![[previous]](../../../graphics/l_arrow.gif){kind=icon}
![[next]](../../../graphics/r_arrow.gif){kind=icon}
Using the RMON (Remote Monitoring) capabilities of a Switch allows network administrators to improve their efficiency and reduce the load on their network.
This chapter explains more about the RMON concept and the RMON features supported by the Switch. It covers the following topics:
You can only use the RMON features of the Switch if you have an RMON management application, such as the RMON application supplied with 3Com Transcend® Enterprise Manager software.
RMON is the common abbreviation for Remote Monitoring, a system defined by the IETF that allows you to monitor the traffic of LANs or VLANs remotely.
A typical RMON setup consists of two components:
The IETF define nine groups of Ethernet RMON statistics. This section describes these groups, and details how they can be used.
The Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts and errors on a LAN segment or VLAN.
Information from the Statistics group is used to detect changes in traffic and error patterns in critical areas of your network.
The History group provides historical views of network performance by taking periodic samples of the counters supplied by the Statistics group.
The group is useful for analyzing the traffic patterns and trends on a LAN segment or VLAN, and for establishing the normal operating parameters of your network.
The Alarms group provides a mechanism for setting thresholds and sampling intervals to generate events on any RMON variable.
Alarms are used to inform you of network performance problems and they can trigger automated responses through the Events group.
The Hosts group specifies a table of traffic and error statistics for each host (endstation) on a LAN segment or VLAN. Statistics include packets sent and received, octets sent and received, as well as broadcasts, multicasts, and error packets sent.
The group supplies a list of all hosts that have transmitted across the network. The next group, Hosts Top N, requires implementation of the Hosts group.
The Hosts Top N group extends the Hosts table by providing sorted host statistics, such as the top 20 hosts sending packets or an ordered list of all hosts according to the errors they sent over the last 24 hours.
The Matrix group shows the amount of traffic and number of errors between pairs of devices on a LAN segment or VLAN. For each pair, the Matrix group maintains counters of the number of packets, number of octets, and error packets between the hosts.
The conversation matrix helps you to examine network statistics in more detail to discover, for example, who is talking to whom or if a particular PC is producing more errors when communicating with its file server. Combined with Hosts Top N, this allows you to view the busiest hosts and their primary conversation partners.
The Events group provides you with the ability to create entries in an event log and send SNMP traps to the management workstation. Events can originate from a crossed threshold on any RMON variable. In addition to the standard five traps required by SNMP (link up, link down, warm start, cold start, and authentication failure), RMON adds two more: rising threshold and falling threshold.
Effective use of the Events group saves you time; rather than having to watch real-time graphs for important occurrences, you can depend on the Event group for notification. Through the SNMP traps, events can trigger other actions, therefore providing a way to automatically respond to certain occurrences.
Using the RMON features of your Switch has three main advantages:
Using RMON probes allows you to remain at one workstation and collect information from widely dispersed LAN segments or VLANs. This means that the time taken to reach a problem site, set up equipment, and begin collecting information is largely eliminated.
If they are configured correctly, RMON probes deliver information before problems occur. This means that you can take action before they affect users. In addition, probes record the behavior of your network, so that you can analyze the causes of problems.
Traditional network management involves a management workstation polling network devices at regular intervals to gather statistics and identify problems or trends. As network sizes and traffic levels grow, this approach places a strain on the management workstation and also generates large amounts of traffic.
An RMON probe, however, autonomously looks at the network on behalf of the management workstation without affecting the characteristics and performance of the network. The probe reports by exception, which means that it only informs the management workstation when the network has entered an abnormal state.
Your Switch contains an RMON probe in its management software. Table 10 details the RMON support provided by this probe.
When using the RMON features of the Switch, you should note the following:
You can define up to 200 alarms for the Switch. The events that you can define for each alarm are shown in Table 11.
A new or initialized Switch has two alarms defined for each port:
The default values and actions for each of these alarms are given in Table 12.
The Switch keeps an audit log of all management user sessions, providing a record of a variety of changes, including ones relating to RMON. The log can only be read by users at the security access level using an SNMP Network Management application.
Each entry in the log contains information in the following order:
There is a limit of 16 records on the number of changes stored. The oldest records are overwritten first.