Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Monitoring SNMP
To monitor the status of SNMP operations on your network, enter Privileged Exec mode. You can then establish a baseline and use the show commands to view statistics.
Establishing a Baseline
SNMP statistics are stored in system counters. The only way to reset the system counters is to reboot the router. You can, however, establish a baseline for SNMP statistics by setting a group of reference counters to zero.
baseline snmp
- Use to establish a baseline for SNMP statistics.
- The system implements the baseline by reading and storing the statistics at the time the baseline is set and then subtracting this baseline whenever baseline-relative statistics are retrieved.
- To display statistics relative to the current baseline, use the delta keyword with SNMP show commands.
- SNMP operations (such as Get and Set) continue to use and report statistics from the system counters.
- See Viewing SNMP Status for a sample display when you enter the show snmp command. If you establish a baseline and then enter show snmp, the statistics now have zero or low values.
- Example
host1#baseline snmp host1#show snmp Contact: Joe Administrator Location: Network Lab, Bldg 3 Floor 1 2 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 1 Get-request PDUs 1 Get-next PDUs 0 Set-request PDUs 0 Unknown security models 0 Unavailable contexts 2 SNMP packets out 0 Too big errors (Maximum packet size 1500) 1 No such name errors 0 Bad values errors 0 General errors 2 Get-response PDUs 0 SNMP trap PDUs 0 Invalid Message Report PDUs 0 Unknown PDU Handler Report PDUs 0 Unknown Context Report PDUs 0 Unsupported Security Level Report PDUs 0 Not in time Window Report PDUs 0 Unknown Username Report PDUs 0 Unknown Engine ID Report PDUs 0 Wrong Digest Report PDUs 0 Decryption Error Report PDUs - There is no no version.
- See baseline snmp.
Viewing SNMP Status
To view SNMP status on your network, use the following show commands.
show snmp
- Use to display all the information about SNMP status.
- To display statistics relative to the current baseline, use the delta keyword.
- Field descriptions
- Contact—Router’s contact person
- Location—Router’s location
- SNMP packets input—Total number of SNMP packets
received by the router
- Bad SNMP version errors—Number of SNMP PDUs with a bad version number
- Unknown community name—Number of SNMP PDUs that had an unrecognized community name
- Illegal operation for community name supplied—Number of access violations based on the configured privilege level for community strings
- Encoding errors—Number of AS number version 1 encoding and decoding errors
- Number of requested variables—Number of variable bindings processed by the SNMP agent
- Number of altered variables—Number of variable bindings processed successfully in SNMP set commands
- Get-request PDUs—Number of get-exact SNMP PDUs processed
- Get-next PDUs—Number of get-next SNMP PDUs processed
- Set-request PDUs—Number of set SNMP PDUs processed
- Unknown security models—Number of SNMP PDUs with unrecognized security
- Unavailable contexts—Number of SNMP proxy requests to unknown entities
- SNMP packets out—Total number of SNMP packets sent
by the router
- Too big errors—Number of processed PDUs that resulted in SNMP PDUs too large to encode
- No such name errors—Number of requests that resulted in noSuchName errors. If interfaces configured on modules that do not support 64-bit counters are accessed, the system returns a noSuchName message.
- Bad values errors—Number of requests that resulted in badValues errors
- General errors—Number of general errors
- Get-response PDUs—Number of requests that resulted in getResponse PDUs
- SNMP trap PDUs—Number of SNMP trap PDUs generated by this agent
- SNMP trap proxied—Number of traps generated by this agent that are sent via trap-proxy
- Invalid Message Report PDUs—Number of packets received by the SNMP engine that were dropped because there were invalid or inconsistent components in the SNMP message
- Unknown PDU Handler Report PDUs—Number of packets received by the SNMP engine that were dropped because the PDU in the packet could not be passed to an application responsible for handling the PDU type; for example, no SNMP application had registered for the proper combination of the context engine ID and PDU type
- Unknown Context Report PDUs—Number of packets received by the SNMP engine that were dropped because the context contained in the message was unknown
- Unsupported Security Level Report PDUs—Number of packets received by the SNMP engine that were dropped because they requested a security level that was unknown to the SNMP engine or otherwise unavailable
- Not in time Window Report PDUs—Number of packets received by the SNMP engine that were dropped because they appeared outside the authoritative SNMP engine window
- Unknown Username Report PDUs—Number of packets received by the SNMP engine that were dropped because they referenced a user that was not known to the SNMP engine
- Unknown Engine ID Report PDUs—Number of packets received by the SNMP engine that were dropped because they referenced an snmpEngineID that was not known to the SNMP engine
- Wrong Digest Report PDUs—Number of packets received by the SNMP engine that were dropped because they did not contain the expected digest value
- Decryption Error Report PDUs—Number of packets received by the SNMP engine that were dropped because they could not be decrypted
- Example
host1#show snmp Contact: Joe Administrator Location: Network Lab, Bldg 3 Floor 1 538 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 695 Number of requested variables 0 Number of altered variables 26 Get-request PDUs 512 Get-next PDUs 0 Set-request PDUs 0 Unknown security models 0 Unavailable contexts 538 SNMP packets out 0 Too big errors (Maximum packet size 1500) 10 No such name errors 0 Bad values errors 0 General errors 538 Get-response PDUs 0 SNMP trap PDUs 0 Invalid Message Report PDUs 0 Unknown PDU Handler Report PDUs 0 Unknown Context Report PDUs 0 Unsupported Security Level Report PDUs 0 Not in time Window Report PDUs 0 Unknown Username Report PDUs 0 Unknown Engine ID Report PDUs 0 Wrong Digest Report PDUs 0 Decryption Error Report PDUs - See show snmp.
