strong>.<br />
To configure <strong>SNMP</strong> access group by using access lists, use the following commands in<br />
Privileged mode:<br />
| Table 8-8 Configuring <strong>SNMP</strong> acess groups |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server enable traps<br />
<br />
Corecess <strong>5424</strong> User’s Guide<br />
2. Configure a new <strong>SNMP</strong> access group.<br />
: Standard access list number (1 ~ 99, 100 ~ 199)<br />
The following example shows how to configure a <strong>SNMP</strong> access group:<br />
(config)# access-list 12 permit 192.89.55.0 0.0.0.255<br />
(config)# snmp-server group access 12<br />
(config)#<br />
The hosts that belong to 192.89.55.0 network can access to the system via <strong>SNMP</strong>.
Displaying <strong>SNMP</strong> Information<br />
The section describes how to display <strong>SNMP</strong> configuration information, <strong>SNMP</strong> community<br />
strings, <strong>SNMP</strong> trap hosts, and <strong>SNMP</strong> statistics.<br />
Displying <strong>SNMP</strong> Configuration Information<br />
To display <strong>SNMP</strong> configuration information, use the show snmp-server command in<br />
Privileged mode.<br />
The following example is a sample output of the show snmp-server command:<br />
# show snmp-server<br />
RMON: Disabled<br />
Extended RMON: Extended RMON module is not present<br />
sysContact support@corecess.com<br />
sysLocation Unknown<br />
Community-Access Community-String<br />
---------------- ----------------<br />
read-only public<br />
read-write private<br />
read-only corecess<br />
Trap-Rec-Address Trap-Rec-Community<br />
------------------------- ------------------<br />
udp:172.27.2.36:162<br />
Traps Enabled<br />
------------------------- ------------------<br />
chassis disabled<br />
module disabled<br />
port disabled<br />
bridge disabled<br />
repeater disabled<br />
ip_permit disabled<br />
sysconfig disabled<br />
entity disabled<br />
cpuload disabled<br />
auth disabled<br />
sysauth disabled<br />
bgp disabled<br />
dhcp disabled<br />
atm disabled<br />
#<br />
Configuring <strong>SNMP</strong> and RMON 8-13
8-14<br />
The table below describes the fields shown by the show snmp-server command:<br />
| Table 8-9 show snmp-server field descriptions |<br />
RMON<br />
Extended RMON<br />
Corecess <strong>5424</strong> User’s Guide<br />
Field Description Default<br />
Status of whether RMON is enabled or<br />
disabled<br />
Status of whether extended RMON is<br />
enabled or disabled<br />
enabled<br />
not supported<br />
sysContact <strong>SNMP</strong> system contact string unknown<br />
sysLocation <strong>SNMP</strong> system location string unknown<br />
community<br />
TrapReceiver<br />
Trap<br />
Community-Access<br />
Community-String<br />
Trap-Rec-Address<br />
Trap-Rec-Community<br />
Traps Trap types<br />
Enabled<br />
Displaying <strong>SNMP</strong> Community Strings<br />
Configured <strong>SNMP</strong> communities<br />
- read-only<br />
- read-write<br />
<strong>SNMP</strong> community strings associated with<br />
each <strong>SNMP</strong> community<br />
IP address of trap receiver hosts and UDP<br />
port number for sending trap messages.<br />
<strong>SNMP</strong> community string used for trap<br />
messages to the trap receiver.<br />
Status of whether trap type is enabled or<br />
disabled<br />
none<br />
disabled<br />
To display <strong>SNMP</strong> community strings, use the show snmp-server community-list<br />
command in Privileged mode.<br />
The following example shows how to display <strong>SNMP</strong> community strings:<br />
# show snmp-server community-list<br />
community:pubilc access: ro<br />
community:private access: rw<br />
community:corecess access: ro<br />
#<br />
The table below describes the fields shown by the show snmp-server community-list<br />
command output:
| Table 8-10 show snmp-server community-list field descriptions |<br />
Field Description<br />
community <strong>SNMP</strong> community strings<br />
access<br />
Displaying <strong>SNMP</strong> Statistics<br />
Access right of the community strings<br />
- ro : Read-only<br />
- rw : Read-write<br />
To display <strong>SNMP</strong> statistics, use the show snmp-server statistics command in<br />
Privileged mode.<br />
The following is sample output from the show snmp-server statistics command:<br />
# show snmp-server statistics<br />
10090 <strong>SNMP</strong> packets input<br />
0 Bad <strong>SNMP</strong> version errors<br />
96 Unknown community name<br />
0 Illegal operation for community name supplied<br />
0 Encoding errors<br />
