|
|
This feature module describes the Remote Monitoring (RMON) MIB Update. It includes information on the benefits of this new feature, supported platforms, related documents, and other information you may need to work with new features associated with RMON.
The RMON MIB identifies activity on individual nodes and allows you to monitor all nodes and their interaction on a LAN segment. Used in conjunction with the Simple Network Management Protocol (SNMP) agent in a router, RMON allows you to view both traffic that flows through the router and segment traffic not necessarily destined for the router. Combining RMON alarms and events, which are classes of messages that indicate traffic violations and various unusual occurrences over a network, with existing MIBs allows you to choose where proactive monitoring will occur.
Full RMON packet analysis is available only on an Ethernet interface of the Cisco 2500 series and Cisco AS5200 series routers. RMON requires that SNMP be configured. A generic RMON console application is recommended in order to take advantage of the network management capabilities of the RMON MIB.
RMON can be very data and processor intensive. Users should measure usage effects to ensure that router performance is not degraded by RMON and to minimize excessive management traffic overhead. Native mode is less intensive than promiscuous mode.
All Cisco IOS software images ordered without the explicit RMON option include limited RMON support (RMON alarms and event groups only). Images ordered with the RMON option include support for all nine management groups (statistics, history, alarms, hosts, hostTopN, matrix, filter, capture, and event). As a security precaution, support for the capture group allows capture of packet header information only; data payloads are not captured.
The RMON agent has been rewritten to improve performance and add some new features. The command line interface (CLI) has been enhanced with some new RMON commands. New features include.
| Object | Description |
|---|---|
probeCapabilities | The RMON software groups implemented. |
probeSoftwareRev | The current version of Cisco IOS running on the device. |
probeHardwareRev | The current version of Cisco device. |
probeDateTime | The current date and time. |
probeResetControl | Initiates a reset. |
probeDownloadFile | The source of the image running on the device. |
probeDownloadTFTPServer | The address of the server that contains the Trivial File Transfer Protocol (TFTP) file that is used by the device to download new versions of Cisco IOS. |
probeDownloadAction | Specifies the action of the commands that cause the device to reboot. |
probeDownloadStatus | The state of a reboot. |
netDefaultGateway | The router mapped to the device as the default gateway. |
hcRMONCapabilities | Specifies the features mapped to this version of RMON. |
| Prior to the RMON MIB Update | Using the RMON MIB Update |
|---|---|
RMON configurations do not persist across reboots. Information is lost after a new session on the RMON server. | RMON configurations persist across reboots. Information is preserved after a new session on the RMON server. |
Packet analysis applies only on the Media Access Control (MAC) header of the packet. | Complete packet capture is performed with analysis applied to all frames in packet. |
Only RMON I MIB objects are used for network monitoring. | RMON I and selected RMON II objects are used for network monitoring. |
The C2500, AS5200, and AS5300 are the only platforms that support the RMON MIB Update feature.
No new or modified MIBs are supported by this feature. For descriptions of supported MIBs and how to use MIBs, see Cisco's MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
None
You must be running a version of SNMP on the server that contains the RMON MIB.
You can configure a router to the RMON MIB Update. Perform the following tasks to configure different RMON groups.