show snmp access
- Use to display information about the groups you configured.
- Field descriptions
- Group Name—Name of the group
- Model—Security model; for example, user-based security model (USM)
- Level—Method for authentication and privacy
- none—No authentication and no privacy
- auth—Authentication only
- priv—Authentication and privacy
- Read—Name of the view for read access
- Write—Name of the view for write access
- Notify—Name of the view for notification
- Storage—SNMP storage type, volatile or nonvolatile
- Example
host1#show snmp access Group Name Model Level Read Write Notify ------------------ ----- ----- ----------- ----------- --------- admin usm priv everything everything everything mirror usm priv mirrorAdmin mirrorAdmin mirrorAdmin public usm none user none none private usm auth user user user
- See show snmp access.
show snmp community
- Use to display information about the SNMP communities.
- Field descriptions
- Community—Name of the community and the associated virtual router
- View—Name of the view
- Priv—Access privilege for the view
- ro—Read-only access
- rw—Read-write access
- admin—All privileges
- AccList—Number of access lists associated with this community
- Example
host1#show snmp community
Community View Priv AccList ------------------------------------------ ---- ------- admin@default everything rw 0 private@default user rw 0 public@default user ro 0
- See show snmp community.
show snmp group
- Use to display the list of available groups. Detailed information is available through the show snmp access command.
- Field descriptions
- groupName—Name of the group
- securityModel—SNMP security model
- v1—SNMPv1
- v2c—SNMPv2c
- usm—SNMPv
- authenticationLevel—Method for authentication and
privacy
- none—No authentication and no privacy
- auth—Authentication only
- priv—Authentication and privacy
- readView—Name of the view for read access
- writeView—Name of the view for write access
- notifyView—Name of the view for notification
- storageType—SNMP storage type
- volatile—Loses contents when power is lost
- nonVolatile—Does not lose contents when power is lost
- Example
host1#show snmp group Group Name Storage Type ---------------------------------------- --------------- group1 Volatile group2 NonVolatile admin Permanent mirror Permanent public Permanent private Permanent
- See show snmp group.
show snmp notificationLog
- Use to display the configuration of the SNMP notification log.
- Field descriptions
- Global Age Out Value—Ageout for traps in the notification log tables
- Global Entry Limit Value—Maximum number of notifications kept in all notification log tables
- Example
host1#show snmp notificationLog Global Age Out Value: 1440 minutes Global Entry Limit Value : 500 No notification log name information is available
- See show snmp notificationLog.
show snmp trap
- Use to display configuration information about SNMP traps and trap destinations.
- Field descriptions
- Enabled Categories—Trap categories that are enabled on the router.
- SNMP authentication failure trap—Enabled or disabled.
- Trap Source—Interface whose IP address is used as the source address for all SNMP traps.
- Trap Source Address—IP address used as the source address for all SNMP traps.
- Trap Proxy—Enabled or disabled.
- Global Trap Severity Level—Global severity level filter; if a trap does not meet this severity level, it is discarded. If the per-category trap severity level is not set for a particular category, the severity displayed here is used for that category.
- Trap Severity Level—Severity level filter for a trap category; this severity level overrides the globally configured trap severity level.
- TrapCategories—Types of traps enabled on the router for which trap severity is configured at the category level.
- Address—IP address of the trap recipient.
- Security String—Name of the SNMP community.
- Ver—SNMP version (v1 or v2) of the SNMP trap packet.
- Port—UDP port on which the trap recipient accepts traps.
- Trap Categories—Types of traps that the trap recipient can receive.
- TrapSeverityFilter—Severity level filter for this SNMP host.
- Ping TimeOut—Configured ping timeout in minutes.
- Maximum QueueSize—Maximum number of traps to be kept in the trap queue.
- Queue DrainRate—Maximum number of traps per second to be sent to the host.
