Configuring SNMP & RMON

CHAPTERS

1. SNMP

2. SNMP Configurations

3. Notification Configurations

4. RMON

5. RMON Configurations

6. Configuration Example

7. Appendix: Default Parameters

This guide applies to:

T1500G-8T v2 or above, T1500G-10PS v2 or above, T1500G-10MPS v2 or above, T1500-28PCT v3 or above, T1600G-18TS v2 or above, T1600G-28TS v3 or above, T1600G-28PS v3 or above, T1600G-52TS v3 or above, T1600G-52PS v3 or above, T1700X-16TS v3 or above, T1700G-28TQ v3 or above, T2500G-10TS v2 or above, T2600G-18TS v2 or above, T2600G-28TS v3 or above, T2600G-28MPS v3 or above, T2600G-28SQ v1 or above, T2600G-52TS v3 or above.

1SNMP

1.1Overview

SNMP (Simple Network Management Protocol) is a standard network management protocol, widely used on TCP/IP networks. It facilitates device management using NMS (Network Management System) applications. With SNMP, network managers can view or modify the information of network devices, and timely troubleshoot according to notifications sent by those devices.

As the following figure shows, the SNMP system consists of an SNMP manager, an SNMP agent, and a MIB (Management Information Base).

The SNMP manager is a host that runs NMS applications. The agent and MIB reside on the managed device, such as the switch, router, host or printer. By configuring SNMP on the switch, you define the relationship between the manager and the agent.

Figure 1-1 SNMP System

1.2Basic Concepts

The following basic concepts of SNMP will be introduced: SNMP manager, SNMP agent, MIB (Management Information Base), SNMP entity, SNMP engine, Notification types and SNMP version.

SNMP Manager

The SNMP manager uses SNMP to monitor and control SNMP agents, providing a friendly management interface for the administrator to manage network devices conveniently. It can get values of MIB objects from an agent or set values for them. Also, it receives notifications from the agents so as to learn the condition of the network.

SNMP Agent

An SNMP agent is a process running on the managed device. It contains MIB objects whose values can be requested or set by the SNMP manager. An agent can send unsolicited trap messages to notify the SNMP manager that a significant event has occurred on the agent.

MIB

A MIB is a collection of managed objects that is organized hierarchically. The objects define the attributes of the managed device, including the names, status, access rights, and data types. Each object can be addressed through an object identifier (OID).

As the following figure shows, the MIB hierarchy can be depicted as a tree with a nameless root, the levels of which are assigned by different organizations. The top-level MIB object IDs belong to different standard organizations, while lower-level object IDs are allocated by associated organizations. Vendors can define private branches that include managed objects for their own products.

Figure 1-2 MIB Tree

TP-Link switches provide private MIBs that can be identified by the OID 1.3.6.1.4.1.11863. The MIB file can be found on the provided CD or in the download center of our official website: https://www.tp-link.com/download-center.html.

Also, TP-Link switches support the following public MIBs:

LLDP.mib

LLDP-Ext-Dot1.mib

LLDP-Ext-MED.mib

RFC1213.mib

RFC1493-Bridge.mib

RFC1757-RMON.mib

RFC2618-RADIUS-Auth-Client.mib

RFC2620-RADIUS-Acc-Client.mib

RFC2674-pBridge.mib

RFC2674-qBridge.mib

RFC2863-pBridge.mib

RFC2925-Disman-Ping.mib

RFC2925-Disman-Traceroute.mib

For detail information about the supported public MIBs, see Supported Public MIBs for TP-Link Switches.

SNMP Entity

An SNMP entity is a device running the SNMP protocol. Both the SNMP manager and SNMP agent are SNMP entities.

SNMP Engine

An SNMP engine is a part of the SNMP entity. Every SNMP entity has one and only one engine. An SNMP engine provides services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

An SNMP engine can be uniquely identified by an engine ID within an administrative domain. Since there is a one-to-one association between SNMP engines and SNMP entities, we can also use the engine ID to uniquely identify the SNMP entity within that administrative domain.

Notification Types

Notifications are messages that the switch sends to the NMS host when important events occur. Notifications facilitate the monitoring and management of the NMS. There are two types of notifications:

Trap: When the NMS host receives a Trap message, it will not send a response to the switch. Thus the switch cannot tell whether a message is received or not, and the messages that are not received will not be resent.

Inform: When the NMS host receives an Inform message, it sends a response to the switch. If the switch does not receive any response within the timeout interval, it will resend the Inform message. Therefore, Inform is more reliable than Trap.

SNMP Version

The device supports three SNMP versions with the security level from low to high: SNMPv1, SNMPv2c and SNMPv3. Table 1-1 lists features supported by different SNMP versions, and Table 1-2 shows corresponding application scenarios.

Table 1-1Features Supported by Different SNMP Versions

Feature

SNMPv1

SNMPv2c

SNMPv3

Access Control

Based on SNMP Community and MIB View

Based on SNMP Community and MIB View

Based on SNMP User, Group, and MIB View

Authentication and Privacy

Based on Community Name

Based on Community Name

Supported authentication and privacy modes are as follows:

Authentication: MD5/SHA Privacy: DES

Trap

Supported

Supported

Supported

Inform

Not supported

Supported

Supported

Table 1-2Application Scenarios of Different Versions

Version

Application Scenario

SNMPv1

SNMPv1 is applicable to small-scale networks with simple networking, good stability and low security requirements, such as campus networks and small enterprise networks.

SNMPv2c

SNMPv2c is applicable to medium and large-scale networks with low security requirements (or are already secure enough like VPN networks) and heavy traffic. The added feature Inform helps to ensure that the notifications from the switch are received by the NMS host even when network congestion occurs.

SNMPv3

SNMPv3 is applicable to networks of various scales, particularly those that have high security requirements and require devices to be managed by authenticated administrators (such as when data needs to be transferred on public networks).

2SNMP Configurations

To complete the SNMP configuration, choose an SNMP version according to network requirements and supportability of the NMS application, and then follow these steps:

Choose SNMPv1 or SNMPv2c

1)Enable SNMP.

2)Create an SNMP view for managed objects.

3)Create a community, specify the accessible view and the corresponding access rights.

Choose SNMPv3

1)Enable SNMP.

2)Create an SNMP view for managed objects.

3)Create an SNMP group, and specify the security level and accessible view.

4)Create SNMP users, and configure the authentication mode, privacy mode and corresponding passwords.

2.1Using the GUI

2.1.1Enabling SNMP

Choose the MAINTENANCE > SNMP > Global Config to load the following page.

Figure 2-1 Configuring Global Parameters

Follow these steps to configure SNMP globally:

1)In the Global Config section, enable SNMP and configure the local and remote engine ID.

SNMP

Enable or disable SNMP globally.

Local Engine ID

Set the engine ID of the local SNMP agent (the switch) with 10 to 64 hexadecimal digits. A valid engine ID must contain an even number of characters. By default, the switch generates the engine ID using TP-Link’s enterprise number (80002e5703) and its own MAC address.

The local engine ID is a unique alphanumeric string used to identify the SNMP engine. As an SNMP agent contains only one SNMP engine, the local engine ID can uniquely identify the SNMP agent.

Remote Engine ID

Set the engine ID of the remote SNMP manager with 10 to 64 hexadecimal digits. A valid engine ID must contain an even number of characters. If no remote SNMP manager is needed, you can leave this field empty.

The remote engine ID is a unique alphanumeric string. It is used to identify the SNMP engine on the remote device that receives Inform messages from the switch.

2)Click Apply.

Note:

In SNMPv3, changing the value of the SNMP engine ID has important side effects. A user’s password is converted to an MD5 or SHA security digest based on the password itself and the engine ID. If the value of local engine ID changes, the switch will automatically delete all SNMPv3 local users as their security digests become invalid. Similarly, all SNMPv3 remote users will be deleted if the value of remote engine ID changes.

2.1.2Creating an SNMP View

An SNMP view is a subnet of a MIB. NMS manages MIB objects based on the view. The system has a default view named viewDefault. You can create a new one or edit the default view according to your needs.

Choose the menu MAINTENANCE > SNMP > Global Config to load the following page.

Figure 2-2 SNMP View Config

Follow these steps to create an SNMP view:

1)Click to load the following page. Enter a view name, and specify the view type and a MIB object ID that is related to the view.

Figure 2-3 Creating an SNMP View

View Name

Set the view name with 1 to 16 characters. A complete view consists of all MIB objects that have the same view name.

View Type

Set the view to include or exclude the related MIB object.

Include: The NMS can view or manage the function indicated by the object.

Exclude: The NMS cannot view or manage the function indicated by the object.

MIB Object ID

Enter a MIB Object ID to specify a specific function of the device. When a MIB Object ID is specified, all its child Object IDs are specified. For specific ID rules, refer to the device related MIBs.

2)Click Create.

2.1.3Creating SNMP Communities (For SNMP v1/v2c)

Choose the menu MAINTENANCE > SNMP > SNMP v1/v2c and click to load the following page.

Figure 2-4 Creating an SNMP Community

Follow these steps to create an SNMP community:

1)Set the community name, access rights and the related view.

Community Name

Configure the community name. This community name is used like a password and the NMS can access the specified MIB objects of the switch using the same community name.

Access Mode

Specify the access right to the related view.

