[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Monitoring SNMP
To monitor the status of SNMP operations on your
network, enter Privileged Exec mode. You can then establish a baseline
and use the show commands to view statistics.
Establishing a Baseline
SNMP statistics are stored in system counters.
The only way to reset the system counters is to reboot the router.
You can, however, establish a baseline for SNMP statistics by setting
a group of reference counters to zero.
baseline snmp
- Use to establish a baseline for SNMP statistics.
- The system implements the baseline by reading and storing
the statistics at the time the baseline is set and then subtracting
this baseline whenever baseline-relative statistics are retrieved.
- To display statistics relative to the current baseline,
use the delta keyword with SNMP show commands.
- SNMP operations (such as Get and Set) continue to use
and report statistics from the system counters.
- See Viewing SNMP Status for a sample display
when you enter the show snmp command. If you establish a baseline and then
enter show snmp, the statistics now
have zero or low values.
- Example
host1#baseline snmp
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
2 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
1 Get-request PDUs
1 Get-next PDUs
0 Set-request PDUs
0 Unknown security models
0 Unavailable contexts
2 SNMP packets out
0 Too big errors (Maximum packet size 1500)
1 No such name errors
0 Bad values errors
0 General errors
2 Get-response PDUs
0 SNMP trap PDUs
0 Invalid Message Report PDUs
0 Unknown PDU Handler Report PDUs
0 Unknown Context Report PDUs
0 Unsupported Security Level Report PDUs
0 Not in time Window Report PDUs
0 Unknown Username Report PDUs
0 Unknown Engine ID Report PDUs
0 Wrong Digest Report PDUs
0 Decryption Error Report PDUs
- There is no no version.
- See baseline snmp.
Viewing SNMP Status
To view SNMP status on your network, use the following show commands.
show snmp
- Use to display all the information about SNMP status.
- To display statistics relative to the current baseline,
use the delta keyword.
- Field descriptions
- Contact—Router’s contact person
- Location—Router’s location
- SNMP packets input—Total number of SNMP packets
received by the router
- Bad SNMP version errors—Number of SNMP PDUs with
a bad version number
- Unknown community name—Number of SNMP PDUs that
had an unrecognized community name
- Illegal operation for community name supplied—Number
of access violations based on the configured privilege level for community
strings
- Encoding errors—Number of AS number version 1 encoding
and decoding errors
- Number of requested variables—Number of variable
bindings processed by the SNMP agent
- Number of altered variables—Number of variable bindings
processed successfully in SNMP set commands
- Get-request PDUs—Number of get-exact SNMP PDUs processed
- Get-next PDUs—Number of get-next SNMP PDUs processed
- Set-request PDUs—Number of set SNMP PDUs processed
- Unknown security models—Number of SNMP PDUs with
unrecognized security
- Unavailable contexts—Number of SNMP proxy requests
to unknown entities
- SNMP packets out—Total number of SNMP packets sent
by the router
- Too big errors—Number of processed PDUs that resulted
in SNMP PDUs too large to encode
- No such name errors—Number of requests that resulted
in noSuchName errors. If interfaces configured on modules that do
not support 64-bit counters are accessed, the system returns a noSuchName
message.
- Bad values errors—Number of requests that resulted
in badValues errors
- General errors—Number of general errors
- Get-response PDUs—Number of requests that resulted
in getResponse PDUs
- SNMP trap PDUs—Number of SNMP trap PDUs generated
by this agent
- SNMP trap proxied—Number of traps generated by this
agent that are sent via trap-proxy
- Invalid Message Report PDUs—Number of packets received
by the SNMP engine that were dropped because there were invalid or
inconsistent components in the SNMP message
- Unknown PDU Handler Report PDUs—Number of packets
received by the SNMP engine that were dropped because the PDU in the
packet could not be passed to an application responsible for handling
the PDU type; for example, no SNMP application had registered for
the proper combination of the context engine ID and PDU type
- Unknown Context Report PDUs—Number of packets received
by the SNMP engine that were dropped because the context contained
in the message was unknown
- Unsupported Security Level Report PDUs—Number of
packets received by the SNMP engine that were dropped because they
requested a security level that was unknown to the SNMP engine or
otherwise unavailable
- Not in time Window Report PDUs—Number of packets
received by the SNMP engine that were dropped because they appeared
outside the authoritative SNMP engine window
- Unknown Username Report PDUs—Number of packets received
by the SNMP engine that were dropped because they referenced a user
that was not known to the SNMP engine
- Unknown Engine ID Report PDUs—Number of packets
received by the SNMP engine that were dropped because they referenced
an snmpEngineID that was not known to the SNMP engine
- Wrong Digest Report PDUs—Number of packets received
by the SNMP engine that were dropped because they did not contain
the expected digest value
- Decryption Error Report PDUs—Number of packets received
by the SNMP engine that were dropped because they could not be decrypted
- Example
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
538 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
695 Number of requested variables
0 Number of altered variables
26 Get-request PDUs
512 Get-next PDUs
0 Set-request PDUs
0 Unknown security models
0 Unavailable contexts
538 SNMP packets out
0 Too big errors (Maximum packet size 1500)
10 No such name errors
0 Bad values errors
0 General errors
538 Get-response PDUs
0 SNMP trap PDUs
0 Invalid Message Report PDUs
0 Unknown PDU Handler Report PDUs
0 Unknown Context Report PDUs
0 Unsupported Security Level Report PDUs
0 Not in time Window Report PDUs
0 Unknown Username Report PDUs
0 Unknown Engine ID Report PDUs
0 Wrong Digest Report PDUs
0 Decryption Error Report PDUs
- See show snmp.