28051 Number of requested variables<br />
12 Number of altered variables<br />
9854 Get-request PDUs<br />
83 Get-next PDUs<br />
12 Set-request PDUs<br />
9994 <strong>SNMP</strong> packet output<br />
0 Too big errors (Maximum packet size 1500)<br />
3 No such name errors<br />
0 Bad values errors<br />
0 General errors<br />
9994 Response PDUs<br />
0 Trap PDUs<br />
#<br />
Configuring <strong>SNMP</strong> and RMON 8-15
8-16<br />
The table below describes the fields shown by the show snmp-server statistics<br />
command output:<br />
| Table 8-11 show snmp-server statistics field descriptions |<br />
Field Description<br />
<strong>SNMP</strong> packets input Total number of <strong>SNMP</strong> packets input.<br />
Bad <strong>SNMP</strong> version errors Number of packets with an invalid <strong>SNMP</strong> version.<br />
Unknown community name Number of <strong>SNMP</strong> packets with an unknown community name.<br />
Illegal operation for<br />
community name supplied<br />
Corecess <strong>5424</strong> User’s Guide<br />
Number of packets requesting an operation not allowed for that<br />
community.<br />
Encoding errors Number of <strong>SNMP</strong> packets that were improperly encoded.<br />
Number of requested<br />
variables<br />
Number of variables requested by <strong>SNMP</strong> managers.<br />
Number of altered variables Number of variables altered by <strong>SNMP</strong> managers.<br />
Get-request PDUs Number of get requests received.<br />
Get-next PDUs Number of get-next requests received.<br />
Set-request PDUs Number of set requests received.<br />
<strong>SNMP</strong> packet output Total number of <strong>SNMP</strong> packets sent by the router.<br />
Too big errors<br />
No such name errors<br />
Bad values errors<br />
General errors<br />
Number of <strong>SNMP</strong> packets which were larger than the maximum<br />
packet size.<br />
Number of <strong>SNMP</strong> requests that specified an MIB object which does<br />
not exist.<br />
Number of <strong>SNMP</strong> set requests that specified an invalid value for an<br />
MIB object.<br />
Number of <strong>SNMP</strong> set requests that failed due to some other error. (It<br />
was not a noSuchName error, badValue error, or any of the other<br />
specific errors.)<br />
Response PDUs Number of responses sent in reply to requests.<br />
Trap PDUs Number of <strong>SNMP</strong> traps sent.
Displaying <strong>SNMP</strong> Trap Hosts<br />
To display the list of the trap receiver hosts, use the show snmp-server traphost<br />
command in Privileged mode.<br />
The following example shows how to display the list of the trap receiver hosts:<br />
# show snmp-server traphost<br />
host: udp:172.27.2.36:162 comm: public<br />
host: udp:172.28.3.178:24 comm: corecess<br />
#<br />
The table below describes the fields shown by the show snmp-server traphost<br />
command output:<br />
| Table 8-12 show snmp-server traphost field descriptions |<br />
Field Description<br />
host Protocol : IP address of a trap receiver host: port number.<br />
comm <strong>SNMP</strong> community strings of the trap receiver host.<br />
Configuring <strong>SNMP</strong> and RMON 8-17
Configuring RMON<br />
RMON (Remote MONitoring) Overview<br />
8-18<br />
The RMON is a standard MIB that defines current and historical MAC-layer statistics and<br />
control objects, allowing you to capture real-time information across the entire network. The<br />
RMON standard is an <strong>SNMP</strong> MIB definition described in RFC 1757 (formerly 1271) for<br />
Ethernet.<br />
The RMON MIB provides a standard method to monitor the basic operations of the Ethernet,<br />
providing inoperability between <strong>SNMP</strong> management stations and monitoring agents. The<br />
RMON also provides a powerful alarm and event mechanism for setting thresholds and for<br />
notifying you of changes in network behavior.<br />
You can use the RMON to analyze and monitor network traffic data within remote LAN<br />
segments from a central location. This allows you to detect, isolate, diagnose, and report<br />
potential and actual network problems before they escalate to crisis situations. For example,<br />
the Corecess <strong>5424</strong> can identify the hosts on a network that generate the most traffic or errors.<br />
The RMON allows you to set up automatic histories, which the RMON agent collects over a<br />
period of time, providing trending data on such basic statistics as utilization, collisions, and so<br />
forth.<br />
The RMON monitors nine MIB groups including network statistics. The following table lists<br />
