Monitoring SNMP

[Contents] [Prev] [Next] [Index] [Report an Error]

Monitoring SNMP
To monitor the status of SNMP operations on your network, enter Privileged Exec mode. You can then establish a baseline and use the show commands to view statistics.

Establishing a Baseline

SNMP statistics are stored in system counters. The only way to reset the system counters is to reboot the system. You can, however, establish a baseline for SNMP statistics by setting a group of reference counters to zero.

baseline snmp

Use to establish a baseline for SNMP statistics.

The system implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.

To display statistics relative to the current baseline, use the delta keyword with SNMP show commands.

SNMP operations (such as Get and Set) continue to use and report statistics from the system counters.

See Viewing SNMP Status later in this chapter for a sample display when you enter the show snmp command. If you establish a baseline and then enter show snmp, the statistics now have zero or low values.

Example
host1#baseline snmp
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
2 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    0 Number of requested variables
    0 Number of altered variables
    1 Get-request PDUs
    1 Get-next PDUs
    0 Set-request PDUs
    0 Unknown security models
    0 Unavailable contexts
2 SNMP packets out
    0 Too big errors (Maximum packet size 1500)
    1 No such name errors
    0 Bad values errors
    0 General errors
    2 Get-response PDUs
    0 SNMP trap PDUs
    0 Invalid Message Report PDUs
    0 Unknown PDU Handler Report PDUs
    0 Unknown Context Report PDUs
    0 Unsupported Security Level Report PDUs
    0 Not in time Window Report PDUs
    0 Unknown Username Report PDUs
    0 Unknown Engine ID Report PDUs
    0 Wrong Digest Report PDUs
    0 Decryption Error Report PDUs
There is no no version.

Viewing SNMP Status

To view SNMP status on your network, use the following show commands.

show snmp

Use to display all the information on SNMP status.

To display statistics relative to the current baseline, use the delta keyword.

Field descriptions

Contact - router's contact person

Location - router's location

SNMP packets input - total number of SNMP packets received by the router

Bad SNMP version errors - number of SNMP PDUs with a bad version number

Unknown community name - number of SNMP PDUs that had an unrecognized community name

Illegal operation for community name supplied - number of access violations based on the configured privilege level for community strings

Encoding errors - number of ASN.I encoding and decoding errors

Number of requested variables - number of variable bindings processed by the SNMP agent

Number of altered variables - number of variable bindings processed successfully in SNMP set commands

Get-request PDUs - number of get-exact SNMP PDUs processed

Get-next PDUs - number of get-next SNMP PDUs processed

Set-request PDUs - number of set SNMP PDUs processed

Unknown security models - number of SNMP PDUs with unrecognized security

Unavailable contexts - number of SNMP proxy requests to unknown entities

SNMP packets out - total number of SNMP packets sent by the router

Too big errors - number of processed PDUs that resulted in SNMP PDUs too large to encode

No such name errors - number of requests that resulted in noSuchName errors. If interfaces configured on modules that do not support 64-bit counters are accessed, the system returns a noSuchName message.

Bad values errors - number of requests that resulted in badValues errors

General errors - number of general errors

Get-response PDUs - number of requests that resulted in getResponse PDUs

SNMP trap PDUs - number of SNMP trap PDUs generated by this agent

Invalid Message Report PDUs - number of packets received by the SNMP engine that were dropped because there were invalid or inconsistent components in the SNMP message

Unknown PDU Handler Report PDUs - number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the pduType; for example, no SNMP application had registered for the proper combination of the contextEngineID and pduType

Unknown Context Report PDUs - number of packets received by the SNMP engine that were dropped because the context contained in the message was unknown

Unsupported Security Level Report PDUs - number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable

Not in time Window Report PDUs - number of packets received by the SNMP engine that were dropped because they appeared outside of the authoritative SNMP engine window

Unknown Username Report PDUs - number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine

Unknown Engine ID Report PDUs - number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engine

Wrong Digest Report PDUs - number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value

Decryption Error Report PDUs - number of packets received by the SNMP engine that were dropped because they could not be decrypted

Example
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
538 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    695 Number of requested variables
    0 Number of altered variables
    26 Get-request PDUs
    512 Get-next PDUs
    0 Set-request PDUs
    0 Unknown security models
    0 Unavailable contexts
538 SNMP packets out
    0 Too big errors (Maximum packet size 1500)
    10 No such name errors
    0 Bad values errors
    0 General errors
    538 Get-response PDUs
    0 SNMP trap PDUs
    0 Invalid Message Report PDUs
    0 Unknown PDU Handler Report PDUs
    0 Unknown Context Report PDUs
    0 Unsupported Security Level Report PDUs
    0 Not in time Window Report PDUs
    0 Unknown Username Report PDUs
    0 Unknown Engine ID Report PDUs
    0 Wrong Digest Report PDUs
    0 Decryption Error Report PDUs
show snmp access

Use to display information about the groups you configured.

