|
|
Cisco Systems SwitchProbe devices are equipped with a variety of advanced features that are described briefly in the following paragraphs. An operational guide for each of these features is included under the appropriate subheading in this chapter.
Software Options:
Switch Monitor--Configures SwitchProbe devices as external proxy agents to provide mini-Remote Monitoring (RMON) support for switches and other network devices.
RMON Compatibility--Provides compatibility with third-party RMON management software.
Serial Line Internet Protocol (SLIP) Support--Provides out-of-band communications between the agent and the management software through the remote serial port.
SLIP Routing--Enables SwitchProbe devices to route IP traffic between the SLIP interface and the primary LAN interface.
Locally Administered Address--Enables the user to define the agent Media Access Control (MAC) address in a Token Ring environment.
Data-link connection identifier (DLCI) Monitoring-- Monitors traffic statistics in terms of DLCI numbers and MAC addresses.
VLAN Monitor-- Monitors Fast Ethernet and Fiber Distributed Data Interface (FDDI) critical links in terms of VLAN IDs.
Data Capture--Allows for the capture of selected packets for later decoding and analysis.
This software option lets you configure the SwitchProbe agent for use with the TrafficDirector Resource Monitor feature by enabling the following functionality in the agent:
When used with the TrafficDirector application, this option provides the following features:
Use the following procedure to enable Resource Monitor.
Step 1 Access the Agent Configuration Utility.
Step 2 Select 31 Go to Next Page.
Step 3 Select 13 Install Resource Monitor, then enter the password required to install Resource Monitor.
Step 4 Select 12 Reset Agent for the setting to take effect.
Switch Monitor lets you configure a small chassis Ethernet SwitchProbe device for use as an external proxy agent. The SwitchProbe device can then provide mini-RMON support on behalf of a switch, as if it had embedded mini-RMON, as well as other MIB II, RMON, or proprietary MIB devices. This option is already activated for the Ethernet and dual-Ethernet probes. If it is not active, contact Cisco technical support to obtain a password. Use the following procedure to install Switch Monitor and configure your SwitchProbe device as an external proxy agent.
Step 1 Access the Agent Configuration Utility.
Step 2 Select 31 Go to Next Page.
Step 3 Select 14 Install Switch Monitor and enter the password needed to enable Switch Monitor.
Step 4 Select 16 Select Switch Device Type. The supported devices include:
Step 5 Select 17 Change Device IP Address and enter the IP address of the switch, MIB II, or RMON device you want the SwitchProbe agent to monitor.
Step 6 Select 18 Change Device Read Community and enter the read community of the device you want the SwitchProbe device to proxy.
Step 7 Select 19 Change Device Poll Interval (secs). This is the interval the SwitchProbe device (acting as a proxy RMON agent) polls the device for data.
Step 8 Select 12 Reset Agent.
You can use your SwitchProbe device for distributed IP monitoring of the Cisco 7500 NetFlow routers to provide RMON, RMON2, and enhanced RMON information for the router backbone. One independent SwitchProbe device is required for each Cisco 7500 router with Netflow NetFlow.
NetFlow technology enables you to configure the Cisco 7500 router to redirect IP packet streams from all router ports to a preconfigured User Datagram Protocol (UDP) port and IP address. When you install NetFlow Monitor in a SwitchProbe device, the device creates a special internal interface numbered 50 that you can specify as this UDP port. You can then monitor NetFlow traffic by adding interface 50 to the TrafficDirector application as an agent. In this way, you can configure agent groups to support integrated displays for multiple Cisco large chassis series routers, as well as use the TrafficDirector Host and Conversation Lists features to monitor backbone loading and other interactions. To monitor NetFlow traffic, you must configure the SwitchProbe device with the following information:
Use the following procedure to enable NetFlow Monitor.
Step 1 Access the Agent Configuration Utility.
Step 2 Select 31 Go to Next Page.
Step 3 Select 15 Install NetFlow Monitor and enter the password needed to install NetFlow Monitor.
Step 4 Select 11 to enter command-line mode.
Step 5 At the command line enter, set netflow-port, new UPP port number>.
Step 6 At the command line enter, set netflow speed
Step 7 Enter quit to exit command-line mode.