the RMON MIB groups:<br />
| Table 8-13 RMON groups |<br />
Group Description<br />
1. Statistics Collects the network statistics.<br />
2. History Records the network activity in sequence of time.<br />
3. Alarm Defines level of the alarms to be informed to the manager.<br />
4. Host Monitors the hosts in the network.<br />
5. Host Top N Filters and manages the information of N hosts.<br />
6. Matrix Monitors the traffics between network nodes.<br />
7. Filter Monitors the specified packets on the network segment.<br />
8. Packet Capture<br />
Creates capture buffers and controls how the buffers are filled and how<br />
much of each packet is stored.<br />
9. Event Determines the action to take when an event is triggered by an alarm.<br />
Corecess <strong>5424</strong> User’s Guide
The Corecess <strong>5424</strong> supports the following four groups among the nine groups:<br />
1) Statistics (RMON group 1)<br />
Collects the number of packets/bytes, the number of broddcast/multicast packets, the<br />
number of collisions, the number of errors occurred (fragment, CRC, jabber, short-length,<br />
long-length) on an interface.<br />
2) History (RMON group 2)<br />
Collects a history group of statistics on Ethernet, Fast Ethernet, and Gigabit Ethernet<br />
interfaces for a specified polling interval<br />
3) Alarm (RMON group 3)<br />
Monitors a specific management information base (MIB) object for a specified interval,<br />
triggers an alarm at a specified value (rising threshold), and resets the alarm at another<br />
value (falling threshold). Alarms can be used with events; the alarm triggers an event,<br />
which can generate a log entry or an <strong>SNMP</strong> trap<br />
4) Event (RMON group 9)<br />
Determines the action to take when an event is triggered by an alarm. The action can be to<br />
generate a log entry or an <strong>SNMP</strong> trap.<br />
Configuring <strong>SNMP</strong> and RMON 8-19
Configuring RMON<br />
8-20<br />
Enabling RMON<br />
To enable RMON, perform this task in Privileged mode:<br />
| Table 8-14 Enabling RMON |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
snmp-server enable rmon 2. Enable the RMON on the Corecess <strong>5424</strong>.<br />
end 3. Return to Privileged mode.<br />
show snmp-server 4. Verify that RMON is enabled.<br />
This example shows how to enable the RMON on the Corecess <strong>5424</strong> and how to verify that<br />
RMON is enabled:<br />
# configure terminal<br />
(config)# snmp-server enable rmon<br />
(config)# end<br />
# show snmp-server<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
sysContact TEL:+82-2-3016-6900<br />
sysLocation Daechi-dong Seoul Korea<br />
...<br />
Corecess <strong>5424</strong> User’s Guide
Configuring Statistics Groups<br />
The RMON Statistics group records data that the Ethernet DCM measures on network<br />
interfaces. The Ethernet DCM creates one entry for each Ethernet interface it monitors and<br />
places the entry in the EtherStatsTable. The EtherStatsTable also contains control parameters<br />
for this group.<br />
To configure an RMON statistics group, use the following commands in Global configuration<br />
mode:<br />
| Table 8-15 Configuring RMON statistics group |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
rmon etherstats<br />
<br />
owner<br />
<br />
2. Set a statistics group.<br />
: RMON statistics group number (1 ~ 65535)<br />
: The data source object for the Ethernet port. The port is<br />
identified by an ifIndex data object identifier. To see a list of data<br />
object IDs, use the show interface command.<br />
owner : option for specifying an owner who<br />
defined and is using the statistics resources<br />
end 3. Return to Privileged mode.<br />
show rmon 4. Verify the configuration.<br />
The following is an example of configuring a statistics group:<br />
Parameter Value<br />
Statistics group No. 1<br />
Interface ID 5<br />
Owner 172.1.1.1<br />
# configure terminal<br />
(config)# rmon etherstats 1 5 owner kd_hong<br />
(config)# end<br />
# show rmon<br />
RMON memory: 30%<br />
[statistics]<br />
etherStatsIndex etherStatsOwner etherStatsStatus<br />
------------------- ------------------- --------------------<br />
1 172.1.1.1 valid<br />
. . .<br />
Configuring <strong>SNMP</strong> and RMON 8-21
8-22<br />
Configuring History Groups<br />
The RMON History group contains a control and data collection function. The control<br />
function manages the periodic statistical sampling of data from networks and specifies control<br />
parameters, such as the frequency of data sampling, in the historyControlTable. The history<br />
