|
|
Cisco SwitchProbe devices are hardware and software products that implement selected network diagnostic functions when connected to an appropriate network link. They support the nine Ethernet or the ten Token Ring basic Remote Monitoring (RMON) or Remote Monitoring2 (RMON2) Management Information Base (MIB) groups, wide area network (WAN), Copper Distributed Data Interface (CDDI), and Fiber Distributed Data Interface (FDDI), including filters, channels, and packet capture. These devices provide complete protocol monitoring and decoding when you use them with a client equipped with protocol decode software. All models also support the MIB II system and interface groups.
Cisco SwitchProbe devices contain specialized agent software that is designed to gather a wide variety of statistical information about network operation. The SwitchProbe device gathers this information by examining every packet that is passed on the network segment that the agent is attached to. The agent stores this statistical information locally within continuous counters, which you can reset upon command.
In addition to gathering statistics, the agent supports the filters and packet-capture RMON-MIB groups so that individual packets or sequences of packets can be examined to identify and isolate network operational problems.
A typical network is equipped with multiple Cisco SwitchProbe devices, with one SwitchProbe device connected to each individual network segment or to the SPAN (diagnostic) port on the switch. The SwitchProbe devices are managed and controlled from a centrally located network management console that is designated as the client. From the client you can request and examine data provided by the agent you select. With Cisco SwitchProbe agents, you can have multiple clients active; this enables you to perform network diagnostic functions from multiple locations, such as from primary and secondary network management centers.
SwitchProbe devices come in a variety of models to address a wide range of network topologies. In monitor mode, they gather statistics and capture packets through an interface. An interface in manage mode communicates the data gathered, alarms, and configuration commands between the SwitchProbe agents and the management software.
Ethernet and Token Ring SwitchProbe models are intended for use in Ethernet and Token Ring network environments. A single RMON agent is standard. An optional second LAN interface and RMON agent to monitor the second LAN link is also available.
The WAN SwitchProbe devices are used in WAN network applications where LAN traffic is transmitted over a wide area link. The WAN SwitchProbe devices with Ethernet or Token Ring sideband use an RMON agent for a WAN link and include an Ethernet or Token Ring LAN interface for connection to the network management software or to monitor the LAN link.
CDDI and FDDI SwitchProbe models are used in CDDI or FDDI network applications where LAN traffic is transmitted over a CDDI or FDDI link. These models use an RMON agent for the high-speed link and include a LAN interface for a sideband connection to the network management software. You can also configure them for in-band management and use the high-speed CDDI or FDDI link to communicate to the management software.
Fast Ethernet SwitchProbe models are used in Fast Ethernet network applications. These models use an RMON agent for the high-speed link and include a LAN interface for a sideband connection to the network management console (also known as client or software). You can configure the half-duplex models for in-band management and use the high-speed Fast Ethernet link to communicate to the management console.
Cisco's HSSI WAN Probe monitors WAN traffic over a full-duplex HSSI link, providing complete RMON2/Enterprise RMON traffic analysis. The HSSI WAN probe is similar to existing Cisco WAN probes with the extended ability to monitor speeds up to 45 Mbps.
Multiport probes have multiple interfaces that can monitor individual network segments. One multiport probe can simultaneously monitor multiple network segments. Always perform management through the Ethernet or Token Ring segment attached to Interface 1 (or use the SLIP port for out-of-band management). The first two interface assignments are common to all multiport probes. Additional interface depends on the multiport model you have.
A single multiport Ethernet probe operates like a group of Ethernet probes. It has multiple Ethernet interfaces that can provide complete RMON traffic analysis of different LANs and network devices.
Multiport Ethernet probes also have a special "mirror" interface. This is an internal interface numbered 49 that is added to TrafficDirector as an individual agent permitting you to monitor aggregate traffic statistics from all Ethernet monitor ports as a single agent.
Available models include the following:
A single multiport WAN probe operates like a group of Small Chassis WAN probes. It can simultaneously monitor and provide full RMON analysis of network traffic on multiple WAN segments. You can also configure each WAN interface to monitor traffic in terms of its data-link connection identifier (DLCI) breakdown. In addition to Interfaces 1 and 2, each multiport WAN probe has additional WAN interfaces in the following models:
The SwitchProbe device comes with Switch Monitor, also known as a Proxy-RMON Monitor, as a standard feature. The Switch Monitor configures the SwitchProbe device as a proxy agent to provide continuous mini-RMON monitoring of a switch or network device (Cisco's Catalyst 1700 series, 2100 series, and desktop 2800 series).
Two optional features are available. The following describes these advanced software options: NetFlow Monitor and Resource Monitor.
