In this lesson we’ll take a look at a simple RMON configuration where we want to receive a SNMP trap when we receive more than 200 unicast packets and also when we receive less than 10 unicast packets. When this occurs we will send a SNMP trap to a SNMP server. I will be using the following topology for this:
Just two routers…I will configure R1 to use RMON and we’ll use R2 to generate traffic so that we can test things.
Configuration
First i’ll configure a SNMP server that should receive the SNMP trap, there is none in this example but it doesn’t matter:
R1(config)#snmp-server host 192.168.12.254 MYTRAPS
I’ll use a community called “MYTRAPS”. We can use the “ifInUcastPkts” MIB to track the number of unicast packets but we need to check the interface number:
R1#show snmp mib ifmib ifindex
FastEthernet0/0: Ifindex = 1
Null0: Ifindex = 4
VoIP-Null0: Ifindex = 3
FastEthernet0/1: Ifindex = 2
I want to monitor the FastEthernet0/0 interface as its connected to R2. Now we can create an alarm:
R1(config)#rmon alarm 1 ifInUcastPkts.1 10 delta rising-threshold 200 1 falling-threshold 10 2
The command above requires some explanation:
- First we create an alarm called “alarm 1”.
- Secondly I’m refering to MIB object ifInUcastPkts.1 where the .1 is the FastEthernet0/0 interface.
- The “10” means that the sampling interval is 10 seconds.
- Delta means we use “delta” sampling instead of “absolute” sampling. If you don’t know the difference take a look at my delta vs absolute lesson.
- The rising-threshold is set to 200 packets and when this occurs, it will launch “event 1”.
- The falling-threshold is set to 10 packets and when this occurs, it will launch “event 2”.
With the alarm in place we can configure the events that should occur when the thresholds are met:
R1(config)#rmon event 1 trap MYTRAP description "Above 200"
R1(config)#rmon event 2 trap MYTRAP description "Below 10"
The first event will generate a SNMP trap with description “Above 200” and the second event will generate a SNMP trap that says “Below 10”.
Verification
Let’s see if our configuration is working…
R2#ping 192.168.12.1 repeat 10000 timeout 0
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.12.1, timeout is 0 seconds:
......................................................................
I’ll send some quick pings from R2 towards R1. This is what you will see on R1:
R1#
%RMON-5-RISINGTRAP: Rising trap is generated because the value of ifInUcastPkts.1 exceeded the rising-threshold value 200
As you can see it’s sending a trap because it’s receiving more than 200 packets. Once the pings stop and we don’t receive any more traffic you will see another message on R1:
R1#
%RMON-5-FALLINGTRAP: Falling trap is generated because the value of ifInUcastPkts.1 has fallen below the falling-threshold value 10Show commands
There’s also a number of show commands you can use to check your configuration:
R1#show snmp host
Notification host: 192.168.12.254 udp-port: 162 type: trap
user: MYTRAPS security model: v1
Use show snmp host to check your SNMP configuration, this reveals the IP address, community-string and SNMP version.
R1#show rmon alarms
Alarm 1 is active, owned by config
Monitors ifInUcastPkts.1 every 10 second(s)
Taking delta samples, last value was 0
Rising threshold is 200, assigned to event 1
Falling threshold is 10, assigned to event 2
On startup enable rising or falling alarm
Above you can see the RMON alarm that we configured.
R1#show rmon events
Event 1 is active, owned by config
Description is Above 200
Event firing causes trap to community MYTRAP,
last event fired at 0y0w0d,00:33:40,
Current uptime 0y0w0d,00:44:19
Event 2 is active, owned by config
Description is Below 10
Event firing causes trap to community MYTRAP,
last event fired at 0y0w0d,00:33:50,
Current uptime 0y0w0d,00:44:19
And an overview with the events that we are using. I hope this simple example helps you to understand RMON, if you have any questions feel free to ask.
No comments:
Post a Comment