function records periodic statistical samples from Ethernet networks, for example, interval<br />
start time and number of packets. This function places the statistical samples in the<br />
etherHistoryTable.<br />
You can configure the operation of the RMON history that periodically samples any Ethernet<br />
port for statistical data. All ports are preconfigured with histories for 30-second and 30-minute<br />
intervals, and 50 buckets with one sample per bucket. However, you can create additional<br />
histories for a specific port. This allows you to configure the time interval to take the sample<br />
and the number of samples you want to save.<br />
To configure an RMON history group, use the following commands in Global configuration<br />
mode:<br />
| Table 8-16 Configuring RMON history group |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
rmon historycontrol<br />
{ |<br />
<br />
/} owner<br />
<br />
<br />
<br />
end 3. Return to Privileged mode.<br />
show rmon 4. Verify the configuration.<br />
Corecess <strong>5424</strong> User’s Guide<br />
2. Set a history group.<br />
: RMON history number (1 ~ 65535)<br />
: Interface number (1 ~ 2147483647)<br />
: Port type (fastethernet, gigabitethern)<br />
/ : Slot number/port number<br />
: MIB object monitoring interval (1-2147483647 seconds)<br />
: The data source object for the Ethernet port. The port is<br />
identified by an ifIndex data object identifier. To see a list of data<br />
object IDs, use the show interface command.<br />
owner : option for specifying an owner who defined<br />
and is using the history resources<br />
: The bucket count for the interval (1 ~ 65535)<br />
: The time interval for the history (1 ~ 3600<br />
seconds)
The following is an example of configuring a history group:<br />
# configure terminal<br />
(config)# rmon historycontrol 1 gigabitethernet 1/1 owner aaa 50 30<br />
(config)# end<br />
# show rmon<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
[statistics]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
[history]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
.<br />
.<br />
#<br />
To display the detail information on a history group, enter the show rmon history<br />
command with the history number:<br />
# show rmon history 1<br />
Entry 1 is valid, and owned by aaa<br />
Monitors ifEntry.ifIndex.1 every 10 seconds<br />
Requested # of time intervals, is buckets, is 10<br />
Granted # of time intervals, is buckets, is 10<br />
Sample # 6878 began measuring at 1days 18h:5m:52s:44th(15155244)<br />
Received 0 octets, 0 packets,<br />
0 broadcast and 0 multicast packets,<br />
0 undersized and 0 oversized packets,<br />
0 fragments and 0 jabbers,<br />
0 CRC alignment errors and 0 collisions.<br />
# of dropped packet events is 0<br />
Network utilization is estimated at 0<br />
.<br />
.<br />
.<br />
Sample # 6887 began measuring at 1days 18h:7m:22s:44th(15164244)<br />
Configuring <strong>SNMP</strong> and RMON 8-23
8-24<br />
#<br />
Received 0 octets, 0 packets,<br />
0 broadcast and 0 multicast packets,<br />
0 undersized and 0 oversized packets,<br />
0 fragments and 0 jabbers,<br />
0 CRC alignment errors and 0 collisions.<br />
# of dropped packet events is 0<br />
Network utilization is estimated at 0<br />
To delete a history group, enter the no rmon historycontrol command in Global<br />
configuration mode:<br />
(config)# no rmon historycontrol 1<br />
(config)#<br />
Corecess <strong>5424</strong> User’s Guide
Configuring Alarm Groups<br />
The RMON Alarm group allows you to set an alarm threshold and a sampling interval to<br />
enable the RMON agent to generate alarms on any network segment it monitors. Alarm<br />
thresholds can be based on ‘absolute’ or ‘delta’ values so that you can be notified of rapid<br />
spikes or drops in a monitored value.<br />
Each alarm is linked to an event in the event group. An event defines an action that will be<br />
triggered when the alarm threshold is exceeded.<br />
The alarm group periodically takes statistical samples from variables and compares them to<br />
previously configured thresholds. The Alarm Table stores configuration entries that define a<br />
variable, a polling period, and threshold parameters. If the RMON agents determines that a<br />
sample crosses the threshold values, it generates an event. You can specify rising or falling<br />
thresholds, indicating network faults such as slow throughput or other network-related<br />
performance problems. You specify rising thresholds when you want to be notified that an<br />