Read Only: The NMS can view but not modify parameters of the specified view.

Read & Write: The NMS can view and modify parameters of the specified view.

MIB View

Choose an SNMP view that allows the community to access.

2)Click Create.

2.1.4Creating an SNMP Group (For SNMP v3)

Choose the menu MAINTENANCE > SNMP > SNMP v3 > SNMP Group and click to load the following page.

Figure 2-5 Creating an SNMP Group

Follow these steps to create an SNMP Group and configure related parameters.

1)Assign a name to the group, then set the security level and the read view, write view and notify view.

Group Name

Set the SNMP group name using 1 to 16 characters.

The identifier of a group consists of a group name, security model and security level. Groups of the same identifier are recognized as being in the same group.

Security Model

Displays the security model. SNMPv3 uses v3, the most secure model.

Security Level

Set the security level for the SNMPv3 group.

NoAuthNoPriv: No authentication algorithm but a user name match is applied to check packets, and no privacy algorithm is applied to encrypt them.

AuthNoPriv: An authentication algorithm is applied to check packets, but no privacy algorithm is applied to encrypt them.

AuthPriv: An authentication algorithm and a privacy algorithm are applied to check and encrypt packets.

Read View

Choose a view to allow parameters to be viewed but not modified by the NMS. The view is necessary for any group.

Write View

Choose a view to allow parameters to be modified by the NMS. The view in Write View should also be added to Read View.

Notify View

Choose a view to allow it to send notifications to the NMS.

2)Click Create.

2.1.5Creating SNMP Users (For SNMP v3)

Choose the menu MAINTENANCE > SNMP > SNMP v3 > SNMP User and click to load the following page.

Figure 2-6 Creating an SNMP User

Follow these steps to create an SNMP user:

1)Specify the user name and user type as well as the group which the user belongs to. Then configure the security level.

User Name

Set the SNMP user name using 1 to 16 characters. For different entries, user names cannot be the same.

User Type

Choose a user type based on the location of the user.

Local User: The user resides on the local engine, which is the SNMP agent of the switch.

Remote User: The user resides on the NMS. Before configuring a remote user, you need to set the remote engine ID first. The remote engine ID and user password are used when computing the authentication and privacy digests.

Group Name

Choose the name of the group that the user belongs to. Users with the same Group Name, Security Model and Security Level will be in the same group.

Security Model

Displays the security model. SNMPv3 uses v3, the most secure model.

Security Level

Set the security level. The security level from lowest to highest is: NoAuthNoPriv, AuthNoPriv, AuthPriv. The security level of the user should not be lower than the group it belongs to.

NoAuthNoPriv: No authentication algorithm but a user name match is applied to check packets, and no privacy algorithm is applied to encrypt them.

AuthNoPriv: An authentication algorithm is applied to check packets, but no privacy algorithm is applied to encrypt them.

AuthPriv: An authentication algorithm and a privacy algorithm are applied to check and encrypt packets.

2)If you have chosen AuthNoPriv or AuthPriv as the security level, you need to set corresponding Authentication Mode or Privacy Mode. If not, skip this step.

Authentication Mode

With AuthNoPriv or AuthPriv selected, configure the authentication mode and password for authentication. Two authentication modes are provided:

MD5: Enable the HMAC-MD5 algorithm for authentication.

SHA: Enable the SHA (Secure Hash Algorithm) algorithm for authentication. SHA algorithm is securer than MD5 algorithm.

Authentication Password

Set the password for authentication.

Privacy Mode

With AuthPriv selected, configure the privacy mode and password for encryption. The switch uses the DES (Data Encryption Standard) algorithm for encryption.

Privacy Password

Set the password for encryption.

3)Click Create.

2.2Using the CLI

2.2.1Enabling SNMP

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server

Enabling SNMP.

Step 3

snmp-server engineID {[ local local-engineID] [remote remote-engineID]}

Configure the local engine ID and the remote engine ID.

local-engineID: Enter the engine ID of the local SNMP agent (the switch) with 10 to 64 hexadecimal digits. A valid engine ID must contain an even number of characters. By default, the switch generates the engine ID using TP-Link’s enterprise number (80002e5703) and its own MAC address.

The local engine ID is a unique alphanumeric string used to identify the SNMP engine. As an SNMP agent contains only one SNMP engine, the local engine ID can uniquely identify the SNMP agent.

remote-engineID: Enter the remote engine ID with 10 to 64 hexadecimal digits. A valid engine ID must contain an even number of characters. The remote engine ID is a unique alphanumeric string. It is used to identify the SNMP engine on the remote device that receives inform messages from switch.

Note:

In SNMPv3, changing the value of the SNMP engine ID has important side effects. A user’s password is converted to an MD5 or SHA security digest based on the password itself and the engine ID. If the value of local engine ID changes, the switch will automatically delete all SNMPv3 local users as their security digests become invalid. Similarly, all SNMPv3 remote users will be deleted if the value of remote engine ID changes.

Step 4

show snmp-server

Displays the global settings of SNMP.

Step 5

show smnp-server engineID

Displays the engine ID of SNMP.

Step 6

end

Return to Privileged EXEC Mode.

Step 7

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable SNMP and set 123456789a as the remote engine ID:

Switch#configure

Switch(config)#snmp-server

Switch(config)#snmp-server engineID remote 123456789a

Switch(config)#show snmp-server

SNMP agent is enabled.

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad value errors

0 General errors

0 Response PDUs

0 Trap PDUs

Switch(config)#show snmp-server engineID

Local engine ID: 80002e5703000aeb13a23d

Remote engine ID: 123456789a

Switch(config)#end

Switch#copy running-config startup-config

2.2.2Creating an SNMP View

Specify the OID (Object Identifier) of the view to determine objects to be managed.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server view name mib-oid {include | exclude}

Configure the view.

name: Enter a view name with 1 to 16 characters. You can create multiple entries with each associated to a MIB object. A complete view consists of all MIB objects that have the same view name.

mib-oid: Enter the MIB object ID with 1 to 61 characters. When a MIB Object ID is specified, all its child Object IDs are specified. For specific ID rules, refer to the device related MIBs.

include | exclude: Specify a view type. Include indicates that objects of the view can be managed by the NMS, while exclude indicates that objects of the view cannot be managed by the NMS.

Step 3

show snmp-server view

Displays the view table.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set a view to allow the NMS to manage all function. Name the view as View:

Switch#configure

Switch(config)#snmp-server view View 1 include

Switch(config)#show snmp-server view

No. View Name Type MOID

--- ------------ ------- ----

1 viewDefault include 1

2 viewDefault exclude 1.3.6.1.6.3.15

3 viewDefault exclude 1.3.6.1.6.3.16

4 viewDefault exclude 1.3.6.1.6.3.18

5 View include 1

Switch(config)#end

Switch#copy running-config startup-config

2.2.3Creating SNMP Communities (For SNMP v1/v2c)

For SNMPv1 and SNMPv2c the Community Name is used for authentication, functioning as the password.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server community name { read-only | read-write } [mib-view]

Configure the community.

name: Enter a group name with 1 to 16 characters.

read-only | read-write: Choose an access permissions for the community. Read-only indicates that the NMS can view but cannot modify parameters of the view, while read-write indicates that the NMS can both view and modify.

mib-view: Enter a view to allow it to be accessed by the community. The name contains 1 to 61 characters. The default view is viewDefault.

Step 3

show snmp-server community

Displays community entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set an SNMP community. Name the community as the nms-monitor, and allow the NMS to view and modify parameters of View:

Switch#configure

Switch(config)#snmp-server community nms-monitor read-write View

Switch(config)#show snmp-server community

Index Name Type MIB-View

----- ---------------- ------------ --------

1 nms-monitor read-write View

Switch(config)#end

Switch#copy running-config startup-config

2.2.4Creating an SNMP Group (For SNMPv3)

Create an SNMP group and set user access control with read, write and notify views. Meanwhile, set the authentication and privacy modes to secure the communication between the NMS and managed devices.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server group name [ smode v3 ] [ slev {noAuthNoPriv | authNoPriv | authPriv}] [ read read-view ] [ write write-view ] [ notify notify-view ]

Create an SNMP group.

name: Enter the group name with 1 to 16 characters. The identifier of a group consists of a group name, security model and security level. Groups of the same identifier are recognized as being in the same group.

v3: Configure the security model for the group. v3 indicates SNMPv3, the most secure model.

noAuthNoPriv | authNoPriv | authPriv: Choose a security level. The security levels are sorted from low to high, and the default is noAuthNoPriv.

noAuthNoPriv indicates no authentication algorithm but a user name match is applied to check packets, and no privacy algorithm is applied to encrypt them. authNoPriv indicates an authentication algorithm is applied to check packets, but no privacy algorithm is applied to encrypt them. authPriv indicates an authentication algorithm and a privacy algorithm are applied to check and encrypt packets.

read-view: Set the view to be the Read view. Then the NMS can view parameters of the specified view.

write-view: Set the view to be the Write view. Then the NMS can modify parameters of the specified view. Note that the view in the Write view should also be in the Read view.

notify-view: Set the view to be the Notify view. Then the NMS can get notifications of the specified view from the agent.