Step 8 Select [12] Reset Agent for the new commands to take effect.
All SwitchProbe models support out-of-band communications through the serial port marked Remote using Serial Line Internet Protocol (SLIP). The SLIP connection can be used as a secondary connection through which the user can access all network statistics. Normally, the SLIP link is used as a backup link when the network is not operational or the agent is not accessible. The SLIP function in the SwitchProbe device has additional capabilities, that are summarized as follows:
The serial connection can be direct through EIA/TIA-232 or through telephone lines using dial-up modems. Communications over the serial line are the same as over the LAN, except the serial-line packets are encapsulated using the SLIP protocol, as specified in RFC 1055.
The SwitchProbe agent uses a standard IP routing algorithm to route packets to different interfaces. The agent should be configured using an IP address that is not on the same subnet as the LAN IP address. The IP addresses that appear on the SLIP interface should fall on a different subnet than the LAN interface; otherwise, the agent is not able to route the packets correctly.
To configure the SLIP interface, you must use the console or Remote Login feature provided in the TrafficDirector application. An overview of the procedure is outlined below:
This tutorial illustrates all the steps that must be performed to configure the agent to use the SLIP port. To configure the TrafficDirector application to access the agent through the SLIP port, consult the manual that accompanies that software. Consult the documentation that came with your TCP/IP software for details on configuring your IP stack for SLIP.
Step 1 Connect to the agent using the Console or the Remote Login feature provided in the TrafficDirector application. After connecting to the agent, the following text appears:
Step 2 The serial interface must be selected before it can be configured. The currently selected interface is shown across from menu item 8, Select Interface. In this example, the selected interface is Ethernet. Change the selected interface by entering 8 and pressing Enter.
Step 3 Select the item that corresponds to the serial interface. In this example, enter 5 and press Enter to select the serial interface. The configuration menu reflects the serial interface settings.
Step 4 Change the IP address of the agent by entering 1 and pressing Enter. The agent prompts you to enter the new address. Enter the address and press Enter. The following example illustrates changing the IP address to 78.20.1.1:
Step 5 Change the subnet mask of the agent by entering 2 and pressing Enter. The agent prompts you for the new subnet mask. Enter it and press Enter. The following example illustrates changing the subnet mask to 255.255.252.0:
Step 6 Change the default gateway address of the agent by entering 3 and pressing Enter. The agent prompts you for the new address. Enter it and press Enter. The following example illustrates changing the default gateway address to 78.20.0.94:
Step 7 Set the speed of the serial interface by entering 6 and pressing Enter. Enter the desired speed in bits-per-second. The following example illustrates changing the interface speed to 19.2 kbps:
Step 8 Select the item that corresponds to the Ethernet interface. In this example, enter 1 and press Enter. A configuration menu is displayed:
Before the SwitchProbe agent uses a modem through the Remote serial port, SLIP must be configured correctly. The agent supports Hayes-compatible modems connected to the Remote serial port for SLIP connections with remote management stations.
The modem is configured through the agent console using the command line mode, discussed in detail in the "Command-Line Mode" chapter. You can access command-line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command-Line Mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
The object name for modem options is modem. You can get help on modem options by entering help modem, as shown:
% help modem Command to display or change modem data: set modem var value get modem var var: init_string hangup_string connect_string noconnect_string phone_number1 phone_number2 connect_protocol connect_time connect_retry disconnect_time do modem connect
To display all modem parameters, use the get modem command:
% get modem init_string AT S0=1 Q0 S10=20^M hangup_string ^2+++^2ATH0^M connect_string #CONNECT#CONNECT 9600# noconnect_string BUSY#NO CARRIER#NODIALTONE#NOANSWER# phone_number1 phone_number2 cpconnect_time 30 connect_retry 10 disconnect_time 30
To display the contents of a specific modem control string, use the get command with the modem object and the name of the control string, such as connect_time:
% get modem connect_time 10
The following example sets the modem connect time to 20:
% set modem connect_time 20 % get modem connect_time 20
The modem control strings are ASCII strings that are used to initialize and communicate with the modem.
