Section 13.1: Monitoring Cisco Switches
You can monitor and manage your Catalyst switches in a number of different ways. One way is primarily through a console port using either the command-line interface (CLI) or other methods for performing network management functions, such as Cisco Discovery Protocol (CDP), Embedded Remote Monitoring (RMON), or Switched Port Analyzer (SPAN). The console port is an EIA/TIA-232 DCE interface to which you can connect a console terminal or modem. The type of connector, however, used depends on the hardware.
Through the console port, you can directly access the CLI or configure a Serial Line Internet Protocol (SLIP) interface to access such network management functions as Telnet, ping, and SNMP. An IP address can be assigned to the Cisco switch for management purposes. Once the address is in place, you can direct Telnet to access the IP address of the switch to reach the CLI.
You can also use the IP address of the switch to access an SNMP agent, such as CiscoWorks 2000.
13.1.1: Out-of-Band Management
Out-of-band management access for Cisco switches is performed via a console port connection or the Serial Line Internet Protocol (SLIP).
13.1.1.1: Console Port Connection
The console port is the local console terminal connection to the switch. Depending on the type of switch used, connect an EIA/TIA-232 terminal, a modem, or a network management workstation to the switch, via a straight-through cable to use the console port. The console port enables you to: configure the switch using a command-line interface; monitor network statistics and errors; configure SNMP agent parameters; and to download software updates to the switch or distribute software images residing in Flash memory to attached devices.
13.1.2: In-Band Management
In-band management access for Cisco switches is performed using the Simple Network Management Protocol (SNMP); Telnet; or the Cisco Discovery Protocol (CDP).
13.1.2.1: SNMP
Simple Network Management Protocol (SNMP) is an application layer protocol designed to facilitate the exchange of management information between network devices. The SNMP system consists of a SNMP manager, a SNMP agent, and a Management Information Base (MIB).
Instead of defining a large set of commands, SNMP places all operations in a get-request, getnext-request, and set-request format. A SNMP manager can get a value from an SNMP agent or store a value into that SNMP agent. The SNMP manager can be part of a network management system (NMS), and the SNMP agent can reside on a networking device such as a switch. The SNMP agent can respond to MIB-related queries being sent by the NMS.
A SNMP agents can access a MIB variable using the get-request or get-next-request format; set a MIB variable; and can SNMP trap. The latter is used to notify a network management station that an extraordinary event has occurred at an agent. When a trap condition occurs, the SNMP agent sends an SNMP agent trap message to each of the network management stations as specified in the trap receiver table.
To configure SNMP on a switch, configure the SNMP community strings via the set snmp community { read-only | read-write | read-write-all } [ community_name ] command. Then assign a trap receiver address and community via the set snmp trap rcvr_address rcvr_community command. If desired, configure the switch so that it issues an authentication trap via the set snmp trap enable command.
The keywords for the set snmp community command are:
• read-only, which assigns read-only access to the specified SNMP community.
• read-write, which assigns read-write access to the specified SNMP community.
• read-write-all, which assigns read-write access to the specified SNMP community.
• community_name, which is an optional parameter that specifies the name of the SNMP community. The default SNMP community strings are as follows:
An IP permit trap is sent when unauthorized access based on the IP permit list is attempted. The set snmp trap command is a privileged mode switch command used to enable or disable the different SNMP traps on the system or to add an entry into the SNMP authentication trap receiver table. The default configuration has SNMP traps disabled. Use the show snmp command to verify the appropriate traps were configured. The syntax for the set snmp trap command is:
set snmp trap { enable | disable } [ all | module | chassis | bridge
| repeater | auth | vtp | ippermit | vmps | config | entity | stpx ] set snmp trap rcvr_address rcvr_community
Table 14.1 list the keywords and arguments for the set snmp trap command
Table 13.1: Keywords and Arguments for the set snmp trap Command | ||
Keyword or Argument |
Definition | |
enable |
Keyword to activate SNMP traps | |
disable |
Keyword to deactivate SNMP traps | |
all |
Optional keyword to specify all trap types | |
module |
Optional keyword to specify the moduleUp moduleDown traps from the CISCO-STACK-MIB |
and |
chassis |
Optional keyword to specify the ciscoSyslogMIB. | |
bridge |
Optional keyword to specify the newRoot topologyChange traps. |
and |
repeater |
Optional keyword to specify the rptrHealth, rptrGroupChange, and rptrResetEvent traps. |
Optional keyword to specify the authenticationFailure trap. Optional keyword to specify the VTP.