Step 3

show snmp-server group

Displays SNMP group entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create an SNMPv3 group with the group name as nms1, the security level as authPriv, and the Read and Notify view are both View:

Switch#configure

Switch(config)#snmp-server group nms1 smode v3 slev authPriv read View notify View

Switch(config)#show snmp-server group

No. Name Sec-Mode Sec-Lev Read-View Write-View Notify-View

--- -------- ------------- ---------- ------------- ------------- --------------

1 nms1 v3 authPriv View View

Switch(config)#end

Switch#copy running-config startup-config

2.2.5Creating SNMP Users (For SNMPv3)

Create SNMP users and add them to the SNMP group. Users in the same group have the same access rights which are controlled by the read, write and notify views of the group.

Step 1

configure

Enter Global Configuration Mode.

Step 2

Choose a security level for the user and run the corresponding command to create the user. The security levels from low to high are NoAuthNoPriv, AuthNoPriv, and AuthPriv. The security level of a user should not be lower than that of the group it belongs to.

To create a user with the security level as NoAuthNoPriv:

snmp-server user name { local | remote } group-name [ smode v3 ] slev noAuthNoPriv

name: Enter the user name with 1 to 16 characters.

local | remote: Choose a user type based on the location of the user. Local indicates that the user resides on the local SNMP engine (the switch), while remote indicates that the user resides on the NMS. Before configuring a remote user, you need to set the remote engine ID first. The remote engine ID and user password are used when computing the authentication and privacy digests.

group-name: Enter the name of the group which the user belongs to. Users with the same Group Name, Security Model and Security Level will be in the same group.

v3: Configure the security model for the user. v3 indicates SNMPv3, the most secure model.

noAuthNoPriv: Configure the security level as noAuthNoPriv. For this level, no authentication algorithm but a user name match is applied to check packets, and no privacy algorithm is applied to encrypt them.

To create a user with the security level as AuthNoPriv:

snmp-server user name { local | remote } group-name [ smode v3 ] slev authNoPriv cmode {MD5 | SHA } cpwd confirm-pwd

authNoPriv: Configure the security level as authNoPriv. For this level, an authentication algorithm is applied to check packets, but no privacy algorithm is applied to encrypt them.

MD5 | SHA: Choose an authentication algorithm when the security level is set as authNoPriv or authPriv. SHA authentication mode has a higher security than MD5 mode. By default, the Authentication Mode is none.

confirm-pwd: Enter an authentication password with 1 to 16 characters excluding question mark and space. This password in the configuration file will be displayed in the symmetric encrypted form.

To create a user with the security as AuthPriv:

snmp-server user name { local | remote } group-name [ smode v3 ] slev authPriv cmode {MD5 | SHA } cpwd confirm-pwd emode DES epwd encrypt-pwd

authPriv: Configure the security level as authPriv. For this level, an authentication algorithm and a privacy algorithm are applied to check and encrypt packets.

DES: Configure the privacy mode as DES. The switch will use the DES algorithm to encrypt the packets. By default, the Privacy Mode is none.

encrypt-pwd: Enter a privacy password with 1 to 16 characters excluding question mark and space. This password in the configuration file will be displayed in the symmetric encrypted form.

Step 3

show snmp-server user

Displays the information of SNMP users.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create a remote SNMP user named admin and add it to group nms1. The security settings are as Table 2-1:

Table 2-1Security Settings for the User

Parameter

Value

Security Level

v3

Authentication Mode

SHA

Authentication Password

1234

Privacy Mode

DES

Privacy Password

5678

Switch#configure

Switch(config)#snmp-server user admin remote nms1 smode v3 slev authPriv cmode SHA cpwd 1234 emode DES epwd 5678

Switch(config)#show snmp-server user

No. U-Name U-Type G-Name S-Mode S-Lev A-Mode P-Mode

--- ------ ------ ------ ------ ----- ------ ------

1 admin remote nms1 v3 authPriv SHA DES

Switch(config)#end

Switch#copy running-config startup-config

3Notification Configurations

With Notification enabled, the switch can send notifications to the NMS about important events relating to the device’s operation. This facilitates the monitoring and management of the NMS.

To configure SNMP notification, follow these steps:

1)Configure the information of NMS hosts.

2)Enable SNMP traps.

Configuration Guidelines

To guarantee the communication between the switch and the NMS, ensure the switch and the NMS can reach one another.

3.1Using the GUI

3.1.1Configuring the Information of NMS Hosts

Choose the menu MAINTENANCE > SNMP > Notification > Notification Config and click to load the following page.

Figure 3-1 Adding an NMS Host

Follow these steps to add an NMS host:

1)Choose the IP mode according to the network environment, and specify the IP address of the NMS host and the UDP port that receives notifications.

IP Mode

Choose an IP mode for the NMS host.

IP Address

If you set IP Mode as IPv4, specify an IPv4 address for the NMS host.

If you set IP Mode as IPv6, specify an IPv6 address for the NMS host.

UDP Port

Specify a UDP port on the NMS host to receive notifications. For security, we recommend that you change the port number under the condition that communications on other UDP ports are not affected.

2)Specify the user name or community name used by the NMS host, and configure the security model and security level based on the user or community.

User

Choose the user name or community name used by the NMS host.

Security Model

If a community name (created for SNMPv1/v2c) is selected in User, specify the security model as v1 or v2c. If a user name (created for SNMPv3) is selected in User, here displays the security model as v3.

Note: The NMS host should use the corresponding SNMP version.

Security Level

If Security model is v3, here displays the security level of the user.

3)Choose a notification type based on the SNMP version. If you choose the Inform type, you need to set retry times and timeout interval.

Type

Choose a notification type for the NMS host. For SNMPv1, the supported type is Trap. For SNMPv2c and SNMPv3, you can configure the type as Trap or Inform.

Trap: The switch will send Trap messages to the NMS host when certain events occur. When the NMS host receives a Trap message, it will not send a response to the switch. Thus the switch cannot tell whether a message is received or not, and the messages that are not received will not be resent.

Inform: The switch will send Inform messages to the NMS host when certain events occur. When the NMS host receives an Inform message, it sends a response to the switch. If the switch does not receive any response within the timeout interval, it will resend the Inform message. Therefore, Inform is more reliable than Trap.

Retry

Set the retry times for Informs. The switch will resend the Inform message if it does not receive any response from the NMS host within the timeout interval. It will stop sending Inform messages when the retry time reaches the limit.

Timeout

Set the time that the switch waits for a response from the NMS host after sending an inform message.

4)Click Create.

3.1.2Enabling SNMP Traps

Choose the menu MAINTENANCE > SNMP > Notification > Trap Config to load the following page.

Figure 3-2 Enabling SNMP Traps

Follow these steps to enable some or all of the supported traps:

1)Select the traps to be enabled according to your needs. With a trap enabled, the switch will send the corresponding trap message to the NMS when the trap is triggered.

SNMP Authentication

Triggered when a received SNMP request fails the authentication.

Coldstart

Indicates that the SNMP entity is reinitializing itself such that its configurations may be changed. The trap can be triggered when you reboot the switch.

Warmstart

Indicates that the SNMP entity is reinitializing itself with its configurations unchanged. For a switch running SNMP, the trap can be triggered if you disable and then enable SNMP without changing any parameters.

Link Status

Enable or disable Link Status Trap globally. The trap includes the following two sub-traps:

Linkup Trap: Indicates that a port status changes from linkdown to linkup.

Linkdown Trap: Indicates that a port status changes from linkup to linkdown.

Link Status Trap can be triggered when it is enabled both globally and on the port, and you connect a new device to the port or disconnect a device from the port.

To enable the trap on a port, run the command snmp-server traps link-status in Interface Configuration Mode of the port. To disable it, run the corresponding no command.

By default, the trap is enabled both globally and on all ports, which means that link status changes on any ports will trigger the trap. If you do not want to receive notification messages about some specific ports, disable the trap on those ports.

CPU Utilization

Triggered when the CPU utilization exceeds 80%.

Memory Utilization

Triggered when the memory utilization exceeds 80%.

Flash Operation

Triggered when flash is modified during operations such as backup, reset, firmware upgrade, and configuration import.

VLAN Create/Delete

Triggered when certain VLANs are created or deleted successfully.

IP Change

Monitors the changes of interfaces’ IP addresses. The trap can be triggered when the IP address of any interface is changed.

Storm Control

Monitors whether the storm rate has reached the limit that you have set. The trap can be triggered when the Strom Control feature is enabled and broadcast/multicast/unknown-unicast frames are sent to the port with a rate higher than what you have set.

Rate Limit

Monitors whether the bandwidth has reached the limit you have set. The trap can be triggered when the Rate Limit feature is enabled and packets are sent to the port with a rate higher than what you have set.

LLDP

The trap includes the following sub-traps:

LLDP RemTablesChange: Indicates that the switch senses an LLDP topology change. The trap can be triggered when adding or removing a remote device, and when the information of some remote devices is aged out or cannot be stored into the switch because of insufficient resources. This trap can be used by an NMS to trigger LLDP remote systems table maintenance polls.

LLDP TopologyChange: Indicates that the switch senses an LLDP-MED topology change (the topology change of media endpoints). The trap can be triggered when adding or removing a media endpoint that supports LLDP, such as an IP Phone. An LLDP Remtableschange trap will be also triggered every time LLDP Topologychange trap is triggered.

