David Stanford Mon, 11/05/2007 - 07:11
User Badges:
  • Cisco Employee,

No specific trap for CRC errors, but you can use RMON to create a threshold and trap:


Here is a sample on how to configure your router to send an snmp trap when ifInErrors are over a threshold.


First, you need to know what interface you care and find out the ifIndex. On NetView box:


snmpwalk -c your_read_community_string the_router_ip_address ifDescr


You should see something like:

interfaces.ifTable.ifEntry.ifDescr.1 : DISPLAY STRING- (ascii): ATM1/0/0

interfaces.ifTable.ifEntry.ifDescr.2 : DISPLAY STRING- (ascii): Fddi1/1/0

interfaces.ifTable.ifEntry.ifDescr.3 : DISPLAY STRING- (ascii): ATM4/0

interfaces.ifTable.ifEntry.ifDescr.4 : DISPLAY STRING- (ascii): Serial5/0/0

interfaces.ifTable.ifEntry.ifDescr.5 : DISPLAY STRING- (ascii): Serial5/0/1

interfaces.ifTable.ifEntry.ifDescr.6 : DISPLAY STRING- (ascii): Serial5/0/2

interfaces.ifTable.ifEntry.ifDescr.7 : DISPLAY STRING- (ascii): Serial5/0/3

interfaces.ifTable.ifEntry.ifDescr.8 : DISPLAY STRING- (ascii): Ethernet5/1/0

interfaces.ifTable.ifEntry.ifDescr.9 : DISPLAY STRING- (ascii): Ethernet5/1/1


If I am interested in Serial5/0/1, then the index is 5.


conf t

rmon event 3 log trap public description "Too many errors" owner cisco

rmon event 4 log trap public description "Errors are now below threshold" owner cisco

rmon alarm 2 ifEntry.14.5 60 delta rising-threshold 200 3 falling-threshold 100 4 owner

cisco


The above says, if index 5 of ifInErrors (which is ifEntry.14.5) is above 200 over 60

seconds, then send event 3 trap, once it goes below 100 each 60 second, send event 4 trap.



You can this with other traps. You might also want to look at the object locIfInCRC specifically for CRC errors.

laichenkang Sat, 11/10/2007 - 15:52
User Badges:

Thank you for the reply.


Is it possible to configure this for all interface? Reason is I have a 4 switch (48 ports each) stackwise configuration. It would be too much to configure that one for each interface.


Thanks again.

guruprasadr Sun, 11/11/2007 - 21:41
User Badges:
  • Gold, 750 points or more

HI, [PLS RATE if HELPS]


Depending on your IOS version, you may be able to do this with the Embedded Event Manager.


Here is a sample EEM applet that will poll for input CRC errors every 60 seconds on interface FastEthernet0/0, and log them using syslog:


event manager applet crc_check


event interface name FastEthernet0/0 parameter input_errors_crc poll-interval 60 entry-op ge entry-val-is-increment true entry-val 1


action 1.0 syslog msg "CRC found on interface $_interface_name : $_interface_value"


Refer the Attachments (.pdf) for More Details on EEM.



PLS RATE if HELPS


Best Regards,


Guru Prasad R




laichenkang Tue, 11/13/2007 - 20:03
User Badges:

seems that I can't monitor multiple ports at any one time.

guruprasadr Tue, 11/13/2007 - 20:15
User Badges:
  • Gold, 750 points or more

HI,


Please Rate if HELPS


You can study the EEM Document and can write multiple such Applet to Monitor the Traffic.


Refer the Sample Applet Posted in my earlier POST.


"Do RATE ALL HELPFUL POSTS"



Best Regards,


Guru Prasad R

laichenkang Tue, 11/13/2007 - 22:33
User Badges:

Solved this by incrementing the event id for each interface interested.

laichenkang Tue, 11/13/2007 - 22:32
User Badges:

davistan


Thank you for the response.


I have sent up rmon on the interfaces that I am interested. However, I understand I need to configure SNMP too?


Any ideas?