| Command | Purpose |
|---|---|
Router(config)# rmon collection history {controlEntry
integer} [owner ownername] [buckets bucket-number]
[interval seconds]
| Enables an RMON history group of statistics on an interface. |
| Command | Purpose |
|---|---|
Router(config)# rmon collection host {controlEntry
integer} [owner ownername]
| Enables an RMON host collection group of statistics on an interface. |
| Command | Purpose |
|---|---|
Router(config)# rmon collection matrix {controlEntry
integer} [owner ownername]
| Enables an RMON matrix group of statistics on an interface. |
| Command | Purpose |
|---|---|
Router(config)# rmon collection rmon1 {controlEntry
integer} [owner ownername]
| Enables all possible autoconfigurable RMON statistic collections on an interface. |
Step 1 To view the configuration, enter the show rmon capture command. A sample configuration follows:
show rmon capture Buffer 1 is active, owned by John Smith Captured data is from channel 1 Slice size is 128, download size is 128 Download offset is 0 Full Status is full, full action is wrapWhenFull Granted -1 octets out of -1 requested Buffer has been on since 18:59:48, and has captured 522 packets Current capture buffer entries: Packet 3271 was captured 2018256 ms since buffer was turned on Its length is 184 octets and has a status type of 0 Packet ID is 3721, and contains the following data: 03 00 00 00 00 01 00 A0 CC 3C 9D DF 00 A6 F0 03 Packet 3722 was captured 2018452 ms since buffer was turned on Its length is 64 octets and has a status type of 0 Packet ID is 3722, and contains the following data: 01 80 C2 00 00 00 00 60 09 FD FE D3 00 26 42 03
Step 2 To view values associated with RMON variables, enter the show rmon matrix command. The following output is displayed:
show rmon matrix Matrix 1 is active and owned by Monitors ifEntry.1.1 Table size is 42, last time an entry was deleted was at 11:18:09 Source addr is 0000.0c47.007b, dest addr is ffff.ffff.ffff Transmitted 2 pkts, 128 octets, 0 errors Source addr is 0000.92a8.319e, dest addr is 0060.5c86.5b82 Transmitted 2 pkts, 384 octets, 1 error
| Command | Purpose |
|---|---|
router# show rmon capture | Displays the RMON buffer capture table. |
router# show rmon filter | Displays the RMON filter table. |
router# show rmon hosts | Displays the RMON hosts table. |
router# show rmon matrix | Displays the RMON matrix table. |
This section provides the following configuration examples:
The following example shows an RMON collection history session being enabled with a statistic group of 20 and an owner of john:
rmon collection history controlEntry 20 owner john
The following example shows an RMON host collection session enabled with a statistic group of 20 and an owner of john:
rmon collection host controlEntry 20 owner john
The following example shows an RMON matrix session enabled with a statistic group of 20 and an owner of john:
rmon collection matrix controlEntry 20 owner john
The following example shows all possible autoconfigurable RMON statistic collections being enabled with a statistic group of 20 and an owner of john:
rmon collection rmon1 controlEntry 20 owner john
This section documents new or modified commands that configure the RMON Update feature. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command references.
In Cisco IOS Release 12.0(1)T or later, you can search and filter the output for show and more commands. This functionality is useful when you need to sort through large amounts of output, or if you want to exclude output that you do not need to see.
To use this functionality, enter a show or more command followed by the "pipe" character (|), one of the keywords begin, include, or exclude, and an expression that you want to search or filter on:
command | {begin | include | exclude} regular-expressionFollowing is an example of the show atm vc command in which you want the command output to begin with the first line where the expression "PeakRate" appears:
show atm vc | begin PeakRateFor more information on the search and filter functionality, refer to the Cisco IOS Release 12.0(1)T feature module titled CLI String Search.
To disable the packet zeroing feature that initializes the user payload portion of each Remote Monitoring (RMON) MIB packet, use the rmon capture-userdata global configuration command. To enable packet zeroing, use the no form of the command.
rmon capture-userdataThis command has no arguments or keywords.
No default behavior or values.
Global configuration
| Release | Modification |
|---|---|
12.0(5)T | This command was introduced. |
Use the show rmon matrix command to display RMON statistics.