show snmp access
- Use to display information about the groups you configured.
- Field descriptions
- Group Name—Name of the group
- Model—Security model; for example, user-based security
model (USM)
- Level—Method for authentication and privacy
- none—No authentication and no privacy
- auth—Authentication only
- priv—Authentication and privacy
- Read—Name of the view for read access
- Write—Name of the view for write access
- Notify—Name of the view for notification
- Storage—SNMP storage type, volatile or nonvolatile
- Example
host1#show snmp access
Group Name Model Level Read Write Notify
------------------ ----- ----- ----------- ----------- ---------
admin usm priv everything everything everything
mirror usm priv mirrorAdmin mirrorAdmin mirrorAdmin
public usm none user none none
private usm auth user user user
- See show snmp access.
show snmp community
- Use to display information about the SNMP communities.
- Field descriptions
- Community—Name of the community and the associated
virtual router
- View—Name of the view
- Priv—Access privilege for the view
- ro—Read-only access
- rw—Read-write access
- admin—All privileges
- AccList—Number of access lists associated with this
community
- Example
host1#show snmp community
Community View Priv AccList
------------------------------------------ ---- -------
admin@default everything rw 0
private@default user rw 0
public@default user ro 0
- See show snmp community.
show snmp group
- Use to display the list of available groups. Detailed
information is available through the show snmp access command.
- Field descriptions
- groupName—Name of the group
- securityModel—SNMP security model
- v1—SNMPv1
- v2c—SNMPv2c
- usm—SNMPv
- authenticationLevel—Method for authentication and
privacy
- none—No authentication and no privacy
- auth—Authentication only
- priv—Authentication and privacy
- readView—Name of the view for read access
- writeView—Name of the view for write access
- notifyView—Name of the view for notification
- storageType—SNMP storage type
- volatile—Loses contents when power is lost
- nonVolatile—Does not lose contents when power is
lost
- Example
host1#show snmp group
Group Name Storage Type
---------------------------------------- ---------------
group1 Volatile
group2 NonVolatile
admin Permanent
mirror Permanent
public Permanent
private Permanent
- See show snmp group.
show snmp notificationLog
- Use to display the configuration of the SNMP notification
log.
- Field descriptions
- Global Age Out Value—Ageout for traps in the notification
log tables
- Global Entry Limit Value—Maximum number of notifications
kept in all notification log tables
- Example
host1#show snmp notificationLog
Global Age Out Value: 1440 minutes
Global Entry Limit Value : 500
No notification log name information is available
- See show snmp notificationLog.
show snmp trap
- Use to display configuration information about SNMP traps
and trap destinations.
- Field descriptions
- Enabled Categories—Trap categories that are enabled
on the router.
- SNMP authentication failure trap—Enabled or disabled.
- Trap Source—Interface whose IP address is used as
the source address for all SNMP traps.
- Trap Source Address—IP address used as the source
address for all SNMP traps.
- Trap Proxy—Enabled or disabled.
- Global Trap Severity Level—Global severity level
filter; if a trap does not meet this severity level, it is discarded.
If the per-category trap severity level is not set for a particular
category, the severity displayed here is used for that category.
- Trap Severity Level—Severity level filter for a
trap category; this severity level overrides the globally configured
trap severity level.
- TrapCategories—Types of traps enabled on the router
for which trap severity is configured at the category level.
- Address—IP address of the trap recipient.
- Security String—Name of the SNMP community.
- Ver—SNMP version (v1 or v2) of the SNMP trap packet.
- Port—UDP port on which the trap recipient accepts
traps.
- Trap Categories—Types of traps that the trap recipient
can receive.
- TrapSeverityFilter—Severity level filter for this
SNMP host.
- Ping TimeOut—Configured ping timeout in minutes.
- Maximum QueueSize—Maximum number of traps to be
kept in the trap queue.
- Queue DrainRate—Maximum number of traps per second
to be sent to the host.