NetFlow Monitor | Activates a special interface in the SwitchProbe device that provides detailed traffic statistics on the Cisco 7500 NetFlow routers. |
|---|---|
| Resource Monitor | Configures the SwitchProbe device to perform IP pings and SNMP gets needed by the TrafficDirector Resource Monitor feature to monitor critical network devices. |
To enable the NetFlow monitor and Resource Monitor options you must purchase a password by contacting your Cisco sales representative. The password contains a composite of the SwitchProbe Media Access Control (MAC) address and the option number in an encoded form. When this password is entered into the agent, the agent extracts the option number and activates the option. This option is in effect on the next boot of the agent and is permanent until you disable the feature.
SwitchProbe devices support BOOTP operation if a user-supplied BOOTP server is available. The BOOTP server operates as a daemon process on a network host, responding to BOOTP requests during initial power up. BOOTP can be used to provide newly installed SwitchProbe hardware agents with the following information:
If a BOOTP server is not available, you can provide this information through the console serial port. You can then configure the SwitchProbe device using the Cisco TrafficDirector application through the manage-mode interface. For more information, refer to the "Using BOOTP for Automatic Configuration" section in the "Installation" chapter.
SwitchProbe agents support the NETCP configuration protocol. This feature is used to download configuration information into the agent from the TrafficDirector application automatically on booting. This configuration information can load domains, enable RMON groups, and more. See the Using TrafficDirector publication for information on start up files.
When the agent is booted and ready (it has its IP address and so forth), it sends out a NETCP request. The NETCP uses User Datagram Protocol (UDP) port number 395, which is assigned to Cisco. The TrafficDirector application responds with an acknowledgment packet. When the agent receives the acknowledgment, it stops sending out NETCP requests. If the agent does not receive the response from the manager, it retries four more times at intervals of 1, 2, 4, and 8 minutes.
When the TrafficDirector agent receives a NETCP request, it first sends out the NETCP response and, if an autoinstall batch file has been specified when adding the agent to the agent list, it then starts executing that batch file to provide configuration instructions to the agent.
SwitchProbe agents support router discovery. The routers on the network can be configured to send out router advertisements periodically. These advertisements are used by the agent to configure its default gateway address. If the agent does not receive any router advertisements for the duration specified in the last router advertisement message, the agent displays a message on the console. This feature can be enabled or disabled through the use of the agent_options parameter of the agent command line mode.
For more information, refer to the "Command-Line Mode" chapter.
SwitchProbe agents support the Simple Network Management Protocol (SNMP) community mechanism. The agent has read community and write community strings that can be configured. Any management station that tries to read or write to the agent must use community strings that match those set on the agent. To read any data from the agent, the read community strings must match. Also, to change any settings on the agent, the write community strings must match.
An access list that can be configured gives you enhanced security. The access list uses the IP address of the management station requesting access to determine what read and write privileges to grant. For more information about security, see the "Advanced Features" chapter.
The SwitchProbe agents also feature a variety of routing options, including the ability to establish both semipermanent and permanent routes for individual IP addresses or subnets. In addition, a trap routing function permits trap messages from other SNMP agents to be routed through the SwitchProbe agent through the SLIP interface for forwarding to alternative network management locations. These functions are often useful in implementing third-party maintenance operations at remote network management centers. See the "Advanced Features" chapter for details of these functions.
Cisco SwitchProbe agents are based upon widely accepted industry standards. Communication between agents and clients is performed using SNMP. The statistical information gathered is defined by RFC 1757, RMON-MIB, as defined for Ethernet networks, and as amended by RFC 1513 for use in Token Ring installations.
Although the RMON-MIB standard does not specifically address WAN, CDDI, or FDDI media, Cisco has adapted its basic monitoring and diagnostic functions to meet user requirements for managing these essential links.
The RMON-MIB standard was developed under the guidance of the Internet Engineering Task Force (IETF) as an extension of its work in the development of the SNMP protocol. Using this standard, independent developers can design and develop monitoring equipment that interoperates and provides a standards base compatible with the widest range of network needs. Because these groups have been defined, developers can implement products that include any or all of the nine groups for Ethernet or the ten groups for Token Ring. Some developers can supplement the defined groups with private MIBs that extend the functionality beyond the existing standard. The basic 11 RMON-MIB groups are summarized as follows:
SwitchProbe devices support all nine Ethernet or ten Token Ring RMON-MIB groups for monitored traffic, the systems and interface groups of MIB II, and a private MIB for administration.
SwitchProbe devices are designed to interoperate with management applications from other vendors. Although there is no RMON standard for CDDI, FDDI, and WAN, Cisco has extended the standard for these topologies so these extensions are usable and exercisable by as many third-party applications as possible.