All strings containing blank spaces should be enclosed in quotes. All modem control strings are limited to 40 characters. If the maximum length of the string is exceeded, the string is not accepted.
Control characters such as a carriage return can be embedded in the strings by preceding the control character by a ^ character. For example, to embed a carriage return (Ctrl-M), enter ^M.
In addition, the strings can contain the following special control characters:
^digit 1-9 Delay 1 to 9 seconds, according to the digit.
^s Send the string.
^w Wait for the string.
The # character can be used as a delimiter for strings.
Each modem control string is defined in the following section. For an example of the modem control string, see the section "Modem Configuration Tutorial." The modem control strings are as follows:
To aid in debugging, all messages to and from the modem can be logged to the event log. This can be enabled and disabled through the agent_options object.
% get agent_options router_discovery on router_enable off modem_log off slip_ip off packet_apture on traffic_generator off discover_wanspeed off
The following example shows how to turn on the modem log:
% set agent_options modem_log on
The following example shows how to turn off the modem log:
% set agent_options modem_log off
The following example shows how to view the event log:
% get eventlog
This step-by-step example illustrates the modem configuration process. Any entries entered for modem configuration are in effect immediately. You need not reboot the agent for the changes to take effect.
While the modem commands in this example are intended to work on almost any Hayes-compatible modem, each modem is different. You must consult your modem's documentation for the correct commands. The initialization string is especially dependent on the specific modem type.
Step 1 The modem is configured through the agent console using the command-line mode, discussed in detail in the "Command-Line Mode" chapter. You can access command line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command-Line Mode.
Step 2 Use the following command to see the existing configuration:
Step 3 Enter the modem initialization string "AT S0=1^M".
The agent interprets the string as:
AT S0=1
Step 4 Set the modem hangup string to "^2+++^2ATH0^M".
The agent interprets the string as:
+++
ATH0
Step 5 Set the modem connect string to match the message your modem sends when it makes a connection. In this example, assume the message is CONNECT or CONNECT 14000. Refer to your modem reference manual for the exact string used by your modem.
The pound sign (#) is a string separator. The agent assumes that a connection is made if it receives either of the strings delimited by the # character.
Step 6 Set the modem noconnect string to match the message your modem sends when it fails to make a connection. In this example, assume the message is BUSY or NO CARRIER or NO DIALTONE or NO ANSWER. Refer to your modem reference manual for the exact string used by your modem.
The syntax is the same as the connect string.
Step 7 Set the modem primary phone number to dial 1-555-123-4567.
AT must precede all modem commands, D commands the modem to dial, and T indicates that it uses touch-tone (instead of pulse) dialing.
Step 8 Set the modem connect protocol to the following:
The agent interprets the string as:
If modem protocol and security support is not needed, then set the connect_protocol string to empty:
Step 9 The agent waits for the connection to be established for a maximum of connect_time. Set the connect_time to 30 seconds.
Step 10 The agent retries a number for a maximum of connect_retry times. Set the connect_retry string to 5 times.
Step 11 Set the modem secondary phone number to dial 1-555-123-1111. After the agent has failed to make a connection after connect_retry attempts, it tries to use the secondary phone number.
AT must precede all modem commands, D commands the modem to dial, and T indicates that it should use touch-tone (instead of pulse) dialing.
Step 12 After the connect is made by the agent, if data is not sent for more than disconnect_time, then the agent disconnects the connection. Set the disconnect_time string to 30 seconds.
All SwitchProbe models support the SNMP Community mechanism for security. Stations attempting to access the SwitchProbe device must know the read community name to gain read access and must know the write community name to gain write access.
In addition, all SwitchProbe models support an access list that controls which IP address groups are allowed access and what level of access they can have. The access list allows for four different groups of access. Each group can be assigned a different level of access.
The levels of access are shown in Table 6-1. When an address matches more than one group in the access list and qualifies for rights at more than one level, the access level with the highest priority number is granted.
| Priority | Level | Rights |
|---|---|---|
| 4 | rw | Read and write access is allowed. |
| 3 | ro | Read only. No writes allowed. Cannot use remote login. |
| 2 | pw | Partial write only. No writes allowed. Cannot use remote login. Can access Resource Manager. No data capture. |
| 1 | no | No access allowed. |
Up to four different groups can be defined, and each group can be assigned a different access group. An address group can be an individual IP address or a group of addresses. They are defined by the network address and network mask:
When an SNMP request is received from a node, its source IP address is logically ANDed with the mask. The result of the logical ANDing is compared with the Network address field.
