Downloads |
Table Of Contents
Prerequisites for Configuring RMON Support
Restrictions for Configuring RMON Support
Information About Configuring RMON Support
RMON Event and Alarm Notifications
Configuring RMON Event and Alarm Notifications
Configuration Examples for RMON Support
Configuring RMON Event and Alarm Notifications: Example
Configuring RMON Tables: Example
Feature Information for Configuring RMON Support
Configuring RMON Support
First Published: July 27, 1999Last Updated: November 20, 2009This module describes the Remote Monitoring (RMON) MIB agent specification and its usage in conjunction with Simple Network Management Protocol (SNMP) to monitor traffic using alarms and events.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring RMON Support" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Configuring RMON Support
•
•
•
•
•
Prerequisites for Configuring RMON Support
•
•
Restrictions for Configuring RMON Support
•
•
Information About Configuring RMON Support
To configure RMON, you need to understand the following concepts:
•
RMON Overview
RMON is a standard monitoring specification that enables various network monitors and console systems to exchange network-monitoring data. RMON provides network administrators with more flexibility in selecting network-monitoring probes and consoles with features that meet their particular networking needs.
The RMON specification defines a set of statistics and functions that can be exchanged between RMON-compliant console managers and network probes. RMON provides network administrators with comprehensive network-fault diagnosis, planning, and performance-tuning information.
The RMON feature identifies activity on individual nodes and allows you to monitor all nodes and their interaction on a LAN segment. Used in conjunction with the SNMP agent in a router, RMON allows you to view both traffic that flows through the router and segment traffic that is not necessarily destined for the router. Combining RMON alarms and events (classes of messages that indicate traffic violations and various unusual occurrences over a network) with existing MIBs allows you to choose where proactive monitoring will occur.
RMON Groups
RMON delivers information in RMON groups of monitoring elements, each providing specific sets of data to meet common network-monitoring requirements. Each group is optional so that you do not need to support all the groups within the Management Information Base (MIB). Some RMON groups require support of other RMON groups to function properly.
Table 1 summarizes the nine monitoring groups specified in the RFC 1757 Ethernet RMON MIB. For more information on gathering RMON statistics for these data types, refer to "Configuring RMON Groups" section.
Note
RMON Event and Alarm Notifications
Thresholds allow you to minimize the number of notifications sent on the network. The RMON MIB defines two traps, the risingAlarm trap which is the rising-threshold value and fallingAlarm trap which is the falling-threshold value. Alarms are triggered when a problem exceeds a set rising-threshold value. No alarm notifications are sent until the agent recovers, as defined by the falling-threshold value. This means that notifications are not sent each time a minor failure or recovery occurs.
You can set an RMON alarm on any MIB object in the access server. You cannot disable all the alarms you configure at once. The delta value tests the change between MIB variables, which affects the alarmSampleType in the alarmTable of the RMON MIB. The absolute value tests each MIB variable directly, which affects the alarmSampleType in the alarmTable of the RMON MIB.
Refer to RFC 1757 to learn more about alarms and events and how they interact with each other.
RMON MIB
RMON MIB supports for polling of 64 bit counters and includes the following features:
•
•
In Cisco IOS Release 12.1, the RMON agent was rewritten to improve performance and add some new features. Table 3 highlights some of the improvements implemented.
HC Alarm MIB
The high-capacity (HC) Alarm MIB, which is an extension of RMON Alarm group table objects, supports polling of RMON variables up to 64 bit values. The HC-ALARM-MIB defines two traps, the hcRisingAlarm which provides the rising-threshold value and hcFallingAlarm which provides the falling-threshold value.
Refer to RFC 3434 to learn more about HC alarms.
How to Configure RMON Support
The tasks in the following sections explain how to configure RMON support:
•
•
•
Configuring RMON
This task explains how to configure RMON and RMON queue size. In native mode, RMON monitors only those packets that are received by the interface. In promiscuous mode, RMON monitors all packets on the LAN segment.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Configuring RMON Event and Alarm Notifications
The following tasks describe how to configure RMON event and alarm notifications.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
Configuring RMON Groups
The following tasks explain how to configure RMON groups by gathering RMON statistics for data types.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
DETAILED STEPS
Configuration Examples for RMON Support
This section provides the following examples:
•
•
Configuring RMON: Example
The following example shows how to configure RMON with a queuesize of 100 packets in promiscuous mode:
Router> enableRouter# configure terminalRouter(config)# interface fastethernet 0/0Router(config-if)# rmon promiscuousRouter(config-if)# exitRouter(config)# rmon queuesize 100The following is a sample output from the show rmon command. All counters are from the time the router was initialized:
Router# show rmon145678 packets input (34562 promiscuous), 0 drops145678 packets processed, 0 on queue, queue utilization 15/100Configuring RMON Event and Alarm Notifications: Example
The following example shows how to enable the rmon event global configuration command:
Router> enableRouter# configure terminalRouter(config)# rmon event 1 log trap eventtrap description "High ifOutErrors" owner owner_aThis example creates RMON event number 1, which is defined as High ifOutErrors, and generates a log entry when the event is triggered by an alarm. The user owner_a owns the row that is created in the event table by this command. This example also generates an SNMP trap when the event is triggered.