Field descriptions

Group Name - name of the group

Model - security model; for example, user-based security model (USM)

Level - method for authentication and privacy

none - no authentication and no privacy

auth - authentication only

priv - authentication and privacy

Read - name of the view for read access

Write - name of the view for write access

Notify - name of the view for notification

Example
host1#show snmp access
Group Name          Model  Level  Read        Write       Notify
------------------- -----  -----  ----------  ----------  ---------
admin               usm    priv   everything  everything  everything
public              usm    none   user        none        none
private             usm    auth   user        user        user
show snmp community

Use to display information about the SNMP communities.

Field descriptions

Community - name of the community and the associated virtual router

View - name of the view

Priv - access privilege for the view

ro - read-only access

rw - read-write access

admin - all privileges

AccList - number of access lists associated with this community

Example
host1#show snmp community
Community                    View           Priv  AccList
------------------------------------------  ----  -------
admin@default                everything     rw          0
private@default              user           rw          0
public@default               user           ro          0
show snmp trap

Use to display status information on configured SNMP traps and trap destinations only.

Field descriptions

Enabled Categories - trap categories that are enabled on the router

SNMP authentication failure trap - enabled or disabled

Trap Source - interface whose IP address is used as the source address for all SNMP traps

Trap Proxy - enabled or disabled

Global Trap Severity Level - global severity level filter; if a trap does not meet this severity level, it is discarded

Trap PDUs sent - number of trap PDUs sent by the system

Trap PDUs filtered - number of trap PDUs that were dropped by the system because they were filtered

Address - IP address of the trap recipient

Security String - name of the SNMP community

Ver - SNMP version (v1 or v2) of the SNMP trap packet

Port - UDP port on which the trap recipient accepts traps

Trap Categories - types of traps that the trap recipient can receive

TrapSeverityFilter - severity level filter for this SNMP host

TrapPDUsSent - number of trap PDUs sent by this host

TrapPDUsFiltered - total number of trap PDUs that were dropped by the host because they were filtered

Example
host1#show snmp trap
Enabled Categories: Snmp, Link, Bulkstats, FileXfer, Bgp, Log, CliSecurity,
Ping, Ospf, AddressPool, AtmPing
SNMP authentication failure trap is enabled
Trap Source: fastEthernet 0/0
Trap Proxy: disabled
Global Trap Severity Level: 4 - warning
Trap PDUs sent: 0
Trap PDUs filtered: 53
Address         Security String                 Ver  Port  Trap Categories
--------------  ------------------------------  ---  ----- ----------------
10.5.0.200      private                        v2c  162
SnmpLinkInvEnvBstFxfBgpLogcliPingOspfTraceDvmrpDvmrpUniAdrPatmPing
Address          TrapSeverityFilter  TrapPDUsSent  TrapPDUsFiltered
---------------  ------------------  ------------  ----------------
10.5.0.200       5 - notice          0             0    
show snmp user

Use to display information about users.

Field descriptions

User - name of the user

Auth - authorization protocol for this user

no - no authorization protocol

md5 - HMAC-MD5-96 authorization protocol

sha - HMAC-SHA-96 authorization protocol

Priv - privacy protocol for this user

no - no privacy protocol

des - DES encryption algorithm for privacy

Group - name of the group to which the user belongs

The following example is an SNMPv3 display.

Example
host1#show snmp user
User                     Auth  Priv  Group
------------------------ ----  ----  -------------------
josie                    md5   des   admin
nightfly                 md5   no    private
steelydan                no    no    public
show snmp view

Use to display information about the views you created.

Field descriptions

View Name - name of the view

View Type - access privilege for the view

included - specified object identifier (OID) trees are available in this view

excluded - specified OID trees are not available in this view

Oid Tree - OID of the ASN.1 subtree

Example
host1#show snmp view
View Name       View Type  Oid Tree
--------------  ---------  ---------------------------
everything      included   1.3.6.1.
user            included   1.3.6.1.
user            excluded   1.3.6.1.4.1.2773.2.16.
user            excluded   1.3.6.1.4.1.4874.2.2.16.
user            excluded   1.3.6.1.6.3.11.
user            excluded   1.3.6.1.6.3.12.
user            excluded   1.3.6.1.6.3.13.
user            excluded   1.3.6.1.6.3.14.
user            excluded   1.3.6.1.6.3.15.
user            excluded   1.3.6.1.6.3.16.
user            excluded   1.3.6.1.6.3.18.
nothing         excluded   1.3.6.1.
Output Filtering

You can use the output filtering feature of the show commands to include or exclude lines of output based on a text string you specify. See Chapter 2, Command Line Interface, for details.

[Contents] [Prev] [Next] [Index] [Report an Error]