If the comparison is successful, the access level of that group is granted to that node. However, it is possible for the node to match multiple entries in the access list. When a node matches multiple access levels, the access level with the highest priority is used.
Guidelines for specifying masks:
Access List Security is configured through the agent console using the command-line mode, discussed in detail in the "Command Line Mode" chapter. You can access command- line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command-Line Mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
In the command-line mode, enter help access_list followed by Enter to display instructions for displaying and changing the SNMP access list.
% help access_list Command to display or change SNMP access list: get access_list set access_list entry# address mask level entry# -> the entry number in the access list address -> IP/NET address mask -> mask for IP/NET address level -> level of access allowed [no, rw, pw, ro] set access_list entry# level clear access_list
Use the get command to view the current access list. When the SwitchProbe device is first shipped to the customer, all entries in the table have no access, and the access list security feature is disabled.
% get access_list Entry IP/NET Addr Mask Level [1] 0.0.0.0 0.0.0.0 no [2] 0.0.0.0 0.0.0.0 no [3] 0.0.0.0 0.0.0.0 no [4] 0.0.0.0 0.0.0.0 no
Use the set command to change the access list. The command must specify the access_list object, the entry number, the network address, the mask, and the access level.
The following example grants read and write access to one specific node with the address 45.20.0.5. All other nodes have no access.
% set access_list 1 45.20.0.5 255.255.255.255 rw % get access_list Entry IP/NET Addr Mask Level [1] 45.20.0.5 255.255.255.255 rw [2] 0.0.0.0 0.0.0.0 no [3] 0.0.0.0 0.0.0.0 no [4] 0.0.0.0 0.0.0.0 no
When the SwitchProbe device is first shipped to the customer, the Access List Security feature is disabled. All entries in the table have no access. If all the table entries have no access specified, the SNMP security feature is disabled. This can be done with the clear command.
To clear the access list, use the following command:
% clear access_list
Alternatively, creating an entry in the table that has the IP network address as 0.0.0.0, the mask as 0.0.0.0, and the level as rw allows all the nodes to do a read/write to the agent.
% set access_list 1 0.0.0.0 0.0.0.0 rw
Access list examples are shown in Table 6-2 and Table 6-3, with comments to explain each entry.
| IP Network Address | Mask | Level | Comments |
|---|---|---|---|
| 45.96.20.0 | 255.255.255.0 | rw | All nodes on this subnet allowed read and write access. This rw overrides the pw access granted for the larger subnet (Entry 3). |
| 45.96.20.100 | 255.255.255.255 | no | Because this node is part of the subnet in Entry 1 and rw overrides no, this node would be granted read and write access. |
| 45.96.0.0 | 255.255.0.0 | pw | All nodes on this subnet allowed only partial-write access, which is read-only plus access to Resource Manager. |
| IP Network Address | Mask | Level | Comments |
|---|---|---|---|
| 45.96.35.100 | 255.255.255.255 | rw | This node allowed read and write access. |
| 45.96.20.0 | 255.255.0.0 | ro | All nodes on subnet 45.96.20.0 allowed read access only. |
| 0.0.0.0 | 0.0.0.0 | pw | All nodes allowed partial-write access only. |
SwitchProbe devices support adding static routes through the local or remote console. A static route is volatile and is deleted upon power cycling.
