Monitoring Network Activity

Introduction

The DIGITAL GS2000 line card provides an RMON agent for monitoring network activity: This feature allows you to configure the GS2000 so that it independently monitors its own MIB variables and network traffic.

About the GS2000 RMON Agent

The GS2000 Remote Network Monitoring (RMON) agent allows you to configure the line card so that it independently monitors its own MIB variables and network traffic. The GS2000 RMON agent supports the Alarm and Event MIB groups and adheres to RMON MIB RFC 1757 for Ethernet objects.

RMON Alarm and Event Groups

The alarm group allows you to configure the GS2000 so that it monitors its own MIB variables. If the value of a monitored variable crosses its configured thresholds, the RMON agent generates an event. The event group associates an event with a set of actions. Two actions are defined: generate an SNMP trap message and add an entry to the event group log table.

You can configure alarms and events from a network management application, such as a MIB browser, that uses SNMP. You can also use the GS2000 CLI to read and write MIB variables in the alarm and event groups.

You can separately configure the Event Logging System (ELS) to generate an ELS event whenever an alarm generates an RMON event. Otherwise, the RMON event group and ELS are independent of each other.

Alarms and events are stored in NVRAM (nonvolatile RAM) memory and are preserved if you power cycle the GS2000. You can delete individual table entries by using the RMON CLI delete command or you can use SNMP to set the table entry status to invalid. You can also use the clear RMON command from the Config prompt to delete all RMON table entries.

If you use SNMP to create, delete, or modify alarm and event table rows, you must follow the conventions for EntryStatus as specified in the RMON MIB (RFC 1757). You are not required to follow the EntryStatus conventions when you configure alarm and event table rows from the CLI.

The CLI correctly transitions row status.

The number of alarm and event table entries is limited to 256.

You cannot write more than one alarm table or event table row at a time in a single SNMP set PDU (Protocol Data Unit). If you do not specify all the values for a row in a set PDU, the default values specified in Table 13-1 and Table 13-2 are used. The CLI uses these default values only the first time you enter an alarm or event from the CLI. Then the CLI uses the values you last entered as a default.

Table 13-1 shows the variables and the default values for the set alarm command.

Table 13-1: RMON Set Alarm Command Parameters

Alarm Variable

Default Value

Alarm Index

1

Alarm Status

valid

Alarm Interval

1

Alarm Variable

[0.0]

Alarm Sample Type

deltaValue

Alarm Value

0

Startup Alarm

risingOrFallingAlarm

Rising Alarm Threshold

0

Falling Alarm Threshold

0

Rising Event Index

0

Falling Event Index

0

Alarm Owner

Null string

Alarm Description

Null string

Table 13-2 shows the variables and the default values for the set event command.

Table 13-2: RMON Set Event Command Parameters

Event Variable

Default Value

Event Index

1

Event Status

valid

Event Description

Null string

Event Type

log-and-trap

Event Community

Null string

Event Owner

Null string

RMON Command Line Interface

You can configure RMON alarms and events from a network management application, such as a MIB browser, that uses SNMP. You can also use the GS2000 CLI to read and write MIB variables in the alarm and event groups.

Accessing the RMON Configuration Process

To access the RMON configuration process using the CLI, perform the following steps:

Step Action

1

From the Main prompt (Main>), enter the following command:
Main> config
The Config> prompt is displayed.

2

At the Config> prompt, enter the following command:
Config> rmon

3

Press Return. The following prompt is displayed:
RMON Config>

Once you have entered the RMON configuration process, you can execute the commands in Table 13-3.

Table 13-3: RMON Configuration Commands

Command

Command Parameters

add

alarm
event

set

alarm
event
log-table-max

delete

alarm
event
log

list

alarm
all
event
log

Accessing the RMON Monitor Process

To access the RMON monitor process through SNMP, perform the following steps:

Step Action

1

From the Main prompt (Main>), enter the following command:
Main> monitor
The Monitor> prompt is displayed.

2

At the Monitor> prompt, enter the following command:
Monitor>rmon

3

Press Return. The following prompt is displayed:
RMON user console
RMON>

Once you have entered the RMON monitor process, you can execute the commands in Table 13-4.

Table 13-4: RMON Monitor Commands

Command Type

Command Parameters

delete

log table

list

alarm
all
event
log

exit

 

Clearing RMON Configuration Information

To clear all configuration information for RMON, perform the following steps:

Step Action
1 From the Main prompt (Main>), enter the following command:

Main> config

The Config> prompt is displayed.

2 At the Config> prompt, enter the following command:

Monitor>clear rmon

3 Press Return. The following message is displayed:

You are about to clear all RMON configuration information

*** WARNING *** This will invoke an automatic RESTART

Are you sure you want to do this (Yes or [No]):

4 If you are certain you want to clear the information, enter Yes.

RMON Example

The following sections provide a configuration example. In this example, whenever the number of received SNMP packets increases, the GS2000 generates a risingAlarm trap to the community rmon-trap that has an IP address of 16.20.48.46.

Configuring an SNMP Community

The following procedure describes how to configure SNMP with a new community named rmon-trap with an IP address of 16.20.48.46:

Step Action

1

At the Config> prompt, enter snmp.
SNMP Config> add comm rmon-trap
SNMP Config> add addr rmon-trap
IP address [0.0.0.0]? 16.20.48.46
IP Mask [255.255.255.255]?

2

Press Return. The SNMP community rmon-trap is now configured.

Configuring an RMON Trap

The following sections describe how to configure RMON so that it generates a rising alarm trap if the MIB variable snmpInPkts.0 (oid 1.3.6.1.2.1.11.1.0) increases by more than zero over a 1-second interval. This is accomplished by creating an event entry and an alarm entry.

Creating an Event Entry

To create an event entry with an event type snmp-trap and an event community rmon-trap, perform the following steps:

Step Action

1

At the Config> prompt, enter rmon.

2

At the RMON Config> prompt, enter add event.

3

Enter the event description, type, community, and owner.
Event Description []?
Enter the ascii string for event description and press Return.
Event Type [log-and-trap]? snmp-trap.
Enter the trap type and press Return.
Event Community []? rmon-trap
Event Owner []? Enter the ascii string for the event owner and press Return.

4

Press Return. The following is displayed:
Creating Event with index n
The RMON event entry is complete.

Creating an Alarm Entry

To create an alarm entry for the above event entry, perform the following steps:

Step Action

1

At the RMON Config> prompt, enter add alarm.
Enter the alarm values and descriptions as requested by the prompts.
Alarm Interval [1]?
Alarm Variable []? 1.3.6.1.2.1.11.1.0
Alarm Sample Type [deltaValue]?
Startup Alarm [risingOrFallingAlarm]? risingalarm
Rising Alarm Threshold [0]? 1
Falling Alarm Threshold [0]?
Rising Event Index [0]? n (Use the value from the add event entry.)
Falling Event Index [0]?
Alarm Owner []?
Alarm Description []?

2

Press Return. The following is displayed:
Creating Alarm with index n
The RMON alarm entry is complete.

Summary

In the RMON example, whenever the GS2000 receives an SNMP request (snmpInPkts.0 increases by 1 or more), it sends an RMON risingAlarm trap.