3Com Router User Manual

							SNMP Overview77
“Corporation code of 3Com Corporation. (800007DB) + Equipment information”. 
Equipment information can be the IP address, MAC address or self-defined 
hexadecimal digit string.
You can skip these two operations when you begin to configure SNMP for a router 
because SNMP service will be enabled once you configure any related SNMP 
commands (except for the 
display commands). It is equivalent to configuring the 
snmp-agent command. Furthermore, the default engine ID can generally ensure 
the uniqueness of the router on the network.
2Configure SNMP version and related tasks
The 3Com Router series support SNMPv1, SNMPv2c and SNMPv3.
SNMPv1 and SNMPv2c adopt a community name for authentication, and the 
SNMP packets that are not compliant with the community name authorized by the 
equipment will be discarded. Different groups can have either the read-only or 
read-write access authority. A group with the read-only authority can only query 
equipment information, whereas a group with read-write authority can configure 
the equipment. The authorities are specified by MIB views.
Security defined in SNMPv3 is user-based hence an SNMP user inherits the 
authority of the SNMP group to which it belongs. Different NMS have different 
access authority. An SNMP group can have read-only, read-write or notifying 
authority. The authorities of the SNMP group are also determined by MIB views.
Perform the following configurations in system view.
Ta b l e 58   Configure SNMP version and related tasks
OperationCommand
Select an SNMP version for NMSsnmp-agent sys-info version { v1 | v2c | 
v3 | all }
Define the SNMP version(s) that 
NMS are not permitted to useundo snmp-agent sys-info version { v1 | 
v2c | v3 | all } 
Create or update view 
informationsnmp-agent mib-view { included | excluded 
} viewname subtree subtree
Delete a viewundo snmp-agent mib-view view-name
Set name and access authority 
for a communitysnmp-agent community { read | write } 
community_name [ mib-view view-name ] [ 
acl number ]
Remove the previous community 
nameundo snmp-agent community community_name
Set an SNMP groupsnmp-server group { v1 groupname | v2c 
groupname | v3 groupname { authentication 
| noauthentication | privacy } } [ 
read-view readview ] [ write-view 
writeview ] [ notify-view notifyview ] 
[acl  number ] 
Delete an SNMP groupundo snmp-agent group { v1 groupname | v2c 
groupname | v3 groupname { authentication 
| noauthentication | privacy } }
Add a new user to an SNMP 
group and specify the SNMP 
version as well as the 
authentication/encryption modesnmp-agent usm-user  { v1 username 
groupname | v2c username groupname | v3 
username groupname [ authentication-mod { 
md5 | sha } auth-password [ privacy-mod 
des56 priv-password ] ] } [ acl number ] 
						

							78CHAPTER 5: CONFIGURING NETWORK MANAGEMENT
By default, SNMPv3 is used. The default view name in the system is ViewDefault, 
and OID of which is 1.3.6.1. SNMP group has only the read-only authority by 
default.
If SNMPv1/SNMPv2c is used, the community name or SNMPv1/SNMPv2c groups 
and users should be configured. If SNMPv3 is used, SNMPv3 groups and users 
should be configured.
Before configuring an SNMP group, you should first define the view, which will be 
used for configuring the SNMP group. When configuring the community name, 
however, specifying a view is optional.
3Configure information of router administrator
You should correctly configure information describing location and management 
of the local equipment so that the network administrator can contact the 
equipment administrator.
Perform the following configurations in system view.
Ta b l e 59   Configure information of router administrator
4Configure traps to be sent by the router
Traps are unsolicited messages that a managed device sends to an NMS for 
reporting some urgent and significant events. When a router works as a managed 
device, you should configure the destination and source addresses of the trap that 
it will send. The destination address is the IP address of the NMS receiving the trap 
packet, and the source address is the address of the local router, that is, the 
address of an interface on the local router.
Perform the following configurations in system view.
Ta b l e 60   Configure the traps to be sent by the router
Delete a user from the SNMP 
groupundo snmp-agent usm-user    { v1 username 
groupname | v2c username groupname | v3 
username groupname }
OperationCommand
Set the administrator ID and the contact methodsnmp-agent sys-info contact 
string 
Restore the default administrator ID and the 
contact methodundo snmp-agent sys-info 
contact
Set router location informationsnmp-agent sys-info location 
string 
Restore the default router locationundo snmp-agent sys-info 
location
OperationCommand
Enable the router to send trapssnmp-agent trap enable [ trap-type ]
Disable the router to send trapsundo snmp-agent trap enable   
Specify the interface whose address 
is bound as the source address in 
the trap messagessnmp-agent trap source interface-type 
interface-number
Remove the interface whose 
address is bound as the source 
address in the trap messagesundo snmp-agent trap source 
						