Static routes are configured through the agent console using the command-line mode, discussed in detail in the "Command-Line Mode" chapter. You can access command-line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command-Line Mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
In the command-line mode, enter help route followed by Enter to display a complete set of the routing commands:
% help route Commands to display or change agent routes: get route set route net mask gateway metric net -> NET/IP address mask-> mask for NET/IP address gateway -> gateway for NET/IP address clear route net mask
The following get command is used with the route object to display the current routing table for the agent:
% get route
NET MASK GATEWAY METRIC INTF TTL REFS USE
127.0.0.1 255.255.255.255 127.0.0.1 0 0 999 1 0
204.240.143.255 255.255.255.255 204.240.143.106 0 0 999 1 65164
204.240.143.0 255.255.255.255 204.240.143.106 0 0 999 1 7
204.240.143.106 255.255.255.255 204.240.143.106 0 0 999 1 8407
204.240.143.0 255.255.255.0 204.240.143.106 0 0 999 5486 18663
0.0.0.0 0.0.0.0 204.240.143.87 15 0 999 1 8857
The following command sets a static route for all communication with the NET 45.20.0.X to be directed to the gateway 192.10.10.20:
% set route 45.20.0.0 255.255.252.0 192.10.10.20
The following command sets a static route for all communication with the IP address 45.20.0.5 to be directed to the gateway 192.10.10.20:
% set route 45.20.0.5 255.255.255.255 192.10.10.20
The following command deletes the previous static route:
% clear route 45.20.0.0 255.255.252.0
SwitchProbe devices can be configured to have private routes. Private routes are routes placed in NVRAM that are configured in the agent route table at bootup time. The NVRAM can hold four private routes. A private route entry has three fields: IP/Subnet address, mask for the IP/Subnet address, and gateway for the route.
Static routes are configured through the agent console using the command-line mode discussed in detail in the "Command-Line Mode" chapter. You can access command-line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command Line Mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
Enter help proute followed by Enter to display a complete set of the private route commands.
% help proute Command to display or change agent private routes: get proute set proute entry# net mask gateway metric entry# -> entry number in the route table net -> NET/IP address mask -> mask for NET/IP address gateway -> gateway for NET/IP address metric -> metric for route - default=0 set proute entry# no clear proute
The get command displays the current private route table.
% get proute Entry IP/NET Addr Mask Gateway [1] Not Configured [2] Not Configured [3] Not Configured [4] Not Configured
The set command followed by the entry number, the network address, the mask, and the gateway changes the private route table. In the following example, all packets destined for IP subnet 45.20.0.0 are sent to 192.10.10.20.
% set proute 1 45.20.0.0 255.255.0.0 192.10.10.20 % get proute Entry IP/NET Addr Mask Gateway [1] 45.20.0.0 255.255.0.0 192.10.10.20 [2] Not Configured [3] Not Configured [4] Not Configured
To invalidate a private route entry, use the set command with the proute object followed by the entry number and the parameter no. The following example invalidates private route entry 1:
% set proute 1 no % get proute Entry IP/NET Addr Mask Gateway [1] Not Configured [2] Not Configured [3] Not Configured [4] Not Configured
To clear all of the private route entries, use the clear command:
% clear proute
A SLIP mini-routing feature is supported in all SwitchProbe devices. This enables trap messages from the network to be forwarded to remote management locations through the SLIP interface. This also allows access to the network through the SLIP port for Telnet and other IP-based activities. This can be useful if the network segment is otherwise inaccessible.
The mini-routing feature is normally disabled.
The primary interface (for example, Interface 1) has a secondary IP address. This IP address is used to make the agent act as a pseudo-IP router and is used for routing. If the mini-routing option is enabled, the agent routes all IP packets from the SLIP port to the LAN and vice versa.
For packets coming from the SLIP interface that are not destined to this agent but to some other node on the network, the agent replaces the source IP address with the pseudo-IP address and recomputes the necessary checksums before sending the packet out on the LAN port. The same is done for any packets arriving on the LAN port that are destined for the pseudo-IP address. These packets are trapped and sent to the SLIP port using the SLIP port IP address as the source IP address. The checksum is recalculated before transmitting the packets on the SLIP port. All IP packets are supported for this pseudo-router.
The pseudo-route function only works on IP packets; all other packets are not affected. When the IP packet reaches the SwitchProbe device, the internal software forwards it to the IP task. The IP task checks if the packet is destined to itself. If it is not destined to itself and if the slip route option has been enabled, that IP packet is transmitted on the LAN interface after substituting the source IP address with the secondary IP address.
