Did You Know?

Hierarchical approvals let your manager know what people are trying to transfer

CONNEXITE
leafleafleafMan illustrationFlower illustration
Updated on May 4, 2026

Configuring RMON

Estimated reading: 10 minutes 1 views

Summary: Networking › Switching › Edge › Synapse

Overview of RMON

SNMP is the most widely used network management protocol in the Internet. The collection and statistics of network communication information are realized through the agent software embedded in the device. The management software obtains the information by sending query signals to the MIB of the agent through polling, and realizes the management of the network through the obtained information. The management software sends queries to the proxy MIB by means of a query to obtain this information and manages the network through the information obtained. Although the MIB counter records the sum of the statistics, it does not allow historical analysis of the day-to-day communication situation. In order to provide a comprehensive view of the flow and traffic changes over the day, web hosting software requires continuous poll to analyze the status of the network through the information available. Polling with SNMP has two distinct disadvantages:

  • Occupies a lot of network resources. In a large-scale network, a large number of network communication packets will be generated by polling, which will cause network congestion and even cause network congestion. Therefore, SNMP is not suitable for managing large-scale networks. , not suitable for recycling large amounts of data, such as routing table information.
  • The task of collecting data in SNMP polling is done by the network administrator through the network management software. If the network administrator monitors more than 3 network segments, it may occur that the network is overloaded due to the heavy burden. A situation in which a manager is unable to complete a task.

In order to improve the availability of management information, reduce the burden of management stations, and meet the needs of network administrators to monitor the performance of multiple network segments, IETF developed RMON to solve the limitations of SNMP in the expanding distributed interconnection. The monitoring function of the data traffic of the network segment and even the entire network. The following are the features of RMON:

  • SNMP is the basis for the realization of RMON, and RMON is the enhancement of SNMP functions.

RMON is implemented based on the SNMP architecture and is compatible with the existing SNMP framework. It is still composed of the network management workstation NMS and the agent running on each network device. Since RMON does not use another set of mechanisms, which are shared between NMS and SNMP, network managers do not need additional learning and are therefore simpler to achieve.

  • RMON enables SNMP to monitor remote network devices more effectively and proactively, and provides an efficient means for monitoring the operation of the network.

The RMON protocol stipulates that the managed device can automatically send Trap information when the alarm threshold is reached, so the management device does not need to obtain the value of the MIB variable through polling multiple times for comparison. The purpose of efficiently managing large interconnected networks. RMON allows multiple monitors, and monitors can collect data in the following two ways:

  • Through a dedicated RMON Probe (detector), the NMS directly obtains management information from the RMON Probe and controls network resources. In this way, all the information of the RMON MIB can be obtained.
  • Embed RMON Agent directly into network devices, making them network devices with RMON Probe function. The NMS uses SNMP to exchange data information with it and collect network management information. This method is limited by device resources and generally cannot obtain all the data of the RMON MIB. Basically, only four groups (alarms, events, history, and statistics) are collected.

Our equipment adopts the second method and implements the RMON Agent function on the equipment. Through this function, the management device can obtain information such as overall traffic, error statistics, and performance statistics on the network segment connected to the managed network device interface, thereby realizing network monitoring.

Rationale

Before configuring RMON, you need to understand the basic concepts of the four groups of statistics, history, alarms, and events defined by the RMON specification.

RMON features

RMON mainly implements statistics and alarm functions, and is used for remote monitoring and management of managed devices by management devices in the network. The RMON statistics function can be implemented through the RMON statistics group or the RMON history group, which are divided into Ethernet statistics functions and historical statistics functions.

  • Historical statistics function (corresponding to the historical group in the RMON MIB): The system periodically samples and collects network status statistics and stores them for subsequent processing. The system will periodically collect statistics on various traffic information, including bandwidth utilization, number of error packets and total number of packets.
  • Ethernet statistics function (corresponding to the statistics group in the RMON MIB): The system collects basic statistics about each network being monitored. The system will continuously count the traffic of a certain network segment and the distribution of various types of packets, or the number of error frames of various types, the number of collisions, etc. The system will keep track of all traffic information on a regular basis, including bandwidth utilization, erroneous packages and total packages.

The RMON alarm function includes the event definition function and the alarm threshold setting function. The RMON alarm function is realized by the combination of these two sub-functions.

  • Event definition function (corresponding to the event group in the RMON MIB): The event group controls the events and prompts from the device, and provides all events generated by the RMON Agent. When an event occurs, it can record logs or send Trap to the network management station.
  • Set the alarm threshold function (corresponding to the alarm group in the RMON MIB): The system monitors the specified alarm variable (the OID corresponding to any alarm object). After the user pre-defines a set of thresholds and sampling time for the specified alarm, the system will obtain the value of the specified alarm variable according to the defined time period. When the value of the alarm variable is greater than or equal to the upper threshold, an upper alarm event will be triggered; When the value of the variable is less than or equal to the lower limit threshold, a lower limit alarm event is triggered. RMON Agent will record the above monitored status as a log or send Trap to the network management station.

Multiple RMON groups are defined in the RMON specification (RFC2819), and the device implements four groups of statistics, history, alarm, and events supported in the public MIB. These groups are introduced separately below.