- Queue Full discard method—Method used to discard
traps when the queue is full:
- dropFirstIn—Oldest trap in the queue is dropped.
- dropLastIn—Most recent trap is dropped .
- Example
host1# show snmp trap
Enabled Categories: Bgp, Ospf, Sonet
SNMP authentication failure trap is disabled
Trap Source: FastEthernet 6/0, Trap Source Address:172.27.120.78
Trap Proxy: enabled
Global Trap Severity Level: 7 - debug
Trap Severity Level TrapCategories
------------------- -------------------
7 - debug ospf
Address Security String Ver Port Trap Categories
--------------- ------------------- --- ----- ----------------
192.168.1.10 public v1 162 BgpOspf
Address TrapSeverityFilter Ping Maximum Queue Queue Full
TimeOut QueueSize DrainRate discrd methd
------------ ------------------ ------- --------- --------- -------------
192.168.1.10 2 - critical 1 32 0 dropLastIn
- See show snmp trap.
show snmp trap statistics
- Use to display statistics for all SNMP traps on the virtual
router, as well as statistics for each SNMP host configured on the
virtual router.
- Field descriptions
- Trap request(s)—Number of local traps requested
- Proxy trap request(s)—Number of proxy traps requested
- Trap(s) discarded—Total number of traps discarded
- No system memory—Traps discarded because there was
not enough system memory
- No queue resources—Traps discarded because there
were no queue resources available
- SNMP agent disabled—Traps discarded because the
SNMP agent was disabled
- Global trap category disabled—Traps discarded because
they were filtered by the snmp enable trap command
- Global minimum severity level—Traps discarded because
they did not match the severity level set with the snmp
enable traps trapfilters command.
- Trap(s) out—Total number of traps sent by the virtual
router
- Trap(s) proxied—Total number of traps proxied by
the virtual router
- Address—IP address of the host
- TrapsDiscarded Severity/Category—Severity level
and category of the discarded traps
- TrapsDiscrded bad encoding—Traps discarded because
of bad encoding
- TrapsDiscrded Queue Full—Traps discarded because
the queue was full
- TrapsDiscrded NoHostRespons—Traps discarded because
the host did not respond to pings sent to the host
- Trap PDUs sentOut—Number of trap PDUs sent by this
host
host1#show snmp trap statistics
Trap request(s):3112
Proxy trap request(s):0
Trap(s) discarded:4
No system memory:0
No queue resources:0
SNMP agent disabled:0
Global trap category disabled:4
Global minimum severity level:0
Trap(s) out:3108
Trap(s) proxied:0
Address TrapsDiscarded TrapsDiscrded TrapsDiscrded TrapsDiscrded
Severity/Category bad encoding Queue Full NoHostRespons
--------------- ----------------- ------------- ------------- -------------
1.1.1.1 1081 0 511 32
10.10.132.137 0 0 0 0 Address Trap PDUs
sentOut
--------------- ---------
1.1.1.1 536
10.10.132.137 3108
- See show snmp trap statistics.
show snmp user
- Use to display information about users.
- Field descriptions
- User—Name of the user
- Auth—Authorization protocol for this user
- no—No authorization protocol
- md5—HMAC-MD5-96 authorization protocol
- sha—HMAC-SHA-96 authorization protocol
- Priv—Privacy protocol for this user
- no—No privacy protocol
- des—DES encryption algorithm for privacy
- Group—Name of the group to which the user belongs
- Example SNMPv3 display.
User Auth Priv Group
------------------------ ---- ---- -------------------
josie md5 des admin
nightfly md5 no private
steelydan no no public
- See show snmp user.
show snmp view
- Use to display information about the views you created.
- Field descriptions
- View Name—Name of the view
- View Type—Access privilege for the view
- included—Specified object identifier (OID) trees
are available in this view
- excluded—Specified OID trees are not available in
this view
- Oid Tree—OID of the AS number version 1 subtree
- Storage—SNMP storage type, volatile or nonvolatile
- Example
View Name View Type Oid Tree
-------------- --------- ---------------------------
user included 1.3.6.1.
user excluded 1.3.6.1.4.1.4874.2.2.16.
user excluded 1.3.6.1.6.3.11.
user excluded 1.3.6.1.6.3.12.
user excluded 1.3.6.1.6.3.13.
user excluded 1.3.6.1.6.3.14.
user excluded 1.3.6.1.6.3.15.
user excluded 1.3.6.1.6.3.16.
user excluded 1.3.6.1.6.3.18.
nothing excluded 1.3.6.1.
everything included 1.3.6.1.
everything excluded 1.3.6.1.4.1.4874.2.2.77.
mirrorAdmin included 1.3.6.1.4.1.4874.2.2.77.
- See show snmp view.
Output Filtering
You can use the output filtering feature of the show commands to include or exclude lines of output
based on a text string you specify. See Command-Line Interface, for details.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