SLIP routing is enabled and disabled through the agent console in the command line mode, discussed in detail in the "Command-Line Mode" chapter. You can access command-line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, command-line mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
SLIP routing is controlled by the slip_ip option in the agent_options object. To view the current setting, use the get command:
% get agent_options options = 0x7b mib_checks on mib_defaults on default_groups on prom_boot off flash_boot on router_discovery on rip off modem_log off slip_ip off
To enable SLIP routing, use the set command:
% set agent_options slip_ip on
This feature is available on Token Ring models only. To identify the location of the SwitchProbe device, the system administrator is allowed to assign a locally administered address (LAA), which changes the MAC address of the Token Ring interface.
The LAA is configured through the agent console using the command-line mode, discussed in detail in the "Command-Line Mode" chapter. You can access command line mode by first connecting to the agent through the console or through the Remote Login feature provided in the TrafficDirector application. Then select item 11, Command-Line Mode.
Selection#: 11 Enter "quit" to exit the command-line mode. %
The object used to change the locally administered address is mac_addr. In the command- line mode, enter help mac_addr and press Enter to display the command usage.
% help mac_addr command to display or change nvram parameters: get mac_addr set mac_addr new_value
In the following example, LAA is set to 00-80-8C-01-00-42:
% set mac_addr 00-80-8c-01-00-42 % get mac_addr 00-80-8c-01-00-42 % get interface interface_number 1 ip_addr 45.20.1.20 gw_addr 45.20.0.101 net_mask 255.255.252.0 secondary_ip_addr 0.0.0.0 MAC addr 00-80-8c-01-03-9f local MAC addr 00-80-8c-01-00-42
SwitchProbe models come equipped with a built-in traffic generator that provides you with an additional tool for network diagnostics. The Traffic Generator utility is a high-performance tool for test environments that need specific traffic packet types at high speeds.
While you can only enable Traffic Generator functionality through the local console of a SwitchProbe device, you can disable Traffic Generator functionality from either a local or remote console.
For security purposes, you can only enable the Traffic Generator tool through the local EIA/TIA-232 console of the SwitchProbe device. Use the following procedure to enable Traffic Generator functionality within the SwitchProbe device.
Step 1 Connect an ASCII data terminal to the local console port of the SwitchProbe device, as described in the "ASCII Terminal Procedure" section in the "Installation" chapter. Access the TrafficDirector Configuration Utility feature.
Step 2 Select 31 Go to Next Page.
Step 3 Select 22 Configure Agent Options.
The Agent Options menu is displayed:
Step 4 Enter 9 and press Enter to toggle the Traffic Generator tool on and enable Traffic Generator functionality within the SwitchProbe device.
Once Traffic Generator functionality is enabled through the SwitchProbe device local console, you can configure and start the Traffic Generator tool through the local or remote console, using the following procedure.
Step 1 Access the Agent Configuration Utility through the local console or using the TrafficDirector Remote Login feature.
Step 2 Select 31 Go to Next Page.
Step 3 Select 23 Configure Traffic Generator.
The Traffic Generator Menu is displayed. You can change each of the parameters by selecting the corresponding number, entering the new information, and pressing Enter.
Step 4 Configure each of the parameters according to the following information.
1 Select Packet Type. You can select one of several types of packets for transmission. Your choices include the following:
2 Select Packet Size (bytes). Enter the packet size in bytes. The header information is filled in by the SwitchProbe device using the packet type selected; the rest of the frame is filled with undefined data.
The allowed packet size varies depending on the type of interface selected. Ethernet and FDDI media allow a minimum packet size of 24 bytes and a maximum packet size of 4,096 bytes. Token Ring allows a minimum of 32 bytes and a maximum of 4,096 bytes.
3 Select Packet Count. Enter the number of packets that you want transmitted. Traffic generation stops when the packet count is reached. The packet count you enter here must be a number between 0 and 999999999. A packet count of 0 implies continuous transmission and continues indefinitely. You can stop traffic generation at any time by pressing q and then Enter on the console.
4 Select Packet Rate (packets/sec). This is the rate in packets-per-second at which the SwitchProbe device generates the traffic.
5 Transmit Packets with Errors. It is possible to generate good packets or packets with CRC errors. By entering yes for this option, you can configure the SwitchProbe device to generate packets of any size with CRC errors.
