Monitoring SNMP

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

JUNOSe 9.1.x System Basics Configuration Guide > Configuring SNMP > Monitoring SNMP
Monitoring SNMP

To monitor the status of SNMP operations on your network, enter Privileged Exec mode. You can then establish a baseline and use the show commands to view statistics.

Establishing a Baseline

SNMP statistics are stored in system counters. The only way to reset the system counters is to reboot the router. You can, however, establish a baseline for SNMP statistics by setting a group of reference counters to zero.

baseline snmp
Use to establish a baseline for SNMP statistics.

The system implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.

To display statistics relative to the current baseline, use the delta keyword with SNMP show commands.

SNMP operations (such as Get and Set) continue to use and report statistics from the system counters.

See Viewing SNMP Status for a sample display when you enter the show snmp command. If you establish a baseline and then enter show snmp, the statistics now have zero or low values.

Example
host1#baseline snmp
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
2 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    0 Number of requested variables
    0 Number of altered variables
    1 Get-request PDUs
    1 Get-next PDUs
    0 Set-request PDUs
    0 Unknown security models
    0 Unavailable contexts
2 SNMP packets out
    0 Too big errors (Maximum packet size 1500)
    1 No such name errors
    0 Bad values errors
    0 General errors
    2 Get-response PDUs
    0 SNMP trap PDUs
    0 Invalid Message Report PDUs
    0 Unknown PDU Handler Report PDUs
    0 Unknown Context Report PDUs
    0 Unsupported Security Level Report PDUs
    0 Not in time Window Report PDUs
    0 Unknown Username Report PDUs
    0 Unknown Engine ID Report PDUs
    0 Wrong Digest Report PDUs
    0 Decryption Error Report PDUs
There is no no version.
Viewing SNMP Status

To view SNMP status on your network, use the following show commands.

show snmp

Use to display all the information about SNMP status.

To display statistics relative to the current baseline, use the delta keyword.

Field descriptions

Contact—Router's contact person

Location—Router's location

SNMP packets input—Total number of SNMP packets received by the router

Bad SNMP version errors—Number of SNMP PDUs with a bad version number

Unknown community name—Number of SNMP PDUs that had an unrecognized community name

Illegal operation for community name supplied—Number of access violations based on the configured privilege level for community strings

Encoding errors—Number of AS number version 1 encoding and decoding errors

Number of requested variables—Number of variable bindings processed by the SNMP agent

Number of altered variables—Number of variable bindings processed successfully in SNMP set commands

Get-request PDUs—Number of get-exact SNMP PDUs processed

Get-next PDUs—Number of get-next SNMP PDUs processed

Set-request PDUs—Number of set SNMP PDUs processed

Unknown security models—Number of SNMP PDUs with unrecognized security

Unavailable contexts—Number of SNMP proxy requests to unknown entities

SNMP packets out—Total number of SNMP packets sent by the router

Too big errors—Number of processed PDUs that resulted in SNMP PDUs too large to encode

No such name errors—Number of requests that resulted in noSuchName errors. If interfaces configured on modules that do not support 64-bit counters are accessed, the system returns a noSuchName message.

Bad values errors—Number of requests that resulted in badValues errors

General errors—Number of general errors

Get-response PDUs—Number of requests that resulted in getResponse PDUs

SNMP trap PDUs—Number of SNMP trap PDUs generated by this agent

SNMP trap proxied—Number of traps generated by this agent that are sent via trap-proxy

Invalid Message Report PDUs—Number of packets received by the SNMP engine that were dropped because there were invalid or inconsistent components in the SNMP message

Unknown PDU Handler Report PDUs—Number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the PDU type; for example, no SNMP application had registered for the proper combination of the context engine ID and PDU type

Unknown Context Report PDUs—Number of packets received by the SNMP engine that were dropped because the context contained in the message was unknown

Unsupported Security Level Report PDUs—Number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable

Not in time Window Report PDUs—Number of packets received by the SNMP engine that were dropped because they appeared outside the authoritative SNMP engine window

Unknown Username Report PDUs—Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine

Unknown Engine ID Report PDUs—Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engine

Wrong Digest Report PDUs—Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value