Loopback Detection

Triggered when the Loopback Detection feature is enabled and a loopback is detected or cleared.

Spanning Tree

Indicates spanning tree changes. The trap can be triggered in the following situations: a port changes from non-forwarding state to forwarding state or the other way round; a port receives a TCN (Topology Change Notification) BPDU or a Configuration BPDU with the TC (Topology Change) bit set.

PoE

Only for products that support PoE. The trap includes the following sub-traps:

Over-max-pwr-budget: Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch can supply.

Port-pwr-change: Triggered when a port starts to supply power or stops supplying power.

Port-pwr-deny: Triggered when the switch powers off PDs on low-priority PoE ports. The switch powers off them to ensure stable running of the other PDs when the total power required by the connected PDs exceeds the system power limit.

Port-pwr-over-30w: Triggered when the power required by the connected PD exceeds 30 watts.

Port-pwr-overload: Triggered when the power required by the connected PD exceeds the maximum power the port can supply.

Port-short-circuit: Triggered when a short circuit is detected on a port.

Thermal-shutdown: Triggered when the PSE chip overheats. The switch will stop supplying power in this case.

IP-MAC Binding

Triggered in the following two situations: the ARP Inspection feature is enabled and the switch receives an illegal ARP packet; or the IPv4 Source Guard feature is enabled and the switch receives an illegal IP packet.

IP Duplicate

Triggered when the switch detects an IP conflict.

DHCP Filter

Triggered when the DHCPv4 Filter feature is enabled and the switch receives DHCP packets from an illegal DHCP server.

DDM Temperature

Monitors the temperature of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the temperature of any SFP module has reached the warning or alarm threshold.

Note: T2600G-52TS does not support this trap.

DDM Voltage

Monitors the voltage of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the voltage of any SFP module has reached the warning or alarm threshold.

Note: T2600G-52TS does not support this trap.

DDM Bias Current

Monitors the bias current of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the bias current of any SFP module has reached the warning or alarm threshold.

Note: T2600G-52TS does not support this trap.

DDM TX Power

Monitors the TX Power of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the TX Power of any SFP module has reached the warning or alarm threshold.

Note: T2600G-52TS does not support this trap.

DDM RX Power

Monitors the RX Power of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the RX Power of any SFP module has reached the warning or alarm threshold.

Note: T2600G-52TS does not support this trap.

ACL Counter

Monitors matched ACL information, including the matched ACL ID, rule ID and the number of the matched packets. With both this trap and the Logging feature in the ACL rule settings enabled, the switch will check the matched ACL information every five minutes and send SNMP traps if there is any updated information.

2)Click Apply.

3.2Using the CLI

3.2.1Configuring the NMS Host

Configure parameters of the NMS host and packet handling mechanism.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server host ip udp-port user-name [smode { v1 | v2c | v3 }] [slev {noAuthNoPriv | authNoPriv | authPriv }] [type { trap | inform}] [retries retries] [timeout timeout]

Configure parameters of the NMS host and packet handling mechanism.

ip: Specify the IP address of the NMS host in IPv4 or IPv6. Make sure the NMS host and the switch can reach each other.

udp-port: Specify a UDP port on the NMS host to receive notifications. The default is port 162. For communication security, we recommend that you change the port number under the condition that communications on other UDP ports are not affected.

user-name: Enter the name used by the NMS host. When the NMS host uses SNMPv1 or SNMPv2c, enter the Community Name; when the NMS host uses SNMPv3, enter the User Name of the SNMP Group.

v1 | v2c | v3: Choose the security model used by the user from the following: SNMPv1, SNMPv2c, SNMPv3. The NMS host should use the corresponding SNMP version.

noAuthNoPriv | authNoPriv | authPriv: For SNMPv3 groups, choose a security level from noAuthNoPriv (no authorization and no encryption), authNoPriv (authorization and no encryption), authPriv (authorization and encryption). The default is noAuthNoPriv. Note that if you have chosen v1 or v2c as the security model, the security level cannot be configured.

trap | inform: Choose a notification type for the NMS host. For SNMPv1, the supported type is Trap. For SNMPv2c and SNMPv3, you can configure the type as Trap or Inform.

Trap: The switch will send Trap messages to the NMS host when certain events occur. When the NMS host receives a Trap message, it will not send a response to the switch. Thus the switch cannot tell whether a message is received or not, and the messages that are not received will not be resent.

Inform: The switch will send Inform messages to the NMS host when certain events occur. When the NMS host receives an Inform message, it sends a response to the switch. If the switch does not receive any response within the timeout interval, it will resend the Inform message. Therefore, Inform is more reliable than Trap.

retries: Set the retry times for Inform messages. The range is between 1 to 255 and the default is 3. The switch will resend the Inform message if it does not receive any response from the NMS host within the timeout interval. And it will stop sending Inform message when the retry times reaches the limit.

timeout: Set the time that the switch waits for a response. Valid values are from 1 to 3600 seconds; the default is 100 seconds. The switch will resend the Inform message if it does not receive a response from the NMS host within the timeout interval.

Step 3

show snmp-server host

Verify the information of the host.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure an NMS host with the parameters shown in Table 3-1.

Table 3-1Parameters for the NMS Hosts

Parameter

Value

IP Address

172.16.1.222

UDP Port

162

User Name

admin

Security Model

v3

Security Level

authPriv

Notification Type

Inform

Retry Times

3

Timeout Interval

100 seconds

Switch#configure

Switch(config)#snmp-server host 172.16.1.222 162 admin smode v3 slev authPriv type inform retries 3 timeout 100

Switch(config)#show snmp-server host

No. Des-IP UDP Name SecMode SecLev Type Retry Timeout

--- ------ ----- ---- ------- ------ ---- ----- -------

1 172.16.1.222 162 admin v3 authPriv inform 3 100

Switch(config)#end

Switch#copy running-config startup-config

3.2.2Enabling SNMP Traps

The switch supports many types of SNMP traps, like SNMP standard traps, ACL traps, and VLAN traps, and the corresponding commands are different. With a trap enabled, the switch will send the corresponding trap message to the NMS when the trap is triggered. Follow these steps to enable the traps according to your needs.

Enabling the SNMP Standard Traps Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps snmp [ linkup | linkdown | warmstart | coldstart | auth-failure ]

Enable the corresponding SNMP standard traps. The command without any parameter enables all SNMP standard traps. By default, all SNMP standard traps are enabled.

linkup | linkdown: Enable Linkup Trap and Linkdown Trap globally.

Linkup Trap indicates that a port status changes from linkdown to linkup. The trap can be triggered when you connect a new device to the port, and the trap is enabled both globally and on the port.

Linkdown Trap indicates that a port status changes from linkup to linkdown. The trap can be triggered when you disconnect a device from the port, and the trap is enabled both globally and on the port.

To enable Linkup Trap and Linkdown Trap on a port, run the command snmp-server traps link-status in Interface Configuration Mode of the port. To disable them, run the corresponding no command.

By default, the traps are enabled both globally and on all ports, which means that the traps will be triggered when a device is connected to or disconnected from any port of the switch. If you do not want to receive notification messages about some specific ports, disable the traps on those ports.

warmstart: Indicates that the SNMP entity is reinitializing itself with its configurations unchanged. For a switch running SNMP, the trap can be triggered if you disable and then enable SNMP without changing any parameters.

coldstart: Indicates that the SNMP entity is reinitializing itself such that its configurations may be changed. The trap can be triggered when you reboot the switch.

auth-failure: Triggered when a received SNMP request fails the authentication.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to send linkup traps:

Switch#configure

Switch(config)#snmp-server traps snmp linkup

Switch(config)#end

Switch#copy running-config startup-config

Enabling the SNMP Extended Traps Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps { rate-limit | cpu | flash | lldp remtableschange | lldp topologychange | loopback-detection | storm-control | spanning-tree | memory }

Enable the corresponding SNMP extended traps. By default, all SNMP extended traps are disabled.

rate-limit: Monitors whether the bandwidth has reached the limit you have set. The trap can be triggered when the Rate Limit feature is enabled and packets are sent to the port with a rate higher than what you have set.

cpu: Monitors the load status of the switch CPU. The trap can be triggered when the utilization rate of the CPU exceeds 80%.

flash: Triggered when flash is modified during operations such as backup, reset, firmware upgrade, and configuration import.

lldp remtableschange: Indicates that the switch senses an LLDP topology change. The trap can be triggered when adding or removing a remote device, and when the information of some remote devices is aged out or cannot be stored into the switch because of insufficient resources. This trap can be used by an NMS to trigger LLDP remote systems table maintenance polls.

lldp topologychange: Indicates that the switch senses an LLDP-MED topology change (the topology change of media endpoints). The trap can be triggered when adding or removing a media endpoint that supports LLDP, such as an IP Phone. An LLDP Remtableschange trap will be also triggered every time LLDP Topologychange trap is triggered.

loopback-detection: Triggered when the Loopback Detection feature is enabled and a loopback is detected or cleared.

storm-control: Monitors whether the storm rate has reached the limit that you have set. The trap can be triggered when the Strom Control feature is enabled and broadcast/multicast/unknown-unicast frames are sent to the port with a rate higher than what you have set.