The following command disables the packet zeroing feature:
rmon capture-userdata
| Command | Description |
rmon collection matrix | Enables an RMON matrix group of statistics on an interface. |
To enable an Remote Monitoring (RMON) MIB history group of statistics on an interface, use the rmon collection history interface configuration command. To remove a specified RMON history group of statistics, use the no form of the command.
rmon collection history {controlEntry integer} [owner ownername] [buckets bucket-number] [interval seconds]
controlEntry | Specifies the RMON group of statistics using a value. |
integer | A value from 1 to 65535 that identifies the RMON group of statistics and matches the index value returned for Simple Network Management Protocol (SNMP) requests. |
owner | (Optional) Specifies the name of the owner of the RMON group of statistics. |
ownername | (Optional) Records the name of the owner of the RMON group of statistics. |
buckets | (Optional) Specifies the maximum number of buckets desired for the RMON collection history group of statistics. |
bucket-number | (Optional) A value associated with the number of buckets specified for the RMON collection history group of statistics. |
interval | (Optional) Specifies the number of seconds in each polling cycle. |
seconds | (Optional) The number of seconds in each polling cycle. |
No default behavior or values.
Interface configuration
| Release | Modification |
|---|---|
12.0(5)T | This command was introduced. |
Use the show rmon capture and show rmon matrix commands to display RMON statistics.
The following command enables a Remote Monitoring (RMON) MIB collection history group of statistics with an ID number of 20 and an owner of john:
rmon collection history controlEntry 20 owner john
| Command | Description |
show rmon capture | Displays the RMON buffer capture table. |
show rmon matrix | Displays the RMON matrix table. |
To enable an Remote Monitoring (RMON) MIB host collection group of statistics on the interface, use the rmon collection host interface configuration command. To remove the specified RMON host collection, use the no form of the command.
rmon collection host {controlEntry integer} [owner ownername]
controlEntry | Specifies the RMON group of statistics using a value. |
integer | A value from 1 to 65535 that identifies the RMON group of statistics and matches the index value returned for Simple Network Management Protocol (SNMP) requests. |
owner | (Optional) Specifies the name of the owner of the RMON group of statistics. |
ownername | (Optional) Records the name of the owner of the RMON group of statistics. |
No default behavior or values.
Interface configuration
| Release | Modification |
|---|---|
12.0(5)T | This command was introduced. |
Use the show rmon hosts and show rmon matrix commands to display RMON statistics.
The following command enables an RMON collection host group of statistics with an ID number of 20 and an owner of john:
rmon collection host controlEntry 20 owner john
| Command | Description |
show rmon hosts | Displays the RMON hosts table. |
show rmon matrix | Displays the RMON matrix table. |
To enable an Remote Monitoring (RMON) MIB matrix group of statistics on an interface, use the rmon collection matrix interface configuration command. To remove a specified RMON matrix group of statistics, use the no form of the command.
rmon collection matrix {controlEntry integer} [owner ownername]
controlEntry | Specifies the RMON group of statistics using a value. |
integer | A value between 1 and 65535 that identifies the RMON group of statistics and matches the index value returned for Simple Network Management Protocol (SNMP) requests. |
owner | (Optional) Specifies the name of the owner of the RMON group of statistics. |
ownername | (Optional) Records the name of the owner of the RMON group of statistics. |
No default behavior or values.
Interface configuration
| Release | Modification |
|---|---|
12.0(5)T | This command was introduced. |
Use the show rmon matrix command to display RMON statistics.
The following command enables the RMON collection matrix group of statistics with an ID number of 20 and an owner of john:
rmon collection matrix controlEntry 20 owner john
| Command | Description |
show rmon matrix | Displays the RMON matrix table. |
To enable all possible autoconfigurable Remote Monitoring (RMON) MIB statistic collections on the interface, use the rmon collection rmon1 interface configuration command. To disable these statistic collections on the interface, use the no form of the command.
rmon collection rmon1 {controlEntry integer} [owner ownername]
controlEntry | Specifies the RMON group of statistics using a value. |
integer | A value from 1 to 65535 that identifies the RMON group of statistics and matches the index value returned for Simple Network Management Protocol (SNMP) requests. |
owner | (Optional) Specifies the name of the owner of the RMON group of statistics. |
ownername | (Optional) Records the name of the owner of the RMON group of statistics. |
No default behavior or values.
Interface configuration
| Release | Modification |
|---|---|
12.0(5)T | This command was introduced. |
Use the show rmon matrix command to display RMON statistics.