alarm has risen above the threshold you specified. You specify falling thresholds when you<br />
want to be notified that the network is behaving normally again. For example, you might<br />
specify a falling threshold of 30 collisions per second to indicate a return to acceptable<br />
behavior.<br />
When you configure an alarm condition, you must define the following values:<br />
The monitoring interval over which data is sampled.<br />
The variable to be sampled.<br />
Rising and falling thresholds used to detect when network trouble starts and when it ends.<br />
The event that takes place when a rising threshold is crossed.<br />
The event that takes place when a falling threshold is crossed.<br />
An RMON event is the action that occurs when an associated RMON alarm is triggered. When<br />
an alarm event occurs, it can be configured to generate a log event, a trap to an <strong>SNMP</strong> network<br />
management station, or both. For information on viewing alarm events in log files.<br />
An RMON alarm allows you to monitor a MIB object for a desired transitory state. An alarm<br />
periodically takes samples of the object's value and compares them to the configured<br />
thresholds.<br />
Configuring <strong>SNMP</strong> and RMON 8-25
8-26<br />
RMON allows you to configure two types of sampling, absolute and delta:<br />
Absolute sampling compares the sample value directly to the threshold. This sampling is<br />
similar to a gauge, recording values that go up or down.<br />
Delta sampling subtracts the current sample value from the last sample taken, and then<br />
compares the difference to the threshold. This sampling is similar to a counter, recording a<br />
value that is constantly increasing.<br />
To set an RMON alarm, use the following commands in Privileged mode:<br />
|Table 8-12 Configuring RMON alarm group |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
rmon alarm <br />
{<br />
<br />
|}<br />
{delta | absolute}<br />
{rising | falling |<br />
both} threshold<br />
<br />
<br />
event-index owner<br />
<br />
Corecess <strong>5424</strong> User’s Guide<br />
2. Set an alarm on a MIB object.<br />
: Alarm number (1 ~ 65535)<br />
: MIB object monitoring interval (1-2147483647 seconds)<br />
: Value to monitor. Select one of the following values:<br />
- multicastPkts: The number of incoming multicast packets.<br />
- cRCAlignErrors: The number of incoming packets with CRC errors.<br />
- collisions: The number of times a collision occurs while the packet is<br />
received.<br />
- octets: The total number of incoming octets.<br />
- pkts: The total number of incoming packets.<br />
- broadcastPkts: The number of incoming broadcast packets<br />
- pkts256to511: The number of incoming packets 256 to 511 bytes in<br />
length.<br />
- pkts512to1023: The number of incoming packets 512 to 1023 bytes in<br />
length.<br />
- pkts1024to1518: The number of incoming packets 1024 to 1518 bytes<br />
in length.<br />
- pkts64: The number of incoming packets 64 bytes in length<br />
- pkts65to127: The number of incoming packets 65 to 127 bytes in<br />
length.<br />
- pkts128to255: The number of incoming packets 128 to 255 bytes in<br />
length.<br />
: The number of statistics group to get the<br />
selected value from option (0 ~ 65535).<br />
: OID number of the MIB object to monitor.<br />
absolute: Option for testing each MIB variable directly.<br />
delta: Option for testing the change between MIB variables<br />
rising: Option for triggering alarm when the monitored value<br />
exceeds the rising threshold<br />
falling: Option for triggering alarm when the monitored value<br />
exceeds the falling threshold<br />
rising_or_falling: Option for triggering alarm when the monitored<br />
value exceeds the rising or falling threshol
(Continued)<br />
Command Task<br />
end 2. Return to Privileged mode.<br />
show rmon 3. Verify the configuration.<br />
rising-threshold : Value at which the alarm is triggered (0<br />
~ 2147483647)<br />
falling-threshold : Value at which the alarm is reset (0 ~<br />
2147483647)<br />
rising-event-index : Event number to trigger<br />
when the rising threshold exceeds its limit. (0 ~ 65535)<br />
falling-event-index : Event number to trigger<br />
when the falling threshold exceeds its limit. (0 ~ 65535)<br />
owner : option for specifying an owner for the<br />
alarm.<br />
The following example shows how to configure RMON alarm group and check the result:<br />
# configure terminal<br />
(config)# rmon alarm 1 10 pkts 1 absolute both threshold 1000 100 event-index<br />
1 1 owner aaa<br />
(config)# end<br />