Decryption Error Report PDUs—Number of packets received by the SNMP engine that were dropped because they could not be decrypted
Example
host1#show snmp
Contact: Joe Administrator
Location: Network Lab, Bldg 3 Floor 1
538 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    695 Number of requested variables
    0 Number of altered variables
    26 Get-request PDUs
    512 Get-next PDUs
    0 Set-request PDUs
    0 Unknown security models
    0 Unavailable contexts
538 SNMP packets out
    0 Too big errors (Maximum packet size 1500)
    10 No such name errors
    0 Bad values errors
    0 General errors
    538 Get-response PDUs
    0 SNMP trap PDUs
    0 Invalid Message Report PDUs
    0 Unknown PDU Handler Report PDUs
    0 Unknown Context Report PDUs
    0 Unsupported Security Level Report PDUs
    0 Not in time Window Report PDUs
    0 Unknown Username Report PDUs
    0 Unknown Engine ID Report PDUs
    0 Wrong Digest Report PDUs
    0 Decryption Error Report PDUs
show snmp access

Use to display information about the groups you configured.

Field descriptions

Group Name—Name of the group

Model—Security model; for example, user-based security model (USM)

Level—Method for authentication and privacy

none—No authentication and no privacy

auth—Authentication only

priv—Authentication and privacy

Read—Name of the view for read access

Write—Name of the view for write access

Notify—Name of the view for notification

Storage—SNMP storage type, volatile or nonvolatile
Example
host1#show snmp access
Group Name          Model  Level  Read         Write        Notify
------------------  -----  -----  -----------  -----------  ---------
admin               usm    priv   everything   everything   everything
mirror              usm    priv   mirrorAdmin  mirrorAdmin  mirrorAdmin
public              usm    none   user         none         none
private             usm    auth   user         user         user
show snmp community

Use to display information about the SNMP communities.

Field descriptions

Community—Name of the community and the associated virtual router

View—Name of the view

Priv—Access privilege for the view

ro—Read-only access

rw—Read-write access

admin—All privileges

AccList—Number of access lists associated with this community
Example
host1#show snmp community
Community                    View           Priv  AccList
------------------------------------------  ----  -------
admin@default                everything     rw          0
private@default              user           rw          0
public@default               user           ro          0
show snmp group

Use to display the list of available groups. Detailed information is available through the show snmp access command.

Field descriptions

groupName—Name of the group

securityModel—SNMP security model

v1—SNMPv1

v2c—SNMPv2c

usm—SNMPv

authenticationLevel—Method for authentication and privacy

none—No authentication and no privacy

auth—Authentication only

priv—Authentication and privacy

readView—Name of the view for read access

writeView—Name of the view for write access

notifyView—Name of the view for notification

storageType—SNMP storage type

volatile—Loses contents when power is lost

nonVolatile—Does not lose contents when power is lost
Example
host1#show snmp group
Group Name                                Storage Type
----------------------------------------  ---------------
group1                                    Volatile
group2                                    NonVolatile
admin                                     Permanent
mirror                                    Permanent
public                                    Permanent
private                                   Permanent
show snmp notificationLog

Use to display the configuration of the SNMP notification log.

Field descriptions

Global Age Out Value—Ageout for traps in the notification log tables

Global Entry Limit Value—Maximum number of notifications kept in all notification log tables
Example
host1#show snmp notificationLog
Global Age Out Value:      1440 minutes
Global Entry Limit Value : 500
No notification log name information is available 
show snmp trap

Use to display configuration information about SNMP traps and trap destinations.

Field descriptions

Enabled Categories—Trap categories that are enabled on the router

SNMP authentication failure trap—Enabled or disabled

Trap Source—Interface whose IP address is used as the source address for all SNMP traps

Trap Source Address—IP address used as the source address for all SNMP traps

Trap Proxy—Enabled or disabled

Global Trap Severity Level—Global severity level filter; if a trap does not meet this severity level, it is discarded

Address—IP address of the trap recipient

Security String—Name of the SNMP community

Ver—SNMP version (v1 or v2) of the SNMP trap packet

Port—UDP port on which the trap recipient accepts traps

Trap Categories—Types of traps that the trap recipient can receive

TrapSeverityFilter—Severity level filter for this SNMP host

Ping TimeOut—Configured ping timeout in minutes

Maximum QueueSize—Maximum number of traps to be kept in the trap queue

Queue DrainRate—Maximum number of traps per second to be sent to the host

Queue Full discard method—Method used to discard traps when the queue is full:

dropFirstIn—Oldest trap in the queue is dropped

dropLastIn—Most recent trap is dropped

Example
host1#show snmp trap
Enabled Categories: Ping, TraceRoute
SNMP authentication failure trap is disabled
Trap Source: FastEthernet 0/0, Trap Source Address:10.10.5.61
Trap Proxy: disabled
Global Trap Severity Level: 6 - informational
Address          Security String                   Ver  Port   Trap Categories
---------------  --------------------------------  ---  -----  ----------------
10.10.0.200       private                           v2c 162
SnmpLinkInvEnvBstFxfBgpLogCliPingOspfTraceDvmrpDvmrpUniAdrPAtmPingVrrpSonetNtp
Address         TrapSeverityFilter  Ping    Maximum    Queue    Queue Full
                                   TimeOut QueueSize DrainRate discrd methd
--------------- ------------------ ------- --------- --------- -------------
10.10.0.200      5 - notice         1       32        0         dropLastIn 
show snmp trap statistics