Table 1-1 describes the Cisco implementation of the guidelines for monitoring CDDI and FDDI traffic using RMON RFC 1757. The agent uses the Ethernet MIB without modification, except for UnderSize, Oversize, Collisions, Fragments, and Jabbers, which are modified slightly for FDDI-specific conditions.
| Ethernet MIB Variable | FDDI MIB Variable | Explanation |
|---|---|---|
| Undersize | <64 | Packets less than 64 bytes in length |
| Oversize | >1518 | Packets greater than 1518 bytes in length |
| Collisions | TokenPkts | Number of Token Ring packets |
| Fragments | SMTPkts | Number of SMT packets |
| Jabbers | - | Reserved |
However, unlike Ethernet, FDDI is based on a ring topology similar to Token Ring. To implement the FDDI Ring Monitor application, Token Ring RMON MIB (RFC 1513) groups have been used as follows:
| Token Ring MIB Variable Name | FDDI MIB Variable Name | Change |
|---|---|---|
| ringStationDuplicateAddresses | Node Class | Indicates FDDI node type:
0-> Station |
| ringStationInLineErrors | MAC Count | Gives a count of MACs within the node. |
| ringStationOutLineErrors | Non-Master Count | Indicates number of Non-Master ports in a concentrator-type FDDI node. Valid only if "Node Class" is 1 (Concentrator). |
| ringStationInternalErrors | Master Count | Indicates number of Master ports in a concentrator-type FDDI node. Valid only if "Node Class" is 1 (Concentrator). |
| ringStationInBurstErrors | StationState | Bit-encoded variable that indicates state of the FDDI node. The following bits are used:
Bit 0=1, station state is Wrap. Bit 1=1, station state is Attached-Concentrator. Valid only if Node Class is 1. Bit 2=1, station state is Twisted-ring AA. Bit 3=1, station state is Twisted-ring BB. Bit 4=1, station state is Rooted-Station. Note: Bit 0 is the least significant bit. |
| ringStationOutBurstErrors | DuplicateAddressTest | Indicates status of Duplicate Address test the FDDI Node SMT performs.
0 indicates node passed the Duplicate Address test. 1 or 2 indicates node failed the Duplicate Address test. |
| MIB Variable Name | Change |
|---|---|
| ringStationACEErrors | Unused |
| ringStationLostFrameErrors | Unused |
| ringStationCongestionErrors | Unused |
| ringStationFrameCopiedErrors | Unused |
| ringStationFrequencyErrors | Unused |
| ringStationTokenErrors | Unused |
| ringStationInBeaconErrors | Unused |
| ringStationTokenOutBeaconErrors | Unused |
Table 1-4 describes the Cisco implementation guidelines for monitoring WAN traffic using RMON RFC 1757. The agent uses the Ethernet MIB with some modifications to account for WAN-specific conditions.
| Ethernet MIB Variable | WAN MIB Variable | Explanation |
|---|---|---|
| CRCAlignErrors | CRCErrors | Name change only. |
| UnderSize | LessThan64 | Name change only. |
| OverSize | Greaterthan1518 | Name change only. |
| Jabbers | Aborts | Sent by DTE or DCE; this is the number of abort sequences seen. |
| Fragments | Discards | Number of frames sent to the frame relay switch with the discard eligibility (DE) bit set. |
| Collisions | Congestions | Number of frame relay frames that have FECN or BECN bits set. This is always 0 for other WAN connections. |
The agent converts all WAN traffic to Ethernet traffic before processing and supports multiple WAN encapsulation techniques, including those of the most often used routers. The process is as follows:
utilization = ((octets*8 per second)/link_speed)*100
In addition to the Media Access Control (MAC)-layer monitoring capabilities provided by RMON1, the SwitchProbe agent provides two additional RMON levels of support:
While you can only use the enhanced RMON functionality by using TrafficDirector application, SwitchProbe RMON2 agent support provides compatibility with third-party management software by using common protocol domains. You can configure the SwitchProbe agent to install a number of these domains automatically by enabling default groups.
Default groups provide the capability for the SwitchProbe device to initialize as an RMON2 agent. When default groups are enabled and the SwitchProbe device is reset or powered up, the agent automatically installs the major protocol domains.
The most frequently used protocol domains are as follows:
ATALK IP NOVRIP
SNA DECNET NCP
NOVSAP SNMP FTP
NETB OSPF TCP
HTTP NFS RIP
UDP ICMP NOVELL
RMON VINES XWINDOW
Use the following procedure to enable or disable default groups in a SwitchProbe device:
Step 1 Access the Agent Configuration Utility.
Step 2 Select 31 Go to Next Page.
Step 3 Select 22 Configure Agent Options.
The Agent Options Menu is displayed.
Step 4 Select 3 Toggle default_groups.
Step 5 Select 12 Reset Agent for the setting to take effect.
The Agent Options Menu is displayed:
Selection #: 22
*****SwitchProbe Rev 4.1 *****
Agent Option Menu:
[1] Toggle router_discovery on
[2] Toggle router_enable off
[3] Toggle modem_log off
[4] Toggle slip_ip off
[5] Toggle packet_capture on
[6] Toggle traffic_generator off
[7] Toggle discover_wanspeed off
[8] Go to Main Menu
Selection #:
|
|