# show rmon<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
[statistics]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
[history]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
[alarm]<br />
index status sample<br />
----- -------------- -----------------------------<br />
1 valid etherStatsPkts.1<br />
[event]<br />
index status type<br />
----- -------------- ---------------<br />
10 valid logandtrap<br />
Configuring <strong>SNMP</strong> and RMON 8-27
8-28<br />
.<br />
.<br />
#<br />
Before configure RMON alarm group, you should verify that the statistics group<br />
() is defined. If you specify undefined statistics group, the ‘Can't fetch<br />
the MIB values’ message will be displayed:<br />
(config)# rmon alarm 2 20 pkts 10 absolute rising threshold 1000 100 eventindex<br />
1 1 owner kimka<br />
Can't fetch the MIB values<br />
(config)#<br />
To display the detail information on an alarm group, enter the show rmon alarm command<br />
with the alarm number:<br />
# show rmon alarm 1<br />
Alarm 1 is valid, owned by aaa<br />
Monitors etherStatsEntry.etherStatsPkts.1 every 10 seconds<br />
Taking absolute samples, last value was 0<br />
Rising threshold is 1000, assigned to event 1<br />
Falling threshold is 100, assigned to event 1<br />
On startup enable rising or falling alarm<br />
#<br />
To delete a RMON alarm group, enter the no rmon alarm command in Global configuration<br />
mode:<br />
(config)# no rmon alarm 1<br />
(config)#<br />
Corecess <strong>5424</strong> User’s Guide
Configuring Event Groups<br />
The RMON Event group allows for the generation of an <strong>SNMP</strong> trap, the generation of a log entry,<br />
or both, for any event you choose. An event can occur when the sample variable exceeds the<br />
alarm threshold or a channel match event generated. Traps can be delivered by the RMON<br />
agent to multiple management stations.<br />
In order for RMON to generate trap events, you must set up the <strong>SNMP</strong> managers table based<br />
on the <strong>SNMP</strong> community strings (for example, public) you are using with the network<br />
management application and the hosts on which you are running applications. If you fail to<br />
make these changes, the system will be unable to send trap events to the network<br />
management station.<br />
When you set up the <strong>SNMP</strong> managers table, you can use the <strong>SNMP</strong> community strings that<br />
the network management application uses and modify the trap receiving tables on the router<br />
to use these names. Or, you can configure the router to use specific <strong>SNMP</strong> community strings<br />
and modify the network management software to use these strings.<br />
To set an RMON event, use the following commands in Privileged mode:<br />
| Table 8-13 Configuring RMON event group |<br />
Command Task<br />
configure terminal 1. Enter Global configuration mode.<br />
rmon event <br />
description <br />
{trap |<br />
log } owner <br />
end 3. Return to Privileged mode.<br />
show rmon 4. Verify the configuration.<br />
2 Add or remove an event in the RMON event table.<br />
: Assigned event number (1 ~ 65535).<br />
description : A description of the event.<br />
log: Option for generating an RMON log entry when the event is<br />
triggered<br />
trap : Option for generating <strong>SNMP</strong> trap with the<br />
community string when the event occurs.<br />
owner : Option for specifying an owner for the event.<br />
Configuring <strong>SNMP</strong> and RMON 8-29
8-30<br />
This example shows how to configure an event group on the Corecess <strong>5424</strong> and how to verify<br />
that they are configured:<br />
Parameter Value<br />
Event index 10<br />
Event description Event to create log entry and <strong>SNMP</strong> notification<br />
Event type log, trap<br />
Community public<br />
Owner help_desk<br />
# configure terminal<br />
(config)# rmon event 10 description “Event to create log entry and <strong>SNMP</strong><br />
notification” log trap public owner help_desk<br />
(config)# end<br />
# show rmon<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
[statistics]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
2 valid ifIndex.3 (Fa 3/1)<br />
[history]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
[alarm]<br />
index status sample<br />
----- -------------- -----------------------------<br />
[event]<br />
index status type<br />
----- -------------- ---------------<br />
10<br />
.<br />
.<br />
#<br />
valid logandtrap<br />
Corecess <strong>5424</strong> User’s Guide
