SNMP Part-2

In my previous article, we discussed the SNMP https://www.dhirubhai.net/pulse/snmp-explained-what-you-must-know-monitoring-via-mib-oids-kumari/, today I will show you how to implement that in real-time.

 Let's say I would like to get the information in case of high CPU or high memory utilization on my switch. Though we can check this through the typical command on the switch like show process CPU or show process memory. But every time it's very difficult and tedious to login to the switch and checks the same.

 Let's do it in real-time. It's a very basic setup I am using a PC and a Switch I will be configuring the SNMP-agent on my switch and will be using my PC as the NMS.

First we need to configure the SNMP agent on the switch.

 1.      Telnet to the switch

2.      Go to the enable mode by specifying the password:

Sw1>en

Sw1#

3.      Go into configuration mode:

Sw1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Sw1(config)#

 4.      Use the command below to add a Read-Only community string:

Sw1(config)#snmp-server community public RO

 where "public" is the Read-only community string.

 5.      To add a Read-Write Community string, use the command below:

Sw1(config)#snmp-server community private RW

where "private" is the Read-write community string.

6.      Exit the configuration mode and save the settings:

Sw1(config)#exit

Sw1#wr mem

Building configuration...

Compressed configuration from 6363 bytes to 3242 bytes[OK]

 After this we need to make sure that the switch is pinagable from the NMS (here I am using my PC as NMS) and vice versa.

 Switch IP : 10.88.174.16

NMS (My PC IP) : 10.196.112.213

PKUMARI4-M-92EL:~ pkumari$ ping 10.88.174.16

PING 10.88.174.16 (10.88.174.16): 56 data bytes

64 bytes from 10.88.174.16: icmp_seq=0 ttl=228 time=358.612 ms

64 bytes from 10.88.174.16: icmp_seq=1 ttl=228 time=400.543 ms

 Sw1#ping vrf mgmtVrf 10.196.112.213

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.196.112.213, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 312/351/416 ms

We can see we can ping each other, so all good.

 I will be demonstrating using the SNMP walk, we can use the SNMP trap as well.

Traps: Push Model: Monitored device(SNMP agent) sends messages in the form of traps to the trap destination(in this case trap destination is our switch)

SNMP Walk: Pull Model: OpManager (in this case our switch)sends SNMP requests to the SNMP agent running on the monitored device and receives the response.

 I will poll the switch for CPU utilization for 5 min, 1 min and 5sec using different OIDs and also Memory Utilization using the below OIDs. We have plenty of OIDs and we can use as per our requirement.

 CPU Utilization

The CPU utilization over the last five second

1.3.6.1.4.1.9.9.109.1.1.1.1.6 ---OID

The CPU utilization over the last 1 min

1.3.6.1.4.1.9.9.109.1.1.1.1.7---OID

The CPU utilization over the last five minute

1.3.6.1.4.1.9.9.109.1.1.1.1.8--OID

 Log into your PC and execute the below command

 10.82.142.36-- My Switch IP where I have enabled the SNMP-agent

1.3.6.1.4.1.9.9.109.1.1.1.1.7- OID to poll CPU utilization for 5 sec

public - Community string which we have configured in the switch

One important point to be noted here is that the SNMP Read-Only community string is like a user id or password that is sent along with each SNMP Get-request and allowed or denies access to a switch or other device statistics. If the community string is correct the device responds with the requested information. If the community string is incorrect the device simply ignores the request and does not respond. Most network vendors ship their equipment with a default password of "public". I am using "public" as the community string here.

snmpwalk -c public 10.82.142.36 1.3.6.1.4.1.9.9.109.1.1.1.1.7

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.7.1000 = Gauge32: 5

snmpwalk -c public 10.82.142.36 1.3.6.1.4.1.9.9.109.1.1.1.1.8

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.8.1000 = Gauge32: 26

snmpwalk -c public 10.82.142.36 1.3.6.1.4.1.9.9.109.1.1.1.1.6

SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.6.1000 = Gauge32: 4

 This is the output that I got after using the above mentioned OIDs on my PC and the same we can verify from the typical output from the process CPU.

 Example : Here is the typical output from the show process CPU which I have tested in the lab.

Sw1#show processes cpu

Core 0: CPU utilization for five seconds: 6%; one minute: 6%; five minutes: 25%

Core 1: CPU utilization for five seconds: 4%; one minute: 4%; five minutes: 26%

 So here we can see that the utilization in 5 min is 26%, in 1 min is 4% and in 5 sec is 6% the same we are getting above as well.

 Memory Utilization

Polling [ciscoMemoryPoolUsed] = indicates the total amount of memory, in bytes, currently used by the switch

ciscoMemoryPoolUsed = 1.3.6.1.4.1.9.9.48.1.1.1.5

ciscoMemoryPoolFree = 1.3.6.1.4.1.9.9.48.1.1.1.6

On my PC I will be executing the below given command to poll the memory utilization.

snmpwalk -c public 10.82.142.36 1.3.6.1.4.1.9.9.48.1.1.1.5

SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.1 = Gauge32: 261142480

SNMPv2-SMI::enterprises.9.9.48.1.1.1.5.2 = Gauge32: 195192

snmpwalk -c public 10.82.142.36 1.3.6.1.4.1.9.9.48.1.1.1.6

SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.1 = Gauge32: 678674080

SNMPv2-SMI::enterprises.9.9.48.1.1.1.6.2 = Gauge32: 20776328

Both outputs are being derived from [show process memory detailed process iosd sorted] command:

Sw1#show process memory detailed process iosd sorted

Processor Pool Total: 939524096 Used: 260839872 Free: 678684224

   I/O Pool Total: 20971520 Used:   195192 Free:  20776328

 The following formula is used to calculate the percentage of memory used: ciscoMemoryPoolUsed/(ciscoMemoryPoolUsed + ciscoMemoryPoolFree) * 100.

 ciscoMemoryPoolUsed = 1.3.6.1.4.1.9.9.48.1.1.1.5

ciscoMemoryPoolFree = 1.3.6.1.4.1.9.9.48.1.1.1.6