The following command enables the RMON collection rmon1 group of statistics with an ID of 20 and an owner of john:
rmon collection rmon1 controlEntry 20 owner john
| Command | Description |
show rmon matrix | Displays the RMON matrix table. |
To display the Remote Monitoring (RMON) MIB buffer capture table, use the show rmon capture EXEC command.
show rmon captureThis command has no arguments or keywords.
EXEC
| Release | Modification |
|---|---|
11.0 | This command was introduced. |
12.0(5)T | This command has been expanded. |
Use the show rmon matrix command to display RMON statistics.
The following example shows output from the show rmon capture command:
show rmon capture
Buffer 1 is active, owned by John Smith
Captured data is from channel 1
Slice size is 128, download size is 128
Download offset is 0
Full Status is full, full action is wrapWhenFull
Granted -1 octets out of -1 requested
Buffer has been on since 18:59:48, and has captured 522 packets
Current capture buffer entries:
Packet 3271 was captured 2018256 ms since buffer was turned on
Its length is 184 octets and has a status type of 0
Packet ID is 3721, and contains the following data:
03 00 00 00 00 01 00 A0 CC 3C 9D DF 00 A6 F0 03
Packet 3722 was captured 2018452 ms since buffer was turned on
Its length is 64 octets and has a status type of 0
Packet ID is 3722, and contains the following data:
01 80 C2 00 00 00 00 60 09 FD FE D3 00 26 42 03
Table 2 describes the fields shown in the example.
| Field | Description |
|---|---|
Buffer # is active, | Equates to bufferControlIndex in the bufferControlTable of RMON. Uniquely identifies a valid (active) row in this table. |
owned by | Denotes the owner of this row. Equates to bufferControlOwner in the bufferControlTable of RMON. |
Captured data is from channel | Equates to the bufferControlChannelIndex and identifies which RMON channel is the source of these packets. |
Slice size is | Identifies the maximum number of octets of each packet that will be saved in this capture buffer. Equates to bufferControlCaptureSliceSize of RMON. |
download size is | Identifies the maximum number of octets of each packet in this capture buffer that will be returned in an SNMP retrieval of that packet. Equates to bufferControlDownloadSliceSize in RMON. |
Download offset is | Shows the offset of the first octet of each packet in this capture buffer that will be returned in an SNMP retrieval of that packet. Equates to bufferControlDownloadOffset in RMON. |
Full Status is | Shows a setting of either full that indicates the buffer is full or spaceAvailable that indicates the buffer has room to accept new packets. Equates to bufferControlFullAction in RMON. |
full action is | Controls the action of the buffer when it reaches full status. Equates to bufferControlFullAction in RMON. |
Granted X octets out of X requested | Shows the actual maximum number of octets that can be saved in this capture buffer. Equates to bufferControlMaxOctetsGranted in RMON. |
Buffer has been on since HH:MM:SS, | Indicates how long the buffer has been available. |
and has captured XX packets | Number of packets captured since buffer was turned on. Equates to bufferControlCapturedPackets in RMON. |
Current capture buffer entries: | Lists each packet captured. |
Packet XX was captured XX ms since buffer was turned on Its length is XX octets and has a status type of X | Zero indicates the error status of this packet. Equates to captureBufferPacketStatus in RMON, where its value options are documented. |
Packet ID is XX | Shows the index that describes the order of packets received on a particular interface. Equates to captureBufferPacketID in RMON. |
and contains the following data: | Shows the data inside the packet, starting at the beginning of the packet. |
| Command | Description |
show rmon matrix | Displays the RMON matrix table. |
To display the Remote Monitoring (RMON) MIB filter table, use the show rmon filter EXEC command.
show rmon filterThis command has no arguments or keywords.
EXEC
| Release | Modification |
|---|---|
11.0 | This command was introduced. |
12.0(5)T | This command was expanded. |
Use the show rmon filter command to display RMON statistics.