							SNMP Overview79
By default, the router is disabled to send traps.
5Configure the maximum size of SNMP packets that the router can send/receive
Set the Max SNMP messages that can be received/sent by the agent according to 
the network loading capacity.
Perform the following configurations in system view.
Ta b l e 61   Configure the maximum size of SNMP packets that the agent can send/receive 
Display and Debug 
SNMPPerform the following commands in all views.
Ta b l e 62   Display and debug SNMP
Set the address of host receiving 
the trapssnmp-agent target-host trap address 
host-addr [ port port ] [ parameters { 
v1 | v2c | v3 { authentication | 
noauthentication | privacy } } ] 
securityname name
Remove the address of host 
receiving the trapsundo snmp-agent target-host trap address 
host-addr [ port port ] securityname 
name
Set the message queue length of 
traps destined to a hostsnmp-agent trap queue-size length
Restore the default message queue 
lengthundo snmp-agent trap queue-size
Set the timeout time for trapssnmp-agent trap life timeout
Restore the default timeout time for 
trapsundo snmp-agent trap life
 Operation Command
Set the maximum size of SNMP packets that the 
agent can receive/sendsnmp-agent packet max-size 
byte-count
Restore the default maximum size of SNMP 
packetsundo snmp-agent packet max-size
OperationCommand
Display the statistics of SNMP packetsdisplay snmp-agent statistics
Display the current equipment engine IDdisplay snmp-agent 
local-engineid
Display information of system locationdisplay snmp-agent sys-info 
location
Display system contact informationdisplay snmp-agent sys-info 
contact
Display information of snmp groups on the 
routerdisplay snmp-agent group
Display information of all SNMP users in the 
group user name listdisplay snmp-agent usm-user
Display the group names that have been 
configureddisplay snmp-agent community
Display information of the MIB views that have 
been configureddisplay snmp-agent mib-view
Enable SNMP debuggingdebugging snmp-agent { headers | 
packets | process | trap | all } 
						

							80CHAPTER 5: CONFIGURING NETWORK MANAGEMENT
Typical Configuration 
ExamplesExample 1: Configure Network Management of SNMPv1
I. Networking Requirements
In the following diagram the NMS and a router are connected via the Ethernet. 
The IP addresses of NMS and the Ethernet interface on the router are respectively 
129.102.149.23 and 129.102.0.1.
II. Networking Diagram
Figure 3-3Configure SNMP
III. Configuration Procedure
1Enable the router to support SNMP and select an SNMP version.
[Router] snmp-agent
[Router] snmp-agent sys-info version v1
2Set the community name and access authority.
[Router] snmp-agent community public read
[Router] snmp-agent community private write
3Set the ID of administrator, contact method and physical location of the router.
[Router] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Router] snmp-agent sys-info location telephone-closet,3rd-floor
4Enable the router to send traps to NMS (129.102.149.23) and use the community 
name “public”, and set the source address in the traps to be the IP address of the 
interface ethernet 0.
[Router] snmp-agent trap enable
[Router] snmp-agent target-host trap address 129.102.149.23 
securityname public
[Router] snmp-agent trap source ethernet 0
5Configure an IP address for the Ethernet interface ethernet 0.
[Router] interface ethernet 0
[Router-Ethernet0] ip address 129.102.0.1 255.255.0.0
Example 2: Configure Network Management of SNMPv3
I. Networking Requirements
■According to the networking of Example 1, NMS is connected to the router via 
the Ethernet, and their IP addresses are respectively 129.102.149.23 and 
129.102.0.1.
■SNMPv3 is required. Three SNMP groups will be configured and respectively 
authorized with read-only, writing, and notifying rights. Three SNMP users 
belong to the three groups respectively, and three MIB views are used as read, 
write and notify views respectively.
■Information of the network administrator is required to be configured. 
129.102.0.1
129.102.149.23NMS
Routere 0
Ethernet 
						