The following is a sample output from the show rmon events command:
Router# show rmon eventsEvent 1 is active, owned by owner_aDescription is High ifOutErrorsEvent firing causes log and trap to community rmonTrap, last fired 00:00:00The following example shows how to configure an RMON alarm using the rmon alarm global configuration command:
Router> enableRouter# configure terminalRouter(config)# rmon alarm 10 ifEntry.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner owner_aThis example configures RMON alarm number 10. The alarm monitors the MIB variable ifEntry.20.1 once every 20 seconds until the alarm is disabled, and checks the change in the rise or fall of the variable. If the ifEntry.20.1 value shows a MIB counter increase of 15 or more, such as from 100000 to 100015, the alarm is triggered. The alarm in turn triggers event number 1, which is configured with the rmon event command. Possible events include a log entry or an SNMP trap. If the ifEntry.20.1 value changes by 0, the alarm is reset and can be triggered again.
The following is sample output from the show rmon alarms command
Router# show rmon alarmsAlarm 2 is active, owned by owner_aMonitors ifEntry.20.1.20 every 20 secondsTaking delta samples, last value was 0Rising threshold is 15, assigned to event 12Falling threshold is 0, assigned to event 0On startup enable rising or falling alarmThe following example shows how to configure an RMON HC alarm using the rmon hc-alarms global configuration command:
Router> enableRouter# configure terminalRouter(config)# rmon hc-alarms 2 ifInOctets.2 20 delta rising-threshold 2000 2 falling-threshold 1000 1 owner ownThis example configures RMON HC alarm number 2. The alarm monitors the MIB variable ifInOctets.2 once every 20 seconds until the alarm is disabled, and checks the change in the rise or fall of the variable. If the ifInOctets.2 value shows a MIB counter increase of 2000 or more, such as from 100000 to 100015, the alarm is triggered. The alarm in turn triggers event number 2, which is configured with the rmon event command. Possible events include a log entry or a Simple Network Management Protocol (SNMP) trap. If the ifInOctets.2 value changes by 1000 (falling threshold is 1000), the alarm is reset and can be triggered again.
To display the contents of the RMON HC alarm table of the router, use the show rmon hc-alarms command in privileged EXEC mode. The following is sample output:Router# show rmon hc-alarmsRouter#show rmon hc-alarmsMonitors ifInOctets.1 every 20 second(s)Taking absolute samples, last value was 0Rising threshold Low is 4096, Rising threshold Hi is 0,assigned to event 0Falling threshold Low is 1280, Falling threshold Hi is 0,assigned to event 0On startup enable rising or falling alarmConfiguring RMON Tables: Example
The following example shows how to enable the RMON collection matrix group of statistics with an ID number of 25 and specifies john as the owner:
Router> enableRouter# configure terminalRouter(config)# interface fastethernet 0/0Router(config-if)# rmon collection matrix controlEntry 25 owner johnTo view values associated with RMON variables, enter the show rmon matrix privileged EXEC command (Cisco 2500 series routers and Cisco AS5200 access servers only). The following is a sample output:
Router# show rmon matrixMatrix 1 is active and owned by johnMonitors controlEntryTable size is 25, last time an entry was deleted was at 11:18:09Source addr is 0000.0c47.007b, dest addr is ffff.ffff.ffffTransmitted 2 pkts, 128 octets, 0 errorsSource addr is 0000.92a8.319e, dest addr is 0060.5c86.5b82Transmitted 2 pkts, 384 octets, 1 errorAdditional References
The following sections provide references related to the Configuring RMON Support feature.
Related Documents
Cisco IOS commands
CNS commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples
Standards
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
MIBs
•
•
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
RFCs
Technical Assistance
Feature Information for Configuring RMON Support
Table 4 lists the release history for this feature and provides links to specific configuration information.
For information on a feature in this technology that is not documented here, see the Configuring RMON Features Roadmap.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 4 Feature Information for Configuring RMON Support
RMON Full
11.2
The RMON Full feature identifies activity on individual nodes and helps monitor all nodes and their interaction on a LAN segment. Used in conjunction with the SNMP agent in a router, RMON can be used to view both traffic that flows through the router and segment traffic not necessarily destined for the router.
The following sections provide information about this feature:
•
RMON Events and Alarms
11.2
Cisco IOS XE Release 2.1The RMON Events and Alarms feature introduces the ability to combine RMON alarms and events (classes of messages that indicate traffic violations and various unusual occurrences over a network) with existing MIBs allows you to choose where proactive monitoring will occur.
In Cisco IOS XE Release 2.1, this feature was introduced on Cisco ASR 1000 series routers.
The following sections provide information about this feature:
•
•
The following commands were introduced: rmon alarm, rmon event, rmon queuesize.
Remote Monitoring MIB Update
12.0(5)T
The RMON Rewrite feature updated the Remote Monitoring MIB to improve performance and available features.
The following sections provide information about this feature:
•
The following commands were introduced: rmon capture-userdata, rmon collection history, rmon collection host, rmon collection matrix, rmon collection rmon1, show rmon capture, show rmon filter, show rmon hosts, show rmon matrix.
HC Alarm MIB
12.2(33)SXI
12.2(1st)SREThe HC Alarm MIB feature provides an extension to the RMON-1 Alarm group table objects which was used to support counter 32 objects for threshold capabilities. The HC Alarm MIB adds support to threshold capabilities for counter 64 objects.
The following sections provide information about this feature:
•
The following commands were introduced: rmon hc-alarms, show rmon hc-alarms.
RMON MIB enhancement to support 64 bit counters
12.2(33)SXI
12.2(1st)SRERMON MIB enhancement to support 64 bit counters features provides support for the ability to poll 64 bit counters.
The following section provides information about this feature:
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 1999-2009 Cisco Systems, Inc. All rights reserved.