The following example shows output from the show rmon filter command:
show rmon filter
Filter 4096 is active, and owned by manager 1
Data offset is 12, with
Data of 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ab 45 30 15 ac 15 31 06
Data Mask is ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff
Data Not Mask is 0
Pkt status is 0, status mask is 0, not mask is 0
Associated channel 4096 is active, and owned by manager1
Type of channel is acceptMatched, data control is off
Generate event index 0
Event status is eventFired, # of matches is 1482
Turn on event index is 0, turn off event index is 0
Description:
Table 3 describes the fields shown in the example.
| Field | Description |
|---|---|
Filter X is active, and owned by X | Displays a unique index of the filter, its current state, and the owner, as defined in the filterTable of RMON. |
Data offset is | Displays an offset from the beginning of each packet where a match of packet data will be attempted. Equivalent to filterPktDataOffset in RMON. |
Data of | Displays data that is to be matched with the input packet. Equivalent to filterPktDataMask in RMON. |
Data Not Mask is | Displays an inversion mask that is applied to the match process. Equivalent to filterPktDataNotMask in RMON. |
Pkt status is | Displays the status that is to be matched with the input packet. Equivalent to filterPktDataNotMask in RMON. |
status mask is | Displays the mask that is applied to the status match process. Equivalent to filterPktStatusMask in RMON. |
not mask is | Displays the inversion mask that is applied to the status match process. Equivalent to filterPktStatusNotMask in RMON. |
Associated channel X is active, and owned by X | Displays a unique index of the channel, its current state, and the owner, as defined in the channelTable of RMON. |
Type of channel is acceptMatched | This object controls the action of the filters associated with this channel. Equivalent to channelAcceptType of RMON. |
data control is off | Controls the flow of data through this channel. Equivalent to channelDataControl in RMON. |
Generate event index 0 | Identifies the event that is configured to be generated when the associated channelDataControl is on and a packet is matched. Equivalent to channelEventIndex in RMON. |
Event status is eventFired | When the channel is configured to generate events when packets are matched, this message indicates the means of controlling the flow of those events. Equivalent to channelEventStatus in RMON. |
| Command | Description |
show rmon matrix | Displays the RMON matrix table. |
To display the Remote Monitoring (RMON) MIB hosts table, use the show rmon hosts EXEC command.
show rmon hostsThis command has no arguments or keywords.
EXEC
| Release | Modification |
|---|---|
11.0 | This command was introduced. |
12.0(5)T | This command was expanded. |
Use the show rmon matrix and show rmon collection host commands to display RMON statistics.
The following example shows output from the show rmon hosts command:
show rmon hosts
Host1 is active, and owned by manager1
Monitors ifEntry.1.1
Table size is 24, last time an entry was deleted was at 14:47:04
Creation Order number is 1
Physical address is 0010.7b39.f2d1
Packets: rcvd 1867, transmitted 2918
Octets: rcvd 120050, transmitted 203868
# of packets transmitted: broadcast 2, multicast 66
# of bad packets transmitted is 0
Creation Order number is 2
Physical address is 0060.5c86.5b82
Packets: rcvd 166120, transmitted 174587
# of packets transmitted: broadcast 66, multicast 86
# of bad packets transmitted is 0
Creation Order number is 3
Physical address is 0100.5300.000a
Packets: recvd 855, transmitted 0
Octets: rcvd 66690, transmitted 0
# of packets transmitted: broadcast 0, multicast 0
# of bad packets transmitted is 0
Table 4 describes the fields shown in the example.