							RMON Overview81
■Required if traps are to be sent — the IP address of the interface ethernet 0 is 
the source address of the traps, and the address of the NMS is the destination 
address.
II. Networking Diagram
Refer to the networking diagram of Example 1.
III. Configuration Procedure
1Enable the router to support SNMP and select an SNMP version.
[Router] snmp-agent
2Set SNMP groups, users and views.
[Router] snmp-agent mib-view included read_view subtree 1.3.6.1 
[Router] snmp-agent mib-view included write_view subtree 1.3.6.1.5 
[Router] snmp-agent mib-view excluded notify_view subtree 1.3.6.2 
[Router] snmp-agent group v3 group_read noauthentication read -view 
read_view 
[Router] snmp-agent group v3 group_write privacy write-view 
write_view
[Router] snmp-agent group v3 group_notify authentication read-view 
notify_view
[Router] snmp-agent usm-user v3 user_read group_read
[Router] snmp-agent usm-user v3 user_write group_write 
authentication md5 123 privacy-mod des56 asdf
[Router] snmp-agent usm-user v3 user_notify group_notify 
authentication md5 qwer 
3Configure information of equipment administrator
[Router] snmp-agent sys-info contact Mr.Wang-Tel:3306
[Router] snmp-agent sys-info location telephone-closet,3rd-floor
4Configure the router to send Traps to the host whose IP address is 
129.102.149.23.
[Router] snmp-agent trap enable
[Router] snmp-agent target-host trap address 129.102.149.23 
securityname user_notify parameters v3 auth
[Router] snmp-agent trap source ethernet 0
5Configure an IP address for the Ethernet interface ethernet 0
[Router] interface ethernet 0
[Router-Ethernet0] ip address 129.102.0.1 255.255.0.0
RMON OverviewRMON (Remote Monitor) is a MIB defined by IETF and is the most important 
enhancement for the MIB II standard. It mainly monitors the data flow in a 
network segment or on the entire network. It is implemented on the basis of the 
SNMP architecture (one of its strengths), including NMS and Agent running on 
network equipment.
RMON Agent performs statistics of diversified flow information on the network 
segments connected to the ports, such as the total messages on a network 
segment within a certain period or the total of correct messages sent to a host. It 
enables SNMP to monitor remote network devices more efficiently and more 
actively and provides an efficient method to monitor sub-network running. This 
method can help reduce communication flows between the NMS and the Agent,  
						

							82CHAPTER 5: CONFIGURING NETWORK MANAGEMENT
thus managing large-scale interconnection networks easily and effectively. RMON 
also allows several monitors and can collect data in two ways: one is to collect 
with the RMON probe — NMS directly obtains management data from an RMON 
probe and controls network resources. In this way, all RMON MIB data can be 
obtained. The other way is by the RMON Agent directly implanted in network 
equipment (router, switch and HUB) which will become network facilities with 
RMON probe function. NMS exchanges data information with them and collects 
network management information through SNMP basic commands. However, 
limited by equipment resources, not all RMON MIB data can be obtained this way. 
In most cases, only four groups of information can be collected. Currently, the 
3Com Router 1.x implements RMON in the second way.
RMON-MIB is composed of a group of statistics data, analysis data and diagnosis 
data. Standard MIB not only provides a lot of the original port data of the 
managed object, but it provides statistics data and calculation results of a network 
segment. By running SNMP Agent supporting RMON on the network monitor, 
NMS can obtain the overall flow, error statistics, and performance statistics of the 
network segment, that connects the interfaces of managed network equipment 
so as to fulfill network management. An RMON application example is shown 
below:
Figure 36   Schematic diagram of RMON application
The value includes three managed objects. With enhanced RMON alarm group 
function, if a sample is found to cross the threshold, which has been configured, 
RMON Agent will report to NMS so as to avoid a lot of query messages of the 
NMS.
Configure RMON on the 
RouterTo configure RMON after SNMP, first configure RMON command lines on the 
3Com Router series. Then enable RMON statistics before NMS can be used to 
monitor network traffic and perform network management.
RMON configuration includes:
Router
Ethernet
Ethernet
RouterBridge
PC with RMON
Ethernet
Bridge
With RMON function Router
Internet
Console with RMON
FDDI
Backbone 
						