David Stanford Wed, 11/14/2007 - 14:57
User Badges:
  • Cisco Employee,

Yes, you will also need to configure snmp so that the traps can be sent.


A very basic snmp config would look like:


snmp-server community public RO

snmp-server enable traps

snmp-server host 1.1.1.1 public traps



Of course you should substitute public with a more secure community string and replace 1.1.1.1 with a valid host IP address.

i am interested in knowing the difference between traps sent by snmp, and by using RMON.


Daviston,

I have an STM-1 link on my core router, but the traps that i have did not report me the link updown information when there was a downtime due to fiber cut .. Here are the traps that i have cnfigured already.


snmp-server engineID local ENGINEID

snmp-server community STRING RO

snmp-server community STRING_W RW

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps chassis

snmp-server enable traps module

snmp-server enable traps transceiver all

snmp-server enable traps ds1

snmp-server enable traps eigrp

snmp-server enable traps casa

snmp-server enable traps tty

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface-old

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps atm subif

snmp-server enable traps bgp

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps event-manager

snmp-server enable traps frame-relay

snmp-server enable traps frame-relay subif

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps MAC-Notification move threshold

snmp-server enable traps msdp

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps rf

snmp-server enable traps rtr

snmp-server enable traps slb real virtual csrp

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps mvpn

snmp-server enable traps mpls traffic-eng

snmp-server enable traps mpls fast-reroute protected

snmp-server enable traps mpls ldp

snmp-server enable traps mpls rfc ldp

snmp-server enable traps pw vc

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps flash insertion removal

snmp-server enable traps memory bufferpeak

snmp-server enable traps flex-links status

snmp-server enable traps csg agent quota-server database

snmp-server enable traps sonet

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps resource-policy

snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config

snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up

snmp-server enable traps cpu threshold

snmp-server enable traps rsvp

snmp-server enable traps srp

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd swbus

snmp-server enable traps dot1x

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps port-security

snmp-server enable traps alarms minor

snmp-server enable traps vlan-mac-limit

snmp-server enable traps mpls vpn

snmp-server host HOST_NAME KEY




Martin Ermel Mon, 11/19/2007 - 03:56
User Badges:
  • Blue, 1500 points or more

a snmp trap is a predefined information in the MIB for a specific state change of the value of a certain MIB object or the SNMP agent itself and thus automatically implemented on a device if the SNMP agent on the device supports this MIB. It is not possible to change the information in this predefined trap - it is just possible to enable or disable it.

Whereas with RMON you have the possibility to monitor the value of (any) MIB object of your choice (like CRC counter) and define

1) the intervall at which to look at the value of the MIB object

2) the way how to look at the value (dalta or absolute)

3) define the critical value (rising-/falling threshold value)

this makes a 'rmon alarm'


and send a trap with your own description if your conditions are getting hit - which is the 'rmon event'


http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_c/fcfprt3/fcf016.htm


If you don't get a trap when your link goes down then either

- there is 'no snmp trap links-status' configured at the interface level- or it is a sub interface on a physical interface where the physical inter does not goes down when the subinterface goes down (protocol down)

in this situation you can use the rmon feature as davistan wrote or as it is described here

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe4c7d/0#selected_message





OK i am good to configure RMON.. But i have a question...


It says, promiscuous mode (RMON monitors all packets on LAN segment) is more intensive than the native mode (RMON monitors onlu the packets normally received by the interface).


is there anyway i could in advanced, be aware of risks associated with configuring RMON in native mode, just for 5 interfaces? Whould i have to test it by hit and trial?

Martin Ermel Thu, 11/22/2007 - 00:24
User Badges:
  • Blue, 1500 points or more

if you search on Cisco.com for "rmon commands" (with quotes) you will get a good list with documentation on this. But I do not know of a document that describes how to calculate the effect when configuring rmon and I think this is not possible because it depends on the hardware, CPU, RAM and overall traffic and other config options (e.g. encryption) that interfere with the overall performance of a device.


HTH

-if it does, please rate or mark your questions as resolved if you open a thread, so other members of the forum see that a thread has valuable information


Actions

This Discussion