spanning-tree: Indicates spanning tree changes. The trap can be triggered in the following situations: a port changes from non-forwarding state to forwarding state or the other way round; a port receives a TCN (Topology Change Notification) BPDU or a Configuration BPDU with the TC (Topology Change) bit set.

memory: Monitors the load status of the switch memory. The trap can be triggered when the memory utilization exceeds 80%.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable bandwidth-control traps:

Switch#configure

Switch(config)#snmp-server traps bandwidth-control

Switch(config)#end

Switch#copy running-config startup-config

Enabling the DDM Traps Globally

Note:

T2600G-52TS does not support DDM traps.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps ddm [ temperature | voltage | bias_current | tx_power | rx_power ]

Enable the corresponding DDM traps. DDM function is used to monitor the status of the SFP modules inserted into the SFP ports on the switch. The command without parameter enables all SNMP DDM traps. By default, all DDM traps are disabled.

temperature: Monitors the temperature of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the temperature of any SFP module has reached the warning or alarm threshold.

voltage: Monitors the voltage of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the voltage of any SFP module has reached the warning or alarm threshold.

bias_current: Monitors the bias current of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the bias current of any SFP module has reached the warning or alarm threshold.

tx_power: Monitors the TX Power of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the TX Power of any SFP module has reached the warning or alarm threshold.

rx_power: Monitors the RX Power of SFP modules inserted into the SFP ports on the switch. The trap can be triggered when the RX Power of any SFP module has reached the warning or alarm threshold.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable DDM temperature trap:

Switch#configure

Switch(config)#snmp-server traps ddm temperature

Switch(config)#end

Switch#copy running-config startup-config

Enabling the VLAN Traps Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps vlan [ create | delete ]

Enable the corresponding VLAN traps. The command without parameter enables all SNMP VLAN traps. By default, all VLAN traps are disabled.

create: Triggered when certain VLANs are created successfully.

delete: Triggered when certain VLANs are deleted successfully.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable all the SNMP VLAN traps:

Switch#configure

Switch(config)#snmp-server traps vlan

Switch(config)#end

Switch#copy running-config startup-config

Enabling the SNMP Security Traps Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps security { dhcp-filter | ip-mac-binding }

Enable the corresponding security traps. By default, all security traps are disabled.

dhcp-filter: Triggered when the DHCPv4 Filter feature is enabled and the switch receives DHCP packets from an illegal DHCP server.

ip-mac-binding: Triggered when the ARP Inspection feature is enabled and the switch receives an illegal ARP packet, or the IPv4 Source Guard feature is enabled and the switch receives an illegal IP packet.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable DHCP filter trap:

Switch#configure

Switch(config)#snmp-server traps security dhcp-filter

Switch(config)#end

Switch#copy running-config startup-config

Enabling the ACL Trap Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps security acl

Enable the ACL trap. By default, it is disabled.

The trap monitors matched ACL information, including the matched ACL ID, rule ID and the number of the matched packets. With both this trap and the Logging feature in the ACL rule settings enabled, the switch will check the matched ACL information every five minutes and send SNMP traps if there is any updated information.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable ACL trap:

Switch#configure

Switch(config)#snmp-server traps acl

Switch(config)#end

Switch#copy running-config startup-config

Enabling the IP Traps Globally

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps ip { change | duplicate }

Enable the IP traps. By default, all IP traps are disabled.

change: Monitors the changes of interfaces’ IP addresses. The trap can be triggered when the IP address of any interface is changed.

duplicate: Triggered when the switch detects an IP conflict.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable IP-Change trap:

Switch#configure

Switch(config)#snmp-server traps ip change

Switch(config)#end

Switch#copy running-config startup-config

Enabling the SNMP PoE Traps Globally

Note:

Only T2600G-28MPS supports PoE traps.

Step 1

configure

Enter Global Configuration Mode.

Step 2

snmp-server traps power [over-max-pwr-budget | port-pwr-change | port-pwr-deny | port-pwr-over-30w | port-pwr-overload | port-short-circuit | thermal-shutdown ]

Enable the PoE traps. The command without any parameter enables all PoE traps. By default, all PoE traps are disabled.

over-max-pwr-budget: Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch can supply.

port-pwr-change: Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch can supply.

port-pwr-deny: Triggered when the switch powers off PDs on low-priority PoE ports. The switch powers off them to ensure stable running of the other PDs when the total power required by the connected PDs exceeds the system power limit.

port-pwr-over-30w: Triggered when the power required by the connected PD exceeds 30 watts.

port-pwr-overload: Triggered when the power required by the connected PD exceeds the maximum power the port can supply.

port-short-circuit: Triggered when a short circuit is detected on a port.

thermal-shutdown: Triggered when the PSE chip overheats. The switch will stop supplying power in this case.

Step 3

end

Return to Privileged EXEC Mode.

Step 4

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable all PoE traps:

Switch#configure

Switch(config)#snmp-server traps power

Switch(config)#end

Switch#copy running-config startup-config

Enabling the Link-status Trap for Ports

Step 1

configure

Enter Global Configuration Mode.

Step 2

interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list }

Configure notification traps on the specified ports.

port/port-list: The number or the list of the Ethernet ports that you desire to configure notification traps. To configure multiple ports, enter a list of port numbers separated by commas, or use a hyphen to indicates a range of port numbers. For example, 1-3, 5 indicates port 1, 2, 3, 5.

Step 3

snmp-server traps link-status

Enable Link Status Trap for the port. By default, it is enabled. Link Status Trap (including Linkup Trap and Linkdown Trap) can be triggered when the link status of a port changes, and the trap is enabled both globally and on the port.

To enable Linkup Trap and Linkdown Trap globally, run the command snmp-server traps snmp [ linkup | linkdown ] in Global Configuration Mode. To disable it, run the corresponding no command.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the switch to enable link-status trap:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#snmp-server traps link-status

Switch(config-if)#end

Switch#copy running-config startup-config

4RMON

RMON (Remote Network Monitoring) together with the SNMP system allows the network manager to monitor remote network devices efficiently. RMON reduces traffic flow between the NMS and managed devices, which is convenient to manage large networks.

RMON includes two parts: the NMS and the Agents running on every network device. The NMS is usually a host that runs the management software to manage Agents of network devices. The Agent is usually a switch or router that collects traffic statistics (such as the total number of packets on a network segment during a certain time period, or total number of correct packets that are sent to a host). Based on SNMP protocol, the NMS collects network data by communicating with Agents. However, the NMS cannot obtain every datum of RMON MIB because the device resources are limited. Generally, the NMS can only get information of the following four groups: Statistics, History, Event and Alarm.

Statistics: Collects Ethernet statistics (like the total received bytes, the total number of broadcast packets, and the total number of packets with specified size) on an interface.

History: Collects a history group of statistics on Ethernet ports for a specified polling interval.

Event: Specifies the action to be taken when an event is triggered by an alarm. The action can be to generate a log entry or an SNMP trap.

Alarm: Monitors a specific MIB object for a specified interval, and triggers an event at a specified value (rising threshold or falling threshold).

5RMON Configurations

With RMON configurations, you can:

Configuring the Statistics group.

Configuring the History group.

Configuring the Event group.

Configuring the Alarm group.

Configuration Guidelines

To ensure that the NMS receives notifications normally, complete configurations of SNMP and SNMP Notification before configuring RMON.

5.1Using the GUI

5.1.1Configuring the Statistics Group

Choose the menu MAINTENANCE > SNMP > RMON > Statistics and click to load the following page.

Figure 5-1 Creating a Statistics Entry

Follow these steps to configure the Statistics group:

1)Specify the entry index, the port to be monitored, and the owner name of the entry. Set the entry as Valid or Under Creation.

Index

Enter the index of the entry.

Port

Specify an Ethernet port to be monitored in the entry. You can click Choose to choose a port from the list or manually enter the port number, for example, 1/0/1 in the input box.

Owner

Enter the owner name of the entry with1 to 16 characters.

Status

Set the entry as Valid or Under Creation. By default, it is Valid. The switch start to collect Ethernet statistics for a Statistics entry since the entry status is configured as valid.

Valid: The entry is created and valid.

Under Creation: The entry is created but invalid.

2)Click Create.

5.1.2Configuring History Group

Choose the menu MAINTENANCE > SNMP > RMON > History to load the following page.

Figure 5-2 Configuring the History Entry

Follow these steps to configure the History group:

1)Select a History entry, and specify a port to be monitored.

Index

Displays the index of History entries. The switch supports up to 12 History entries.

Port

Specify a port to be monitored.

2)Set the sample interval and the maximum buckets of History entries.

Interval (seconds)

Specify the number of seconds in each polling cycle. Valid values are from 10 to 3600 seconds. Every history entry has its own timer. For the monitored port, the switch samples packet information and generates a record in every interval.

Maximum Buckets

Set the maximum number of records for the History entry. Valid values are from 10 to 130. When the number of records exceeds the limit, the earliest record will be overwritten.

3)Enter the owner name, and set the status of the entry. Click Apply.

Owner

Enter the owner name of the entry with 1 to 16 characters. By default, it is monitor.

Status

Enable or disable the entry. By default, it is disabled.

Enable: The entry is enabled.

Disable: The entry is disabled.

Note:

To change the parameters of a History entry, enable the entry at the same time; otherwise, the change cannot take effect.