For example, by combining this option with the packet size option, you can generate the following kinds of Ethernet packets:
| Error Type | Error Option | Packet Size |
| Undersize | no | less than 64 |
| Oversize | no | greater than 1518 |
| Runt | yes | less than 64 |
| Jabber | yes | greater than 1518 |
6 Select Destination Address. This is the MAC address of the node(s) to which you are sending the generated traffic. The format is xx-xx-xx-xx-xx-xx in hex. This address can be unicast, multicast, or broadcast.
7 Begin Traffic Generation. Select this option to start the traffic generator. The packets as selected by the previous options are then transmitted to the destination address.
8 Go Back to Main Menu. Select this option to return to the main console.
You can create and download IP filters to SwitchProbe devices that determine whether to include or exclude packets from particular IP addresses. In this way you can configure your SwitchProbe device to collect only packets from hosts you want to monitor, weeding out unwanted hosts and conversations. To do so, you must provide the SwitchProbe device with the network address and mask of the hosts you want to include or exclude. There are two ways to provide the SwitchProbe device with this IP filter information:
You download the required IP filter information by first specifying the information in a text file, then passing the file as a parameter to the dvftp. This text file consists of lines in the following format:
ip_address mask I/E
For example:
204.240.143.127 255.255.0.0 I 10.20.10.23 255.255.255.0 E
In the above example, the SwitchProbe device includes (I) for collecting all packets from host 204.240.x.x, and excludes (E) all packets from host 10.20.10.x.
The following command invokes the dvftp utility:
dvftp agentname filename IP-DATAFILTER
The following list describes the fields in the above example:
| agentname | Is the name defined for the agent when adding it to the client software. Note that the dvftp utility downloads the DLCI information to the interface number that you specified when adding the agent to the TrafficDirector application. |
| filename | Is the text file containing the IP filter information. If you do not specify a path, dvftp searches for the file in the NSHOME/usr directory. |
| IP-DATAFILTER | Specifies the file type. |
If you are running UNIX, run the dvftp utility directly from NSHOME/bin; if you are running the TrafficDirector application for Windows, issue the command from the TrafficDirector shell. If you do not include a path as part of filename, the path defaults to NSHOME/usr.
The following procedure steps you through the process of using the dvftp utility to provide the SwitchProbe device with IP filter information.
Step 1 Make sure you have added the agent to the TrafficDirector application specifying the monitor interface. This is important, because when you pass the agent name as a parameter to the dvftp utility, it downloads the information to the interface specified for that agent in the NSHOME/usr/agent.lst file.
Step 2 Create a text file containing the IP filter information for the hosts you want to include or exclude. You can save this file under a name you define.
Step 3 Enter the following on the command line to invoke the dvftp utility:
As an alternative to using the dvftp utility for IP filter configuration, you can directly set the contents of the IP-DATAFILTER object from the command line. Use the following procedure to perform this task.
Step 1 Access the Agent Configuration Utility.
Step 2 Select 11 Enter Command-line mode.
Step 3 Enter the following command from the command line:
For example, the following command configures interface 3 to exclude for collection all packets from host 10.20.10.x. The Get command is then used to check the IP-DATAFILTER information.
The Fast Ethernet SwitchProbe models provide virtual LAN (VLAN) monitoring of high-speed interswitch trunks and critical links. Enabling VLAN mode in a high-speed SwitchProbe agent lets you monitor packets in terms of VLAN IDs instead of MAC addresses. You can then use the TrafficDirector application to monitor VLAN hosts and conversations. Use the following procedure to configure the Fast Ethernet SwitchProbe model to monitor packets in terms of VLAN IDs.
Step 1 Access the Agent Configuration Utility.
Step 2 Enter 8 and select the high-speed interface.
Step 3 Select 31 Go to Next Page.
Step 4 Select 24 Configure Interface Options.
Step 5 Select 2 Toggle VLAN mode to on.
Step 6 Select 5 Go Back to Main Menu.
Step 7 Select 12 Reset Agent for the new setting to take effect.
Data Capture enables a SwitchProbe device to collect selected packets for later decoding and analysis. You can then use the TrafficDirector Protocol Decode feature to upload them to the client software for seven-layer protocol analysis.
