Example for Configuring RMON
Networking Requirements
In Figure 1, a LAN connects to GE0/0/1. The NMS monitors the subnet and performs the following operations:
Collects real-time and history traffic statistics for each type of packet.
Records logs when the traffic rate (number of packets per minute) exceeds the threshold.
Monitors broadcast and multicast traffic rates on the subnet and reports alarms to the NMS when the traffic rate exceeds the threshold.
Configuration Roadmap
Configure RMON statistics collection to collect real-time and history traffic statistics for each type of packet. Configure the RMON alarm to enable the device to record logs and report alarms to the NMS when the traffic rate exceeds the threshold.
The configuration roadmap is as follows:
- Configure IP addresses for switch interfaces.
- Configure a reachable route between the switch and NMS.
- Enable the switch to send traps to the NMS.
Enable RMON statistics collection and configure the statistics and history control tables.
Configure the event, alarm, and extended alarm tables.
Procedure
- Configure IP addresses for switch interfaces to provide a reachable route between the NMS and the switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 20 30 [Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type hybrid [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 30 [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 30 [Switch-GigabitEthernet0/0/1] quit [Switch] interface vlanif 30 [Switch-Vlanif30] ip address 10.1.30.1 24 [Switch-Vlanif30] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type hybrid [Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 20 [Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 20 [Switch-GigabitEthernet0/0/2] quit [Switch] interface vlanif 20 [Switch-Vlanif20] ip address 10.1.20.1 24 [Switch-Vlanif20] quit
- Enable the switch to send traps to the NMS.
# Enable SNMP to send traps.
[Switch] snmp-agent trap enable feature-name rmon# Specify the NMS that receives the traps.
[Switch] snmp-agent target-host trap address udp-domain 10.1.10.1 params securityname nms-admin v3 - Configure RMON statistics collection.
# Enable RMON statistics collection on the interface.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] rmon-statistics enable
# Configure the statistics table.
The interface enabled with the statistics collection cannot be added to an Eth-Trunk.
[Switch-GigabitEthernet0/0/1] rmon statistics 1 owner Test300
# Configure the history control table. Sample traffic on the subnet every 30 seconds and save the latest 10 records
[Switch-GigabitEthernet0/0/1] rmon history 1 buckets 10 interval 30 owner Test300 [Switch-GigabitEthernet0/0/1] quit
- Configure the RMON alarm.
# Configure the event table. Configure the switch to record logs for RMON event 1 and send traps to the NMS for RMON event 2.
[Switch] rmon event 1 log owner Test300 [Switch] rmon event 2 description forUseofPrialarm trap public owner Test300
# Configure the alarm table. Set the sampling interval and the threshold for triggering event 1 (the OID is 1.3.6.1.2.1.16.1.1.1.6.1).
[Switch] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1 falling-threshold 100 1 owner Test300# Configure the extended alarm table. Sample broadcast and multicast packets every 30 seconds. When the number of sampled packets exceeds 1000 or decreases to 0, event 2 is triggered. The switch sends a trap to the NMS.
[Switch] rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1 sumofbroadandmulti 30 delta rising-threshold 1000 2 falling-threshold 0 2 entrytype forever owner Test300 - Verify the configuration.
# View traffic statistics on the subnet.
[Switch] display rmon statistics gigabitethernet 0/0/1 Statistics entry 1 owned by Test300 is valid. Interface : GigabitEthernet0/0/1<ifIndex.58> Received : octets :142915224 , packets :1749151 broadcast packets :11603 , multicast packets:756252 undersize packets :0 , oversize packets :0 fragments packets :0 , jabbers packets :0 CRC alignment errors:0 , collisions :0 Dropped packet (insufficient resources):1795 Packets received according to length (octets): 64 :150183 , 65-127 :150183 , 128-255 :1383 256-511:3698 , 512-1023:0 , 1024-1518:0
# View the sampling records.
[Switch] display rmon history gigabitethernet 0/0/1 History control entry 1 owned by Test300 is valid Samples interface : GigabitEthernet0/0/1<ifIndex.58> Sampling interval : 30(sec) with 10 buckets max Last Sampling time : 0days 22h:42m:56s.01th Latest sampled values : octets :74539 , packets :966 broadcast packets :1 , multicast packets :36 undersize packets :0 , oversize packets :0 fragments packets :0 , jabbers packets :0 CRC alignment errors :0 , collisions :0 Dropped packet :0 , utilization :0 History record: Record No.1 (Sample time: 0days 22h:40m:56s.50th) octets :73926 , packets :963 broadcast packets :0 , multicast packets :36 undersize packets :0 , oversize packets :0 fragments packets :0 , jabbers packets :0 CRC alignment errors :0 , collisions :0 Dropped packet :0 , utilization :0
# View the RMON event configurations.
[Switch] display rmon event Event table 1 owned by Test300 is valid. Description: null. Will cause log when triggered, last triggered at 0days 00h:24m:10s.05th. Event table 2 owned by Test300 is valid. Description: forUseofPrialarm. Will cause snmp-trap when triggered, last triggered at 0days 00h:26m:10s.05th.
# View the RMON alarm configurations.
[Switch] display rmon alarm 1 Alarm table 1 owned by Test300 is valid. Samples absolute value : 1.3.6.1.2.1.16.1.1.1.6.1<etherStatsBroadcastPkts.1> Sampling interval : 30(sec) Rising threshold : 500(linked with event 1) Falling threshold : 100(linked with event 1) When startup enables : risingOrFallingAlarm Latest value : 1975
# View the RMON extended alarm configurations.
[Switch] display rmon prialarm 1 Prialarm table 1 owned by Test300 is valid. Samples delta value : .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1 Sampling interval : 30(sec) Rising threshold : 1000(linked with event 2) Falling threshold : 0(linked with event 2) When startup enables : risingOrFallingAlarm This entry will exist : forever Latest value : 16
# View the event logs.
[Switch] display rmon eventlog Event table 1 owned by Test300 is valid. Generates eventLog 1.1 at 0days 00h:39m:30s.01th. Description: The 1.3.6.1.2.1.16.1.1.1.6.1 defined in alarm table 1, less than or equal to 100 with alarm value 0. Alarm sample type is absolute.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 20 30 # interface Vlanif20 ip address 10.1.20.1 255.255.255.0 # interface Vlanif30 ip address 10.1.30.1 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type hybrid port hybrid pvid vlan 30 port hybrid untagged vlan 30 rmon-statistics enable rmon statistics 1 owner Test300 rmon history 1 buckets 10 interval 30 owner Test300 # interface GigabitEthernet0/0/2 port link-type hybrid port hybrid pvid vlan 20 port hybrid untagged vlan 20 # snmp-agent snmp-agent local-engineid 800007DB03020000000211 snmp-agent sys-info version v3 snmp-agent target-host trap address udp-domain 10.1.10.1 params securityname nms-admin v3 snmp-agent trap enable feature-name RMON # rmon event 1 description null log owner Test300 rmon event 2 description forUseofPrialarm trap public owner Test300 rmon alarm 1 1.3.6.1.2.1.16.1.1.1.6.1 30 absolute rising-threshold 500 1 falling-threshold 100 1 owner Test300 rmon prialarm 1 .1.3.6.1.2.1.16.1.1.1.6.1+.1.3.6.1.2.1.16.1.1.1.7.1 sumofbroadandmulti 30 delta rising-threshold 1000 2 falling-threshold 0 2 entrytype forever owner Test300 # return