auth
vtp
ippermit
vmps
config
entity
stpx
rcvr_address rcvr_ community
Optional keyword to specify the IP Permit Denied access. Optional keyword to specify the vmVmpsChange trap. Optional keyword to specify the sysConfigChange. Optional keyword to specify the entityMIB trap.
Optional keyword to specify the STPX trap.
IP address or IP alias of the system to receive SNMP traps. Community name to use when sending authentication traps.
13.1.2.2: Telnet Client Access
Remote, in-band SNMP management is possible through any LAN or ATM interface assigned to the same VLAN as the Supervisor module's NMP IP address. In-band connections can be used to establish Telnet sessions to the Cisco switch CLI or SNMP management sessions on an SNMP-based management platform.
Cisco switches provide outgoing Telnet functionality from the CLI; this allows a network manager to use Telnet from the CLI of the switch to other devices on the network. Using Telnet, a network manager can maintain a connection to a Cisco switch while also connecting to another switch or router. Cisco switches support up to eight simultaneous Telnet sessions. Telnet sessions disconnect automatically after remaining idle for a configurable time period. To access the switch through a Telnet session, you must first set the IP address for the switch.
13.1.2.3: Cisco Discovery Protocol (CDP)
Cisco Discovery Protocol (CDP) is media- and protocol-independent and runs on all Cisco manufactured equipment. With CDP, network management applications can retrieve the device type and the SNMP-agent address of neighboring devices. Applications are now enabled to send SNMP queries to neighboring devices.
CDP enables network management applications to dynamically discover Cisco devices that are neighbors of already known devices, neighbors running lower-layer transparent protocols in particular. CDP runs on all media that support the Subnetwork Access Protocol (SNAP). CDP runs over the data link layer only, not the network layer. Therefore, two systems that support different network layer protocols can learn about each other. Cached CDP information is available to network management applications. However, Cisco devices never forward a CDP packet. When new information is received, old information is discarded.
13.1.3: Embedded Remote Monitoring
Cisco switches provide support for the Embedded Remote Monitoring (RMON) of Ethernet and Fast Ethernet ports. Embedded RMON allows you to monitor network activity. It enables you to access and remotely monitor the RMON specification RFC 1757 groupings of statistics, historical information, alarms, and events for any port through SNMP or the TrafficDirector Management application. The RMON feature monitors network traffic at the data link layer of the OSI model without requiring a dedicated monitoring probe or network analyzer. RMON enables a network manager to analyze network traffic patterns, set up proactive alarms to detect problems before they affect users, identify heavy network users as candidates to move to dedicated or higher speed ports, and perform trend analysis for long-term planning.
The statistics group of the RMON specification maintains utilization and error statistics for the switch that is monitored. Statistics include information about collisions; cyclic redundancy checks (CRC) and alignment; undersized or oversized packets; jabber; fragments; broadcast, multicast, and unicast messages; and bandwidth utilization.
To configure a Cisco switch for RMON, activate SNMP remote monitoring support via the set snmp rmon enable command.
13.1.4: Switched Port Analyzer
Cisco switches have a Switched Port Analyzer (SPAN) feature which enables you to monitor traffic on any port for analysis by a network analyzer device or RMON probe. This feature also provides RMON2 statistics on all nine RMON groups and all seven layers of the OSI model. Enhanced SPAN (E-SPAN) enables you to monitor traffic from multiple ports with the same VLAN to a port for analysis.
The SPAN redirects traffic from an Ethernet, Fast Ethernet, or Fiber Distributed Data Interface (FDDI) port or VLAN to an Ethernet or Fast Ethernet monitor port for analysis and troubleshooting. You can monitor a single port or VLAN using a dedicated analyzer such as a Network Associates Sniffer, or an RMON probe, such as a Cisco SwitchProbe.