By default, packet capture is enabled in a SwitchProbe device. But once packet capture functionality is disabled in an agent, you can only enable it through the local console as described in the "ASCII Terminal Procedure" section of the "Installation" chapter.
Use the following procedure to toggle packet capture functionality on or off.
When you perform a data capture, the SwitchProbe device stores captured packets in a buffer. The maximum size of this capture buffer is defined in the max_captsize command-line object. You define a value between 32 to 8192 bytes for the buffer size using the set command in command-line mode.
The maximum buffer size you define at the SwitchProbe device level in max_captsize cannot be exceeded by the buffer size specified during a data capture session in the TrafficDirector application. For example, if you set max_captsize at a value of 200 bytes and then define a buffer size of 300 bytes during a TrafficDirector Data Capture session, the maximum number of bytes that can be saved in the buffer remains at 200 bytes.
Use the following procedure to specify a maximum capture buffer size:
Step 1 Access the Agent Configuration Utility.
Step 2 Enter 11 Enter Command-line mode.
Step 3 Use the set command as described in the "Command-Line Mode" chapter to specify a value for max_captsize. The following example illustrates using the set command to set max_captsize to 200, and then using the get command to check the value.
SwitchProbe generates SNMP traps as a result of alarm thresholds being crossed or changes in PVC status. You configure both the port(s) and destination addresses you need for SNMP traps. Specify the port you want the agent to send traps to using the command-line object trap_port. Specify the hosts you want the agent to send traps to by maintaining the trap destination table using the dvadmin utility that comes with SwitchProbe Manager.
By default, all SNMP traps the probe generates are sent to NSM at port 395. But if you are using an umbrella management system which receives traps on the standard SNMP port 162, you configure the probe to send traps to port 162, or to both ports--395 and 162.
The command line object, trap_port, contains the number of the port the probe sends SNMP traps to. This object can contain the following valid values:
To specify the ports you want the probe to send all SNMP traps to, use the following steps.
Step 1 Access the Agent Configuration Utility.
Step 2 Select [11] Enter Command-line mode.
Step 3 Do one of the following:
set trap_port 162
set trap_port 395
set trap_port 162 395
The Token Ring or FDDI firmware that resides in FLASH on the Token Ring/FDDI module in SwitchProbe can upgraded. To upgrade the FLASH on the Token Ring or FDDI adapter, enter command-line mode, then type one of the following commands:
do tftp nstr.adp (for Token Ring probes) or do tftp nsfddi.adp (for FDDI probes)
where nstr.adp is the image file for the Token Ring FLASH and nsfddi.adp is the image file for the FDDI FLASH. These files are provided along with the ns7100.hex probe image firmware and are stored in the /tftpboot directory of the TFTP server.
You can set up the SwitchProbe as a roving agent to bring full RMON analysis to a specific switch port or other network device port, on demand.
This is used in conjunction with mini-RMON. For example, you can set up an external proxy agent to provide continuous mini-RMON support for all ports, then use the same agent as a roving agent to bring full RMON analysis to a particular port on demand.
Although you can use a single SwitchProbe model as a proxy RMON agent and a roving agent, remember they are two separate features; both are dependent on the device being monitored. For example, a network device might support proxy RMON but not roving.
To monitor a network device (such as a switch) with a roving agent, the device must support roving. A device supports roving when it meets the following two requirements:
Roving RMON involves a physical connection between the SwitchProbe device and the switch. Typical roving RMON configuration for a switch includes using one or more switch ports as a monitor port and one switch port as an analyzer port. The monitor port is the port that you want to examine traffic on, and the analyzer port is the port where an external SwitchProbe device connected to the switch views that traffic.
You can use any dual-port SwitchProbe device as a roving agent. The agent ports must be of the same media type and configured as shown in Table 6-4.
| SwitchProbe Interface | Mode | Connection | SwitchProbe Action |
|---|---|---|---|
| 1 | Manage | To the network with access to the switch | Sets monitor port and communicates with the TrafficDirector application |
| 2 | Serial/SLIP | Not used | |
| 3 | Monitor | Analyzer port | Views monitor port traffic |
|
|