| Field | Description |
|---|---|
Host Control Entry X is active and owned by X | Displays a unique index of the host entry, its current state, and the owner as defined in the hostControlTable of RMON. |
Monitors host ifEntry | Identifies the source of the data for this instance of the host function. Equivalent to hostControlDataSource in RMON. |
Table size is | Displays the number of hostEntries in the hostTable and the hostTimeTable associated with this hostControlEntry. Equivalent to hostControlTableSize in RMON. |
last time an entry was deleted was at | Displays the time when the last entry was deleted from the hostTable. |
Creation order number is | Displays the index that defines the relative ordering of the creation time of hosts captured for a particular hostControlEntry. Equivalent to hostCreationOrder in RMON. |
Physical address is | Displays the physical address of this host. Equivalent to hostAddress in RMON. |
Packets: | Header for fields that determine the number of packets received or sent. |
rcvd | Displays the number of good packets received on this address. Equivalent to hostInPkts in RMON. |
transmitted | Displays the number of packets, including bad packets sent by this address. Equivalent to hostOutPkts in RMON. |
Octets | Header for fields that determine the number of octets being received and sent on an interface. |
rcvd | Displays the number of octets sent to this address since it was added to the hostTable (excluding framing bits but including FCS octets), except for those octets in bad packets. Equivalent to hostInOctets in RMON. |
transmitted | Displays the number of octets sent by this address since it was added to the hostTable (excluding framing bits but including FCS octets), including those octets in bad packets. Equivalent to hostOutOctets in RMON. |
# of packets transmitted: | Displays the number of good packets sent by this address that were broadcast or multicast. |
broadcast | Displays the number of good packets sent by this address that were broadcast. |
multicast | Displays the number of good packets sent by this address that were multicast. |
# of bad packets transmitted is | Displays the number of bad packets transmitted by this address. |
| Command | Description |
show rmon matrix | Displays the RMON matrix table. |
rmon collection host | Enables an RMON host collection group of statistics on the interface. |
To display the Remote Monitoring (RMON) MIB matrix table, use the show rmon matrix EXEC command.
show rmon matrixThis command has no arguments or keywords.
EXEC
| Release | Modification |
|---|---|
11.0 | This command was introduced. |
12.0(5)T | This command was expanded. |
Use the show rmon matrix command to display RMON statistics.
The following example shows output from the show rmon matrix command:
show rmon matrix
Matrix 1 is active and owned by
Monitors ifEntry.1.1
Table size is 42, last time an entry was deleted was at 11:18:09
Source addr is 0000.0c47.007b, dest addr is ffff.ffff.ffff
Transmitted 2 pkts, 128 octets, 0 errors
Source addr is 0000.92a8.319e, dest addr is 0060.5c86.5b82
Transmitted 2 pkts, 384 octets, 1 error
Table 5 describes the fields shown in the example.
| Field | Description |
|---|---|
Matrix is active, and owned by | Displays a unique index of the matrix entry, its current state, and the owner as defined in the matrixControlTable of RMON. |
Monitors ifEntry | Identifies the source of the data for this instance of the matrix function. Equivalent to matrixControlDataSource in RMON. |
Table size is | Displays the size of the matrix table. |
last time an entry was deleted was at | Displays the time that the last entry was deleted. |
Source addr is | Displays the physical address of an instance of a matrix table object on an interface. |
dest addr is | Displays the physical address on an interface that is the target of the matrix table object. |
Transmitted | The header for fields that determine the number of packets, octets, and errors being sent. |
pkts | Displays the number of packets being sent and received between the interface that is the original source address and the interface that is the original desination address since being added to the matrix tables (matrix SDTable and matrixDSTable). |
octets | Displays the number of octets being sent and received between the interface that is the original source address and the interface that is the original destination address since being added to the matrix tables (matrix SDTable and matrixDSTable). |
errors | Displays the number of errors being sent and received between the interface that is the original source address and the interface that is the original destination address since being added to the matrix tables (matrixSDTable and matrixDSTable). |
| Command | Description |
rmon collection matrix | Enables an RMON matrix group of statistics on an interface. |
RMON buffer capture table---An RMON table that details a list of packets captured off of a channel or a logical data or events stream.
RMON filter table---An RMON table that details a list of packet filter entries that screens packets for specified conditions as they travel between interfaces.
RMON hosts table---An RMON table that details a list of host entries.
RMON matrix table---An RMON table that details a list of traffic matrix entries indexed by source and destination MAC addresses.
Posted: Mon Jul 26 14:41:55 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.