- Queue Full discard method—Method used to discard
traps when the queue is full:
- dropFirstIn—Oldest trap in the queue is dropped.
- dropLastIn—Most recent trap is dropped .
- Example
host1# show snmp trap Enabled Categories: Bgp, Ospf, Sonet SNMP authentication failure trap is disabled Trap Source: FastEthernet 6/0, Trap Source Address:172.27.120.78 Trap Proxy: enabled Global Trap Severity Level: 7 - debug Trap Severity Level TrapCategories ------------------- ------------------- 7 - debug ospf Address Security String Ver Port Trap Categories --------------- ------------------- --- ----- ---------------- 192.168.1.10 public v1 162 BgpOspf Address TrapSeverityFilter Ping Maximum Queue Queue Full TimeOut QueueSize DrainRate discrd methd ------------ ------------------ ------- --------- --------- ------------- 192.168.1.10 2 - critical 1 32 0 dropLastIn - See show snmp trap.
show snmp trap statistics
- Use to display statistics for all SNMP traps on the virtual router, as well as statistics for each SNMP host configured on the virtual router.
- Field descriptions
- Trap request(s)—Number of local traps requested
- Proxy trap request(s)—Number of proxy traps requested
- Trap(s) discarded—Total number of traps discarded
- No system memory—Traps discarded because there was not enough system memory
- No queue resources—Traps discarded because there were no queue resources available
- SNMP agent disabled—Traps discarded because the SNMP agent was disabled
- Global trap category disabled—Traps discarded because they were filtered by the snmp enable trap command
- Global minimum severity level—Traps discarded because they did not match the severity level set with the snmp enable traps trapfilters command.
- Trap(s) out—Total number of traps sent by the virtual router
- Trap(s) proxied—Total number of traps proxied by the virtual router
- Address—IP address of the host
- TrapsDiscarded Severity/Category—Severity level and category of the discarded traps
- TrapsDiscrded bad encoding—Traps discarded because of bad encoding
- TrapsDiscrded Queue Full—Traps discarded because the queue was full
- TrapsDiscrded NoHostRespons—Traps discarded because the host did not respond to pings sent to the host
- Trap PDUs sentOut—Number of trap PDUs sent by this
host
host1#show snmp trap statistics Trap request(s):3112 Proxy trap request(s):0 Trap(s) discarded:4 No system memory:0 No queue resources:0 SNMP agent disabled:0 Global trap category disabled:4 Global minimum severity level:0 Trap(s) out:3108 Trap(s) proxied:0 Address TrapsDiscarded TrapsDiscrded TrapsDiscrded TrapsDiscrded Severity/Category bad encoding Queue Full NoHostRespons --------------- ----------------- ------------- ------------- ------------- 1.1.1.1 1081 0 511 32 10.10.132.137 0 0 0 0Address Trap PDUs sentOut --------------- --------- 1.1.1.1 536 10.10.132.137 3108
- See show snmp trap statistics.
show snmp user
- Use to display information about users.
- Field descriptions
- User—Name of the user
- Auth—Authorization protocol for this user
- no—No authorization protocol
- md5—HMAC-MD5-96 authorization protocol
- sha—HMAC-SHA-96 authorization protocol
- Priv—Privacy protocol for this user
- no—No privacy protocol
- des—DES encryption algorithm for privacy
- Group—Name of the group to which the user belongs
- Example SNMPv3 display.
host1#show snmp user
User Auth Priv Group ------------------------ ---- ---- ------------------- josie md5 des admin nightfly md5 no private steelydan no no public
- See show snmp user.
show snmp view
- Use to display information about the views you created.
- Field descriptions
- View Name—Name of the view
- View Type—Access privilege for the view
- included—Specified object identifier (OID) trees are available in this view
- excluded—Specified OID trees are not available in this view
- Oid Tree—OID of the AS number version 1 subtree
- Storage—SNMP storage type, volatile or nonvolatile
- Example
host1#show snmp view
View Name View Type Oid Tree -------------- --------- --------------------------- user included 1.3.6.1. user excluded 1.3.6.1.4.1.4874.2.2.16. user excluded 1.3.6.1.6.3.11. user excluded 1.3.6.1.6.3.12. user excluded 1.3.6.1.6.3.13. user excluded 1.3.6.1.6.3.14. user excluded 1.3.6.1.6.3.15. user excluded 1.3.6.1.6.3.16. user excluded 1.3.6.1.6.3.18. nothing excluded 1.3.6.1. everything included 1.3.6.1. everything excluded 1.3.6.1.4.1.4874.2.2.77. mirrorAdmin included 1.3.6.1.4.1.4874.2.2.77.
- See show snmp view.
Output Filtering
You can use the output filtering feature of the show commands to include or exclude lines of output based on a text string you specify. See Command-Line Interface, for details.