5.1.3Configuring Event Group

Choose the menu MAINTENANCE > SNMP > RMON > Event to load the following page.

Figure 5-3 Configuring the Event Entry

Follow these steps to configure the Event group:

1)Choose an Event entry, and specify an SNMP User for the entry.

Index

Displays the index of Event entries. The switch supports up to 12 Event entries.

User

Choose an SNMP user name or community name for the entry. Only the specified user can access the log messages or receive the notification messages related to the event.

2)Set the description and action to be taken when the event is triggered.

Description

Enter an brief description of this event to make it easier to be identified.

Action Mode

Specify the action for the switch to take when the event is triggered.

None: No action.

Log: The switch records the event in the log, and the NMS should initiate requests to get notifications.

Notify: The switch sends notifications to the NMS.

Log & Notify: The switch records the event in the log and sends notifications to the NMS.

3)Enter the owner name, and set the status of the entry. Click Apply.

Owner

Enter the owner name of the entry with 1 to 16 characters.

Status

Enable or disable the entry.

Enable: The entry is enabled.

Disable: The entry is disabled.

5.1.4Configuring Alarm Group

Before you begin, complete configurations of Statistics entries and Event entries, because the Alarm entries must be associated with Statistics and Event entries.

Choose the menu MAINTENANCE > SNMP > RMON > Alarm to load the following page.

Figure 5-4 Configuring the Alarm Entry

Follow these steps to configure the Alarm group:

1)Select an alarm entry, choose a variable to be monitored, and associate the entry with a statistics entry.

Index

Displays the index of Alarm entries. The switch supports up to 12 Alarm entries.

Variable

Set the alarm variable to be monitored. The switch will monitor the specified variable in sample intervals and act in the set way when the alarm is triggered.

RecBytes: Total number of received bytes.

RecPackets: Total number of received packets.

BPackets: Total number of broadcast packets.

MPackets: Total number of multicast packets.

CRC&Align ERR: Packets that contain FCS Error or Alignment Error, within a size of 64 to 1518 bytes.

Undersize: Packets that are smaller than 64 bytes.

Oversize: Packets that are larger than 1518 bytes.

Jabbers: Packets that are sent when port collisions occur.

Collisions: Collision times in the network segment.

64, 65-127, 128-255, 256-511, 512-1023, 1024-1518: Total number of packets of the specified size.

Statistics

Associate the Alarm entry with a Statistics entry. Then the switch monitors the specified variable of the Statistics entry.

2)Set the sample type, the rising and falling threshold, the corresponding event entries, and the alarm type of the entry.

Sample Type

Specify the sampling method of the specified variable.

Absolute: Compare the sampling value against the preset threshold.

Delta: The switch obtains the difference between the sampling values of the current interval and the previous interval, and then compares the difference against the preset threshold.

Rising Threshold

Specify the rising threshold of the variable. Valid values are from 1 to 2147483647. When the sampling value or the difference value exceeds the threshold, the system will trigger the corresponding Rising Event.

Note: The rising threshold should be larger than the falling threshold.

Rising Event

Specify the index of the Event entry that will be triggered when the sampling value or the difference value exceeds the preset threshold. The Event entry specified here should be enabled first.

Falling Threshold

Set the falling threshold of the variable. Valid values are from 1 to 2147483647. When the sampling value or the difference value is below the threshold, the system will trigger the corresponding Falling Event.

Note: The falling threshold should be less than the rising threshold.

Falling Event

Specify the index of the Event entry that will be triggered when the sampling value or the difference value is below the preset threshold. The Event entry specified here should be enabled first.

Alarm Type

Specify the alarm type for the entry.

Rising: The alarm is triggered only when the sampling value or the difference value exceeds the rising threshold.

Falling: The alarm is triggered only when the sampling value or the difference value is below the falling threshold.

All: The alarm is triggered when the sampling value or the difference value exceeds the rising threshold or is below the falling threshold.

3)Enter the owner name, and set the status of the entry. Click Apply.

Interval (seconds)

Set the sampling interval. Valid values are from 10 to 3600 seconds.

Owner

Enter the owner name of the entry with 1 to 16 characters.

Status

Enable or disable the entry.

Enable: The entry is enabled.

Disable: The entry is disabled.

5.2Using the CLI

5.2.1Configuring Statistics

Step 1

configure

Enter Global Configuration Mode.

Step 2

rmon statistics index interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } [ owner owner-name] [ status { underCreation | valid }]

Configure RMON Statistic entries.

index: Specify the index of the Statistics entry, which ranges from 1 to 65535. To configure multiple indexes, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

port: Specify the port to be bound to the entry.

owner-name: Enter the owner name of the entry with 1 to 16 characters. The default name is monitor.

underCreation | valid: Enter the status of the entry. UnderCreation indicates that the entry is created but invalid, while Valid indicates the entry is created and valid. By default, it is valid.

The switch start to collect Ethernet statistics for a Statistics entry since the entry status is configured as valid.

Step 3

show rmon statistics [ index ]

Displays the statistics entries and their configurations.

index: Enter the index of statistics entry that you want to view. Valid values are from 1 to 65535. The command without any parameters displays all existing statistics entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create Statistics entries 1 and 2 on the switch to monitor port 1/0/1 and 1/0/2, respectively. The owner of the entries are both monitor and the status are both valid:

Switch#configure

Switch(config)#rmon statistics 1 interface gigabitEthernet 1/0/1 owner monitor status valid

Switch(config)#rmon statistics 2 interface gigabitEthernet 1/0/2 owner monitor status valid

Switch(config)#show rmon statistics

Index Port Owner State

----- ---- ----- -----

1 Gi1/0/1 monitor valid

2 Gi1/0/2 monitor valid

Switch(config)#end

Switch#copy running-config startup-config

5.2.2Configuring History

Step 1

configure

Enter Global Configuration Mode.

Step 2

rmon history index interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } [ interval seconds ] [ owner owner-name ] [ buckets number ]

Configuring RMON History entries.

index: Specify the index of the History entry, which ranges from 1 to 12. To configure multiple indexes, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

port: Specify the port to be bound to the entry.

seconds: Set the sample interval. The values are from 10 to 3600 seconds, and the default is 1800 seconds.

owner-name: Enter the owner name of the entry with 1 to 16 characters. The default name is monitor.

number: Set the maximum number of records for the history entry. When the number of records exceeds the limit, the earliest record will be overwritten. The values are from 10 to 130; the default is 50.

Step 3

show rmon history [ index ]

Displays the specified History entry and related configurations. To show multiple entries, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

index: Enter the index of History entry that you want to view. Valid values are from 1 to 12. The command without any parameters displays all existing statistics entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create a History entry on the switch to monitor port 1/0/1. Set the sample interval as 100 seconds, maximum buckets as 50, and the owner as monitor:

Switch#configure

Switch(config)#rmon history 1 interface gigabitEthernet 1/0/1 interval 100 owner monitor buckets 50

Switch(config)#show rmon history

Index Port Interval Buckets Owner State

----- --------- ----------- ----------- --------- -----

1 Gi1/0/1 100 50 monitor Enable

Switch(config)#end

Switch#copy running-config startup-config

5.2.3Configuring Event

Step 1

configure

Enter Global Configuration Mode.

Step 2

rmon event index [ user user-name ] [ description description ] [ type { none | log | notify | log-notify }] [ owner owner-name ]

Configuring RMON Event entries.

index: Specify the index of the Event entry, which ranges from 1 to 12. To configure multiple indexes, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

user-name: Enter the SNMP user name or community name of the entry. The name should be what you have set in SNMP previously. The default name is public.

description: Give a description to the entry with 1 to 16 characters. By default, the description is empty.

none | log | notify | log-notify: Specify the action type of the event; then the switch will take the specified action to deal with the event. By default, the type is none. None indicates the switch takes no action, log indicates the switch records the event only, notify indicates the switch sends notifications to the NMS only, and log-notify indicates the switch records the event and sends notifications to the NMS.

owner-name: Enter the owner name of the entry with 1 to 16 characters. The default name is monitor.

Step 3

show rmon event [ index ]

Displays the specified Event entry and related configurations. To show multiple entries, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

index: Enter the index of Event entry that you want to view. Valid values are from 1 to 12. The command without any parameters displays all existing statistics entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to create an Event entry on the switch. Set the user name as admin, the event type as Notify (set the switch to initiate notifications to the NMS), and the owner as monitor:

Switch#configure

Switch(config)#rmon event 1 user admin description rising-notify type notify owner monitor

Switch(config)#show rmon event

Index User Description Type Owner State

----- ---- ----------- ---- ----- -----

1 admin rising-notify Notify monitor Enable

Switch(config)#end

Switch#copy running-config startup-config

5.2.4Configuring Alarm

Step 1

configure

Enter Global Configuration Mode.