Use to display statistics for all SNMP traps on the virtual router, as well as statistics for each SNMP host configured on the virtual router.

Field descriptions

Trap request(s)—Number of local traps requested

Proxy trap request(s)—Number of proxy traps requested

Trap(s) discarded—Total number of traps discarded

No system memory—Traps discarded because there was not enough system memory

No queue resources—Traps discarded because there were no queue resources available

SNMP agent disabled—Traps discarded because the SNMP agent was disabled

Global trap category disabled—Traps discarded because they were filtered by the snmp enable trap command

Global minimum severity level—Traps discarded because they did not match the severity level set with the snmp enable traps trapfilters command.
Trap(s) out—Total number of traps sent by the virtual router

Trap(s) proxied—Total number of traps proxied by the virtual router

Address—IP address of the host

TrapsDiscarded Severity/Category—Severity level and category of the discarded traps

TrapsDiscrded bad encoding—Traps discarded because of bad encoding

TrapsDiscrded Queue Full—Traps discarded because the queue was full

TrapsDiscrded NoHostRespons—Traps discarded because the host did not respond to pings sent to the host

Trap PDUs sentOut—Number of trap PDUs sent by this host
host1#show snmp trap statistics
Trap request(s):        3112
Proxy trap request(s):        0
Trap(s) discarded:        4
    No system memory:    0
    No queue resources:    0
    SNMP agent disabled:    0
    Global trap category disabled:    4
    Global minimum severity level:    0
Trap(s) out:        3108
Trap(s) proxied:        0
Address         TrapsDiscarded    TrapsDiscrded TrapsDiscrded TrapsDiscrded
                Severity/Category bad encoding  Queue Full    NoHostRespons
--------------- ----------------- ------------- ------------- -------------
1.1.1.1         1081              0             511           32
10.10.132.137   0                 0             0             0 
Address         Trap PDUs
                sentOut
--------------- ---------
1.1.1.1         536
10.10.132.137   3108
show snmp user

Use to display information about users.

Field descriptions

User—Name of the user

Auth—Authorization protocol for this user

no—No authorization protocol

md5—HMAC-MD5-96 authorization protocol

sha—HMAC-SHA-96 authorization protocol

Priv—Privacy protocol for this user

no—No privacy protocol

des—DES encryption algorithm for privacy

Group—Name of the group to which the user belongs
Example SNMPv3 display.
host1#show snmp user
User                     Auth  Priv  Group
------------------------ ----  ----  -------------------
josie                    md5   des   admin
nightfly                 md5   no    private
steelydan                no    no    public
show snmp view

Use to display information about the views you created.

Field descriptions

View Name—Name of the view

View Type—Access privilege for the view

included—Specified object identifier (OID) trees are available in this view

excluded—Specified OID trees are not available in this view

Oid Tree—OID of the AS number version 1 subtree

Storage—SNMP storage type, volatile or nonvolatile
Example
host1#show snmp view
View Name       View Type  Oid Tree
--------------  ---------  ---------------------------
user            included   1.3.6.1.
user            excluded   1.3.6.1.4.1.4874.2.2.16.
user            excluded   1.3.6.1.6.3.11.
user            excluded   1.3.6.1.6.3.12.
user            excluded   1.3.6.1.6.3.13.
user            excluded   1.3.6.1.6.3.14.
user            excluded   1.3.6.1.6.3.15.
user            excluded   1.3.6.1.6.3.16.
user            excluded   1.3.6.1.6.3.18.
nothing         excluded   1.3.6.1.
everything      included   1.3.6.1.
everything      excluded   1.3.6.1.4.1.4874.2.2.77.
mirrorAdmin     included   1.3.6.1.4.1.4874.2.2.77.
Output Filtering

You can use the output filtering feature of the show commands to include or exclude lines of output based on a text string you specify. See Chapter 2, Command-Line Interface, for details.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]