  • Statistics group

The statistics group specifies that the system will continuously collect statistics on various traffic information of the Ethernet interface, and store the statistical results in the Ethernet statistics table (etherStatsTable) for the management device to view at any time. Statistics include the number of network collisions, the number of CRC check error packets, the number of data packets that are too small (or too large), the number of broadcast and multicast packets, the number of bytes received, and the number of received packets. After the statistics entry is successfully created on the specified interface, the statistics group collects statistics on the number of packets on the current interface, and the statistics result is a continuous accumulated value.

  • History group

The history group periodically collects network status statistics and stores them for subsequent processing. The history group contains two tables:

  • historyControlTable: It is mainly used to set control information such as sampling interval time.
  • etherHistoryTable: It is mainly used to store the historical data collected by the historical group on a regular basis for network status statistics, and to provide network administrators with historical data on network segment traffic, error packets, broadcast packets, utilization, and collision times and other statistical information.
  • Event group

The event defined by the event group is used in the alarm group configuration item and the extended alarm group configuration item. When the monitoring object reaches the alarm condition, the event will be triggered. RMON event management is to add events to the specified row of the event table and define how the events are handled:

  • log: only send logs
  • trap: only send trap messages to NMS
  • log-trap: send both logs and trap messages to NMS
  • none: do nothing
  • Alarm group

Alarm groups allow monitoring of a predefined set of thresholds for alarm variables (which can be arbitrary objects in the local MIB). After the user defines the alarm table item (alarmTable), the system will obtain the value of the monitored alarm variable according to the defined time period. When the value of the alarm variable is greater than or equal to the upper limit threshold, an upper limit alarm event will be triggered; If the value is less than or equal to the lower limit threshold, a lower limit alarm event is triggered, and the alarm management will perform corresponding processing according to the definition of the event.

Configuring

  • Configuring Statistics Group
SWITCH(config)# rmon statistics <1-65535> interface IFNAME {owner OWNERNAME |}
SWITCH(config-if)# no rmon statistics <1-65535>

configure/delete statistics group. <1-65535>: Group index. IFNAME : interface name. OWNERNAME : owner information.

SWITCH(config)# rmon history <1-65535> interface IFNAME buckets <1-65535> interval <1-3600> {owner OWNERNAME |}
SWITCH(config-if)# no rmon history <1-65535>

configure/delete history group. <1-65535>: Group index. IFNAME : interface name. <1-65535>: History bucket size. <1-3600>: Recording period; the unit is seconds. OWNERNAME : owner information.

SWITCH(config)# rmon event <1-65535> {description DESCRIPTION |} {log | trap COMMUNITY | log-trap COMMUNITY | none} {owner OWNERNAME |}
SWITCH(config-if)# no rmon event <1-65535>

configure/delete event groups. <1-65535>: Group index. DESCRIPTION: Event description. COMMUNITY: Trap communication group word. OWNERNAME: owner information.

SWITCH(config)# rmon alarm <1-65535> object STRING <1-65535> {absolute | delta} rising-threshold <1-2147483645> <1-65535> falling-threshold <1-2147483645> <1-65535> {owner OWNERNAME |}
SWITCH(config-if)# no rmon alarm <1-65535>

Configure/delete alarm groups. <1-65535>: Group index. STRING: OID of alarm monitoring; for example, 1.3.6.1.2.1.2.2.1.10.1 indicates the number of bytes received by monitoring interface 1. <1-65535>: Monitoring period; the unit is seconds. <1-2147483645>: Rising Threshold. <1-65535>: Rising event index; corresponds to the index in the event group. <1-2147483645>: Falling Threshold. <1-65535>: Fall event index; corresponds to the index in the event group. OWNERNAME: owner information.

SWITCH(config)# rmon max-log <1-65535>
SWITCH(config-if)# no rmon max-log

Configure/reset the upper limit of log entries. <1-65535>: Number of entries. The log here refers to the log generated by the event group, not the system log. The default upper limit is 100; when the number of logs generated exceeds the limit of entries, the old logs will be deleted according to the generation time to maintain the upper limit.

Examples

Requirements

The IP address of the SNMP network management server is 2.2.2.2, and the community word for read and write communication is public. The network management server needs to query the traffic of port 1 of the device through rmon The network management server needs to monitor the input traffic of port 1 of the device through rmon. The cycle is 10 seconds. Once the number of input bytes changes by more than 1MB (1000000B), an alarm is triggered and a log is recorded. Configuration steps

Initialize the network management configuration

SWITCH#
SWITCH#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

SWITCH(config)#snmp-server community public
SWITCH(config)#snmp-server 2.2.2.2 community public
SWITCH(config)#

Configure the rmon statistics group (the following rmon configurations can be configured on the NMS through the MIB)

SWITCH(config)# rmon statistics 1 interface gigabitEthernet0/1 owner abc

Configure rmon events and alarm groups (the following rmon configurations can be configured on the NMS through MIB)

SWITCH(config)# rmon event 1 log-trap public owner abc
SWITCH(config)# rmon alarm 1 object 1.3.6.1.2.1.2.2.1.10.1 10 delta rising-threshold 1000000 1 falling-threshold 1000000 1

Display Information

  • Show Event Group LSog
SWITCH#show rmon log

event 1 log 226 time 2304 desc event 1 log 227 time 2314 desc event 1 log 228 time 2324 desc event 1 log 229 time 2334 desc event 1 log 230 time 2344 desc event 1 log 231 time 2354 desc event 1 log 232 time 2364 desc event 1 log 233 time 2374 desc ……

Related articles

Share this Doc

Configuring RMON

Or copy link

Powered By EazyDocs