Step 2

rmon alarm index stats-index sindex [ alarm-variable { revbyte | revpkt | bpkt | mpkt | crc-align | undersize | oversize | jabber | collision | 64 | 65-127 | 128-255 | 256-511 | 512-1023 | 1024-1518}] [ s-type {absolute | delta}] [ rising-threshold r-threshold ] [ rising-event-index r-event ] [ falling-threshold f-threshold ] [ falling-event-index f-event ] [ a-type {rise | fall | all} ] [ owner owner-name ] [ interval interval ]

Configuring RMON alarm entries.

index: Specify the index of the Alarm entry, which ranges from 1 to 12. To configure multiple indexes, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

sindex: Specify the index of the related Statistics entry, which ranges from 1 to 65535.

revbyte | revpkt | bpkt | mpkt | crc-align | undersize | oversize | jabber | collision | 64 | 65- 127 | 128-255 | 256-511 | 512-1023 | 1024-1518: Choose an alarm variable to monitor. The switch will monitor the specified variable in sample intervals and act in the set way when the alarm is triggered. The default variable is revbyte.

revbyte means total number of received bytes; revpkt means total number of received packets; bpkt means total number of broadcast packets. mpkt means total number of multicast packets; crc-align means packets that contain FCS Error or Alignment Error, within a size of 64 to 1518 bytes; undersize means packets that are smaller than 64 bytes; oversize means packets that are larger than 1518 bytes; jabber means packets that are sent when port collisions occur; collision means the collision times in the network segment; 64 | 65-127 | 128-255 | 256-511 | 512-1023 | 1024-1518 means total number of packets of the specified size.

absolute | delta: Choose the sampling method of the specified variable. The default is absolute. In the absolute mode, the switch compares the sampling value against the preset threshold; in the delta mode, the switch obtains the difference between the sampling values of the current interval and the previous interval, and then compares the difference against the preset threshold.

r-threshold: Enter the rising threshold. Valid values are from 1 to 2147483647, and the default is 100. The rising threshold should be larger than the falling threshold.

r-event: Enter the index of the Event entry that will be triggered when the sampling value or the difference value exceeds the preset threshold. Valid values are from 1 to 12. The Event entry specified here should be enabled first.

f-threshold: Enter a falling threshold. Valid values are from 1 to 2147483647, and the default is 100. The falling threshold should be less than the rising threshold.

f-event: Enter the index of the Event entry that will be triggered when the sampling value or the difference value is below the preset threshold. Valid values are from 1 to 12. The Event entry specified here should be enabled first.

rise | fall | all: Choose an alarm type; the default is all. Rise indicates that the alarm is triggered only when the sampling value or difference value exceeds the rising threshold. Fall indicates that the alarm is triggered only when the sampling value or difference value is below the falling threshold. All indicates that the alarm is triggered when the sampling value or difference value either exceeds the rising threshold or is below the falling threshold.

owner-name: Enter the owner name of the entry using 1 to 16 characters. The default name is monitor.

interval: Set the sampling interval. The value ranges from 10 to 3600 seconds; the default is 1800 seconds.

Step 3

show rmon alarm [ index ]

Displays the specified alarm entry and related configurations. To show multiple entries, enter a list of indexes separated by commas, or use a hyphen to indicates a range of indexes. For example, 1-3, 5 indicates 1, 2, 3, 5.

index: Enter the index of Alarm entry that you want to view. Valid values are from 1 to 12. The command without any parameters displays all existing statistics entries.

Step 4

end

Return to Privileged EXEC Mode.

Step 5

copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set an alarm entry to monitor BPackets on the switch. Set the related Statistics entry index as 1, the sample type as Absolute, the rising threshold as 3000, the related rising event entry index as 1, the falling threshold as 2000, the related falling event index as 2, the alarm type as all, the notification interval as 10 seconds, and the owner of the entry as monitor:

Switch#configure

Switch(config)#rmon alarm 1 stats-index 1 alarm-variable bpkt s-type absolute rising-threshold 3000 rising-event-index 1 falling-threshold 2000 falling-event-index 2 a-type all interval 10 owner monitor

Switch(config)#show rmon alarm

Index-State: 1-Enabled

Statistics index: 1

Alarm variable: BPkt

Sample Type: Absolute

RHold-REvent: 3000-1

FHold-FEvent: 2000-2

Alarm startup: All

Interval: 10

Owner: monitor

Switch(config)#end

Switch#copy running-config startup-config

6Configuration Example

6.1Network Requirements

The following figure shows the network topology of a company. The company has requirements as follows:

1)Monitor storm traffic of ports 1/0/1 and 1/0/2 on Switch A, and send notifications to the NMS when the actual rate of broadcast, multicast or unknown-unicast packets exceeds the preset threshold.

2)Monitor the traffic of ports 1/0/1 and 1/0/2 on Switch A, and regularly collect and save data for follow-up checks. Specifically, Switch A should notify the NMS when the number of packets transmitted and received on the ports during the sample interval exceeds the preset rising threshold, and should record but not notify the NMS when that is below the preset falling threshold.

The NMS host with IP address 192.168.1.222 is connected to the core switch, Switch B. Switch A is connected to Switch B via port 1/0/3. Port 1/0/3 and the NMS can reach one another.

Figure 6-1 Network Topology

6.2Configuration Scheme

1)On Switch A, set thresholds for broadcast, multicast and unknown-unicast packets on ports 1/0/1 and 1/0/2. Enable SNMP and configure the corresponding parameters. Enable Trap notifications on the ports. Switch A can then send notifications to the NMS when the rate of storm traffic exceeds the preset threshold.

2)After SNMP and Notification configurations, create Statistic entries on the ports to monitor the real-time transmitting and receiving of packets and create History entries to regularly collect and save related data. Create two Event entries: one is the Notify type used to notify the NMS, and the other is the Log type used to record related events.

3)Create an Alarm entry to monitor RecPackets (Received Packets). Configure the rising and falling thresholds. Configure the rising event as the Notify event entry, and the falling event as the Log event entry.

Demonstrated with T2600G-28TS, this chapter provides configuration procedures in two ways: using the GUI and using the CLI.

6.3Using the GUI

Configuring Storm Control on Ports

Configure Storm Control on the required ports. For detailed configuration, refer to Configuring QoS.

Configuring SNMP

1)Choose MAINTENANCE > SNMP > Global Config to load the following page. In the Global Config section, enable SNMP, and set the Remote Engine ID as 123456789a. Click Apply.

Figure 6-2 Enabling SNMP

2)In the SNMP View Config section, click to load the following page. Name the SNMP view as View, set the view type as Include, and set MIB Object ID as 1 (which means all functions). Click Create.

Figure 6-3 Creating an SNMP View

3)Choose MAINTENANCE > SNMP > SNMP v3 > SNMP Group and click to load the following page. Create a group named nms-monitor, enable authentication and privacy, and add View to Read View and Notify View. Click Create.

Figure 6-4 Configuring an SNMP Group

4)Choose MAINTENANCE > SNMP > SNMP v3 > SNMP User and click to load the following page. Create a user named admin for the NMS, set the user type as Remote User and specify the group name. Set the Security Level in accordance with that of the group nms-monitor. Choose SHA authentication algorithm and DES privacy algorithm, and set corresponding passwords. Click Create.

Figure 6-5 Creating an SNMP User

5)Choose MAINTENANCE > SNMP > Notification > Notification Config and click to load the following page. Choose the IP Mode as IPv4, and specify the IP address of the NMS host and the port of the host for transmitting notifications. Specify the User as admin and choose the type as Inform. Set the retry times as 3, with the timeout period as 100 seconds. Click Create.

Figure 6-6 Creating an SNMP Notification Entry

6)Choose MAINTENANCE > SNMP > Notification > Trap Config to load the following page. Enable Storm Control trap and click Apply.

Figure 6-7 Enabling Storm Control Trap

7)Click to save the settings.

Configuring RMON

1)Choose MAINTENANCE > SNMP > RMON > Statistics and click to load the following page. Create Statistics entries 1 and 2, and bind them to ports 1/0/1 and 1/0/2, respectively. Set the owner of the entries as monitor and the status as Valid.

Figure 6-8 Configuring Statistics Entry 1

Figure 6-9 Configuring Statistics Entry 2

2)Choose the menu MAINTENANCE > SNMP > RMON > History to load the following page. Configure entries 1 and 2. Bind entries 1 and 2 to ports 1/0/1 and 1/0/2, respectively. Set the Interval as 100 seconds, Maximum Buckets as 50, the owner of the entries as monitor, and the status as enabled.

Figure 6-10 Configuring the History Entries

3)Choose the menu MAINTENANCE > SNMP > RMON > Event to load the following page. Configure entries 1 and 2. For entry 1, set the SNMP user name as admin, type as Notify, description as “rising_notify”, owner as monitor, and status as enable. For entry 2, set the SNMP user name as admin, type as Log, description as “falling_log”, owner as monitor, and status as enabled.

Figure 6-11 Configuring the Event Entries

4)Choose MAINTENANCE > SNMP > RMON > Alarm to load the following page. Configure entries 1 and 2. For entry 1, set the alarm variable as RecPackets, related statistics entry ID as 1 (bound to port 1/0/1), the sample type as Absolute, the rising threshold as 3000, associated rising event entry ID as 1 (which is the notify type), the falling threshold as 2000, the associated falling event entry ID as 2 (which is the log type), the alarm type as All, the interval as 10 seconds, the owner name as monitor. For entry 2, set the associated statistics entry ID as 2 (bound to port 1/0/2). Other configurations are the same as those of entry 1.

Figure 6-12 Configuring the Alarm Entries

5)Click to save settings.

6.4Using the CLI

Configuring Storm Control on ports

Configure the Storm Control on the required ports of Switch A. For detailed configuration, refer to Configuring QoS.