To display the detail information on an event group, enter the show rmon events<br />
command with the event number:<br />
# show rmon events 1<br />
# show rmon events 10<br />
Event 10 is valid, owned by help_desk<br />
Description is Event to create log entry and <strong>SNMP</strong> notification<br />
Event firing causes log and trap to community public<br />
last fired 0days 00:00:00:00<br />
Event 2 is valid, owned by 172.1.1.1<br />
Description is High_trap<br />
Event firing causes trap to community corecess<br />
last fired 0days 0h:0m:30s:73th(3073)<br />
Event 10 is valid, owned by help_desk<br />
Description is Event to create log entry and <strong>SNMP</strong> notification<br />
Event firing causes log and trap to community public<br />
last fired 0days 00:00:00:00<br />
#<br />
To delete an event group, enter the no rmon event command in Global configuration mode:<br />
(config)# no rmon event 10<br />
(config)#<br />
Configuring <strong>SNMP</strong> and RMON 8-31
Displaying RMON Information<br />
8-32<br />
To display the current RMON configuration, enter the show rmon command in Privileged<br />
mode. You can execute the show rmon command with the following options:<br />
alarm Displays the RMON alarm table.<br />
events Displays the RMON event table.<br />
history Displays the RMON history table.<br />
statistics Displays the RMON statistics table.<br />
If you do not specify any option, the contents of the RMON alarm table, event table, history table, and<br />
statistics table are displayed. The following is a sample output of the show rmon command:<br />
# show rmon<br />
RMON: Enabled<br />
Extended RMON: Extended RMON module is not present<br />
[statistics]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
[history]<br />
index status dataSource<br />
----- -------------- -----------------------------<br />
1 valid ifIndex.1 (Gi 1/1)<br />
[alarm]<br />
index status sample<br />
----- -------------- -----------------------------<br />
1 valid etherStatsPkts.1<br />
[event]<br />
index status type<br />
----- -------------- ---------------<br />
10<br />
#<br />
valid logandtrap<br />
Corecess <strong>5424</strong> User’s Guide
The table below describes the fields in the show rmon command output:<br />
| Table 8-18 show rmon field descriptions |<br />
Field Description<br />
RMON Running status of the RMON.<br />
statistics<br />
history<br />
alarm<br />
event<br />
Index Index of the RMON statistics entry into the statisticsTable.<br />
Status Status of the RMON statistics entry.<br />
dataSource Data source of the RMON statistics entry.<br />
Index Index of the RMON history entry into the historyTable.<br />
Status Status of the RMON history entry.<br />
dataSource Data source of the RMON history entry.<br />
Index Index of the RMON alarm entry into the alarmTable.<br />
Status The owner of the RMON alarm entry.<br />
Sample Data source of the RMON alarm entry.<br />
Index Index of the RMON event entry into the eventTable.<br />
Status Status of the RMON event entry.<br />
Type Type of event.<br />
Configuring <strong>SNMP</strong> and RMON 8-33
<strong>SNMP</strong> and RMON Configuration Commands<br />
8-34<br />
The table below shows the list of <strong>SNMP</strong> and RMON configuration commands and their<br />
functions.<br />
| Table 8-14 <strong>SNMP</strong> & RMON Configuration Commands |<br />
Command Function<br />
show snmp-server Displays <strong>SNMP</strong> parameters.<br />
show snmp-server community-list Displays <strong>SNMP</strong> community configuration.<br />
show snmp-server statistics Displays <strong>SNMP</strong> statistics.<br />
show snmp-server traphost Displays the list of the trap receiver hosts.<br />
show rmon<br />
Corecess <strong>5424</strong> User’s Guide<br />
Displays the contents of the RMON alarm table, event table,<br />
history table, and statistics table.<br />
snmp-server community Configures the <strong>SNMP</strong> community strings.<br />
snmp-server contact Specifies the system contact information.<br />
snmp-server enable rmon Enables the RMON.<br />
snmp-server enable traps Enables a <strong>SNMP</strong> trap.<br />
snmp-server group access<br />
Limits hosts which can access to the system through <strong>SNMP</strong> based<br />
on the access list.<br />
snmp-server host Specifies hosts to receive <strong>SNMP</strong> notifications.<br />
snmp-server location Specifies the system location information..<br />
rmon alarm Configure an RMON alarm group.<br />
rmon etherstats Configures an RMON statistics group.<br />
rmon event Configures an RMON event group.<br />
rmon historycontrol Configures an RMON history group.