druddle

There must be some sort of agent running on the Cisco that is reporting SNMP traps to a management station.

You need to know what is in the agent that runs on the Cisco and that will tell you how the traps are configured and what messages its sending to your management station. The MIB file on the management station will filter the traps coming from the Cisco and decipher them into something useful.

Have only worked with Brocade, EMC Clariion and FC/SCSI router MIBs, not with Ciscos so sorry i cant be more specific.

Dave

[Edited by druddle - 12/2/2003 2:13:21 PM]

scatter_wrx

There will be a MIB on the Cisco router.The router will keep statistics for various components on the device. Stats like discards will be in a counter (numerical) format, so each time a discard occurs the counter increases.

Monitoring tools normally poll the device (do an snmp get) & pull these stats. If the device is polled 5 minutes later, then the difference between the first poll & the second poll can be used to plot a graph, etc.

If you want to manually look at the device to see what the counters are, you will probably need to look at the stats of the following OID's:

.1.3.6.1.2.1.2.2.1.ifInErrors (14)
.1.3.6.1.2.1.2.2.1.ifOutErrors (20)
.1.3.6.1.2.1.2.2.1.ifInDiscards (13)
.1.3.6.1.2.1.2.2.1.ifOutDiscards (19)

You can then use some utility to do an snmp qeury on the device.

you may have the snmp tools installed. Try it from a dos prompt. Run something like:
snmpwalk <device_ip> <community_string> mib.2

This should return all the mib 2 OID stuff.

HTH

[Edited by scatter_wrx - 12/2/2003 1:00:38 PM]

[Edited by scatter_wrx - 12/5/2003 3:24:08 PM]

ozzy

AFAIK, the router doesn't actually store a MIB (as such). The snmp fields are supported through Cisco's IOS software revisions.

What you do need is a MIB covering the Cisco model, so that the 3rd party management software knows how to poll these fields.

You can get more info on the Cisco IOS software here. You can get more detailed info on Cisco MIB's here

I did all my training on Cabletron/Enterasys routers & switches, but they were more or less the same. The firmware & software revisions on their routers determined the support levels for anything (inc. SNMP), but you needed the correct MIB for the management software to interpret the data correctly.

Stefan

[Edited by ozzy - 12/2/2003 2:07:12 PM]

dsmith

Interface stats are held in standard MIBs rather then Cisco custom mibs. Any SNMP enabled host (like a cisco rourter) will be able to give throughput and error counters for all its interfaces.

Its all detailed in the RFCs (and no I cant be arsed to google for the number )

The problem with accessing them dircetly is the stats for each interface are held against the Interface index (ifIndex). So you have pull all the names off - find your index then go and get the stats. Nothing comnplex - but the software I linked to above does it all for you.

Deano


[Edited by dsmith - 12/2/2003 2:29:07 PM]

P1Fanatic

We have a lot of customers who use various third party monitoring companies to monitor the Cisco router we provide via SNMP. They then get access to a website with a pretty little graph showing stuff like throughput and errors.

Now a lot of them show certain errors on the router like discards, which arent however listed on a the cisco under a show interface or show controller output.

So any idea what info the SNMP trap pulls from the router and turns into a discards figure? Preferably the exact interface counter they relate to.

Im guessing its the buffers but would like to know for sure.

Thanks,
Simon.

P1Fanatic

No idea what a MIB is. Nothing configured in the router. All we do is add an snmp community string with a public password and tie it down to allow access from specific IP's that are bound by an standard ip access list. We then allow access from these same IP's via an inbound access-list allowing udp port 161.

However I have managed to track down a techie for one of these monitoring companies and apparently it pulls its info from the 'iftable' on a cisco.

Discards relates to buffer/queue drops on the outbound (serial 0 in this case) interface.

Simon.

Chris L

Simon

MIB = Management Information Base i.e. each value that is reported on (interface up/down etc) will have a MIB. So when Dave refers to the MIB agent, he means the acutal SNMP configurations on the router.

A quick flick through the Cisco website found this SNMP FAQ. If you need more info from the Cisco site and you find certain pages are restricted, drop me an email as I have CCO access to the Cisco website.

Chris

ozzy

With the Cisco's, they only run the IOS software on them, so any snmp support comes with the particular revision running on a router.

All I've had to do in the past was to use the relevant snmp-server commands.

Usually the MIB's are imported into the 3rd-party management software, so that it knows what fields or traps to read from the router.

Stefan

dowser

As mentioned, you need to know which MIB variable is being pulled - probably, but not definitely, a MIB-II one (a good place to start, anyway). There are various freeware SNMP utilities that you can use to query MIB variables assuming you know IP address, have IP access to the host, and know the community strings.

Unfortunately, last years SNMP vulnerability means that most companies know protect access to SNMP ports on their devices.....most even cleaned up their public/private issues

Richard

druddle

Forgot to mention, the MIB definition file will run on your management station so that your software will understand the SNMP traps that the piece of hardware is sending it.

Dave

P1Fanatic

As far as I can tell we dont store anything on the router.

Can anyone suggest an free app I can download to try pulling the stats from the router?

We are an ISP and yes we have locked our routers down after the Cisco snmp advisory last year. But I can easily update the ACL to allow access for myself.

We dont do stats though. Our custs by a service from us but its run by a 3rd party who frontline cust questions etc. As such there isnt much documentation on it as its not one of our systems.

Cheers,
Simon.

dsmith

Free SNMP Software

The Grandaddy of them all is MRTG. Its perl so can be run on both Windows and Linux. V easy for basic bandwidth - can require a little more work for erros/discards.

It includes the collection of Data (polling), storage and graph creation.

Successor is RRD Tool Much more flexible but "out of the box" only really gives data storage and on the fly graph creation.

I use Cacti. Uses PHP + RRDTool and gives an easy use to use Web frontend for configuration and graph creation using RRDTool. Runs on both Windows and Linux. Has all the templates you need for Interface Data/Errors/Discards right out of the box. Highly recommended

Deano

scatter_wrx

I've be surprised if the cisco router didn't have a mib you could query & wasn't collecting snmp information.

Not sure how you actually want to present the snmp information. You could try here for a tool that graphically displays traffic and other things.

If you want to get the raw data, you need a tool to return the snmp data. if you run windows then you can load on the windows resource kit which has some snmp stuff. Or else you will get a similar utility on the web. Have a search!

[Edited by scatter_wrx - 12/5/2003 3:25:12 PM]

stevencotton

Perl and Net::SNMP will return raw SNMP data in a few lines of code, all in the Net::SNMP docs IIRC.

scatter_wrx

The information will be stored by the device somehow (in memory, files, hardware counters etc). Check with cisco how they store it. Not that it really matters if all you interested in is getting this information back.

As Deano said, if you want to collect specific information for specific interfaces, you will need to work out the ifindex & then run a query on that.