Configuring SNMP

1)Enable SNMP and specify the remote engine ID.

Switch_A#configure

Switch_A(config)#snmp-server

Switch_A(config)#snmp-server engineID remote 123456789a

2)Create a view with the name View; set the MIB Object ID as 1 (which represents all functions), and the view type as Include.

Switch_A(config)#snmp-server view View 1 include

3)Create a group of SNMPv3 with the name of nms-monitor. Enable Auth Mode and Privacy Mode, and set both the Read and Notify views as View.

Switch_A(config)#snmp-server group nms-monitor smode v3 slev authPriv read View notify View

4)Create an SNMP user named admin. Set the user as a remote user and configure the security model and security level based on the group. Set the Auth Mode as SHA algorithm, password as 1234, the Privacy Mode as DES, and password as 1234.

Switch_A(config)#snmp-server user admin remote nms-monitor smode v3 slev authPriv cmode SHA cpwd 1234 emode DES epwd 1234

5)To configure Notification, specify the IP address of the NMS host and UDP port. Set the User, Security Model and Security Level according to configurations of the SNMP User. Choose the type as Inform, and set the retry times as 3, and the timeout period as 100 seconds.

Switch_A(config)#snmp-server host 192.168.1.222 162 admin smode v3 slev authPriv type inform retries 3 timeout 100

Enable storm-control Trap

Switch_A(config)#snmp-server traps storm-control

Configuring RMON

1)Create Statistics entries 1 and 2 to monitor ports 1/0/1 and 1/0/2, respectively. The owner of the entries is set as monitor, and the status is set as valid.

Switch_A(config)#rmon statistics 1 interface gigabitEthernet 1/0/1 owner monitor status valid

Switch_A(config)#rmon statistics 2 interface gigabitEthernet 1/0/2 owner monitor status valid

2)Create History entries 1 and 2 and bind them to ports 1/0/1 and 1/0/2, respectively. Set the sample interval as 100 seconds, max buckets as 50, and the owner as monitor.

Switch_A(config)#rmon history 1 interface gigabitEthernet 1/0/1 interval 100 owner monitor buckets 50

Switch_A(config)#rmon history 2 interface gigabitEthernet 1/0/2 interval 100 owner monitor buckets 50

3)Create Event entries 1 and 2 for the SNMP user admin. Set entry 1 as the Notify type and its description as “rising_notify”. Set entry 2 as the Log type and its description as “falling_log”. Set the owner of them as monitor.

Switch_A(config)#rmon event 1 user admin description rising_notify type notify owner monitor

Switch_A(config)#rmon event 2 user admin description falling_log type log owner monitor

4)Create Alarm entries 1 and 2. For entry 1, set the alarm variable as RecPackets, associated Statistics entry ID as 1 (bound to port 1/0/1), the sample type as Absolute, the rising threshold as 3000, the associated rising event entry ID as 1 (Notify type), the falling threshold as 2000, the associated falling event entry ID as 2 (the log type), the alarm type as all, the interval as 10 seconds, and the owner name as monitor. For entry 2, set the associated statistics entry ID as 2 (bound to port 1/0/2), while all other configurations are the same as those of entry 1.

Switch_A(config)#rmon alarm 1 stats-index 1 alarm-variable revpkt s-type absolute rising-threshold 3000 rising-event-index 1 falling-threshold 2000 falling-event-index 2 a-type all interval 10 owner monitor

Switch_A(config)#rmon alarm 2 stats-index 2 alarm-variable revpkt s-type absolute rising-threshold 3000 rising-event-index 1 falling-threshold 2000 falling-event-index 2 a-type all interval 10 owner monitor

Verify the Configurations

Verify global SNMP configurations:

Switch_A(config)#show snmp-server

SNMP agent is enabled.

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 SNMP packets output

0 Too big errors(Maximum packet size 1500)

0 No such name errors

0 Bad value errors

0 General errors

0 Response PDUs

0 Trap PDUs

Verify SNMP engine ID:

Switch_A(config)#show snmp-server engineID

Local engine ID: 80002e5703000aeb13a23d

Remote engine ID: 123456789a

Verify SNMP view configurations:

Switch_A(config)#show snmp-server view

No. View Name Type MOID

--- -------------- ------- -------------------

1 viewDefault include 1

2 viewDefault exclude 1.3.6.1.6.3.15

3 viewDefault exclude 1.3.6.1.6.3.16

4 viewDefault exclude 1.3.6.1.6.3.18

5 View include 1

Verify SNMP group configurations:

Switch_A(config)#show snmp-server group

No. Name Sec-Mode Sec-Lev Read-View Write-View Notify-View

--- ------------- ----------- ---------- --------------- ------------ ----------

1 nms-monitor v3 authPriv View View

Verify SNMP user configurations:

Switch_A(config)#show snmp-server user

No. U-Name U-Type G-Name S-Mode S-Lev A-Mode P-Mode

--- ----------- ------ ------ ------ ----- ------ ------

1 admin remote nms-monitor v3 authPriv SHA DES

Verify SNMP host configurations:

Switch_A(config)#show snmp-server host

No. Des-IP UDP Name SecMode SecLev Type Retry Timeout

--- ---------------- ----- -------- --------- ---------- ------- ----- --------

1 172.168.1.222 162 admin v3 authPriv inform 3 100

Verify RMON statistics configurations:

Switch_A(config)#show rmon statistics

Index Port Owner State

----- ---------- --------- -------

1 Gi1/0/1 monitor valid

2 Gi1/0/2 monitor valid

Verify RMON history configurations:

Switch_A(config)#show rmon history

Index Port Interval Buckets Owner State

----- --------- -------- --------- ---------- ---------

1 Gi1/0/1 100 50 monitor Enable

2 Gi1/0/2 100 50 monitor Enable

Verify RMON event configurations:

Switch_A(config)#show rmon event

Index User Description Type Owner State

----- ------ ----------- -------- ---------- ----------

1 admin rising_notify Notify monitor Enable

2 admin falling_log Log monitor Enable

Verify RMON alarm configurations:

Switch_A(config)#show rmon alarm

Index-State: 1-Enabled

Statistics index: 1

Alarm variable: RevPkt

Sample Type: Absolute

RHold-REvent: 3000-1

FHold-FEvent: 2000-2

Alarm startup: All

Interval: 10

Owner: monitor

Index-State: 2-Enabled

Statistics index: 2

Alarm variable: RevPkt

Sample Type: Absolute

RHold-REvent: 3000-1

FHold-FEvent: 2000-2

Alarm startup: All

Interval: 10

Owner: monitor

7Appendix: Default Parameters

Default settings of SNMP are listed in the following tables.

Table 7-1Default Global Config Settings

Parameter

Default Setting

SNMP

Disabled

Local Engine ID

Automatically

Remote Engine ID

None

Table 7-2Default SNMP View Table Settings

View Name

View Type

MIB Object ID

viewDefault

Include

1

viewDefault

Exclude

1.3.6.1.6.3.15

viewDefault

Exclude

1.3.6.1.6.3.16

viewDefault

Exclude

1.3.6.1.6.3.18

Table 7-3Default SNMP v1/v2c Settings

Parameter

Default Setting

Community Entry

No entries

Community Name

None

Access

Read-only

MIB View

viewDefault

Table 7-4Default SNMP v3 Settings

Parameter

Default Setting

SNMP Group

Group Entry

No entries

Group Name

None

Security Model

v3

Security Level

NoAuthNoPriv

Read View

viewDefault

Write View

None

Notify View

None

SNMP User

User Entry

No entries

User Name

None

User Type

Local User

Group Name

None

Security Model

v3

Security Level

noAuthNoPriv

Authentication Mode

MD5 (when Security Level is configured as AuthNoPriv or AuthPriv)

Authentication Password

None

Privacy Mode

DES (when Security Level is configured as AuthPriv)

Privacy Password

None

Default settings of Notification are listed in the following table.

Table 7-5Default Notification Settings

Parameter

Default Setting

Notification Config

Notification Entry

No entries

IP Mode

IPv4

IP Address

None

UDP Port

162

User

None

Security Model

v1

Security Level

noAuthNoPriv

Type

Trap

Retry

None

Timeout

None

Trap Config

Enabled SNMP Traps

SNMP Authentication, Coldstart, Warmstart, Link Status

Default settings of RMON are listed in the following tables.

Table 7-6Default Statistics Config Settings

Parameter

Default Setting

Statistics Entry

No entries

ID

None

Port

None

Owner

None

IP Mode

Valid

Table 7-7Default Settings for History Entries

Parameter

Default Setting

Port

1/0/1

Interval

1800 seconds

Max Buckets

50

Owner

monitor

Status

Disabled

Table 7-8Default Settings for Event Entries

Parameter

Default Setting

User

public

Description

None

Type

None

Owner

monitor

Status

Disabled

Table 7-9Default Settings for Alarm Entries

Parameter

Default Setting

Variable

RecBytes

Statistics

0, means no Statistics entry is selected.

Sample Type

Absolute

Rising Threshold

100

Rising Event

0, means no event is selected.

Falling Threshold

100

Falling Event

0, means no event is selected.

Alarm Type

All

Interval

1800 seconds

Owner

monitor

Status

Disabled