							RMON Overview83
■Enable RMON statistics of Ethernet interface
1Enable RMON statistics of Ethernet interface
After enabling RMON statistics of an Ethernet interface, the router will perform 
the statistics of the packet incoming and outgoing through this interface. After 
disabling it, the router will not perform the statistics of the packet incoming and 
outgoing through this interface.
Perform the following task in Ethernet interface view.
Ta b l e 63   Enable RMON statistics of an Ethernet interface 
RMON statistics is disabled by default.
This command cannot be used in Sub-interface view.
RMON Configuration 
ExamplesEnable RMON statistics
I. Networking Requirement
To ensure that the router can detect the packet whose destination is another 
router from the Ethernet interface, the interface should be added in the DLSw 
bridge set. Otherwise, the router only performs statistics for frames with this 
router as the destination.
II. Networking Diagram:
Figure 37   Enable RMON statistics 
III. Configuration Procedure
Configure the 3Com Router 
1Configure address and route of host1, host2, host3, routerA and routerB. Make 
sure they can ping through each other. Specific operation is omitted here.
2Add Ethernet interface Ethernet 0 to DLSw bridge set.
[RouterA] interface ethernet 0
[RouterA-Ethernet0] bridge-set 1
3Enable RMON statistics of Ethernet 0
OperationCommand
Enable RMON statistics of an Ethernet interfacermon promiscuous 
Disable RMON statistics of an Ethernet interfaceundo rmon promiscuous
Ethernet
A(tes ted router)B host1
129. 1. 1. 111/ 24
host3129. 2. 2. 222/ 24      129. 1. 1. 100/
24202. 38. 165. 1/ 24
202. 38. 165. 2/ 24129. 2. 2. 200/
24
hos t2129. 1. 1. 112/ 24 
						

							84CHAPTER 5: CONFIGURING NETWORK MANAGEMENT
[RouterA] interface ethernet 0
[RouterA-Ethernet0] rmon promiscuous 
						

							6
DISPLAY AND DEBUGGING TOOLS
This chapter includes information on the following topics:
■Display Command Set
■Debugging Command Set
■Test Tool of Network Connection
■Log Function
Display Command SetWith display commands, the system status and system information can be 
viewed. 
display commands can be divided as follows according to the 
functionality:
■The command to display system configuration information
■The command to display system running status
■The command to display system statistic information 
The following commands can be used to display related information of the whole 
system in all views. Please see related chapters in this manual for specific 
display 
commands.
Ta b l e 64   Commands to display information of the whole system
Debugging Command 
SetThe command line interface of the 3Com Router 1.x provides abundant 
debugging commands, almost corresponding to all the protocols supported by the 
router, helping the user to diagnose and eliminate network faults. 
OperationCommand
Display current terminal user.display client
Display the system clockdisplay clock
Display the current memory type display configfile
Display states of various debugging switchesdisplay debugging
Display the history record of input commanddisplay history-command
Display the router namedisplay systname
Display current configuration information of the 
system display 
current-configuration
Display initial configuration information of the system 
stored in router Flashdisplay saved-configuration 
Display primary system configuration informationdisplay tech-support [ page 
]
Display registered terminal userdisplay user
Display version information of system display version 
						

							86CHAPTER 6: DISPLAY AND DEBUGGING TOOLS
Two switches control the output of the debugging information:
■Debugging switch, which controls whether to test a certain 
function/module/protocol. 
■Syslog output direction switch, which controls outputting the debugging 
information to the control console, Telnet terminal or internal buffer or log 
host. 
The following is part of the common debugging commands. For more specific 
debugging commands related to various protocols, please see related chapters in 
this manual and the 3Com Router Command Reference Guide.
The 3Com Router provides a shortcut Ctrl+D to close the huge amount of 
debugging information output by the terminal, which functions the same as the 
command 
undo debugging all.
Examples are omitted here. Please see relevant chapters in the 3Com Router 
Command Reference Guide.
In addition, when any terminal user enables or disables the debugging, the 
debugging information output on other user terminals will be affected.
As for all link layer protocols, the debugging can be controlled according to 
interfaces, so that the interference of a huge amount of redundant information 
can be avoided effectively and it makes troubleshooting more convenient.
On the 3Com Router, Syslog (log system) manages the output of debugging 
information and other prompt information. Before obtaining the debugging 
information, you need to open the related Syslog switch. Firstly, you must use the 
info-center enable command to enable Syslog function, then you can use the 
info-center console or info-center monitor command to enable debugging 
according to the different type of terminal, or use the 
info-center console 
debugging
 command on the Console terminal, or use info-center monitor 
debugging
 on the telnet terminal or dumb terminal. Refer to subsequent sections 
for introduction and detailed descriptions and commands of Syslog.
Since the output of the debugging information will affect the running efficiency of 
the router, please do not turn on any debugging switches unless necessary, 
especially the 
debugging all command. After completing debugging, please turn 
off all debugging switches.
Test Tool of Network 
Connection
Ping CommandThe ping command is mainly used to check the connection of the network, i.e. 
whether the host is accessible. Ping sends Internet Control Message Packets 
(ICMP) echo packets to another computer connected on the network to see 
whether it echoes back. Ping is a useful command to test the connectivity of the 
network and details about the journey. 
Ta b l e 65   ping command
OperationCommand