SwitchProbe devices are equipped with a variety of advanced features that are described briefly in the following list. Detailed descriptions of each features are included later in this chapter.

Serial Line Internet Protocol (SLIP) Support—Provides out-of-band communication between the agent and the management software through the Remote serial port.

Modem Support—Allows the agent to dial and communicate through a modem attached to the remote serial port.

Security Options—Provide a significantly improved level of security for access and control of the agent.

Static Routes—Enable establishment of semipermanent static routes between the agent and management stations.

Private Routes—Enable establishment of permanent private routes between the agent and management stations.

SLIP Routing—Enables the SwitchProbe device to route IP traffic between the SLIP interface and the primary LAN interface.

Expert Data Reduction—Allows you to create IP filters that determine whether to include or exclude packets for statistics collection.

SNMP Traps—Allows you to configure the SwitchProbe device to send SNMP traps to specific ports and destination addresses.

Cisco Discovery Protocol (CDP)—Allows network management applications to automatically discover and learn certain configuration information about network devices that support CDP protocol. The CDP function is supported on Ethernet SwitchProbe devices.

FASTMIB Feature for Fast Ethernet and FDDI SwitchProbe Devices—Improves the tracking of RMON1 statistics at the first indication of dropped packets.

Locally Administered Address—Allows you to define the agent MAC address in a Token Ring environment.

Roving—Directs full RMON analysis on specific switch ports and other network device ports on demand.

Serial Line Internet Protocol Support

All SwitchProbe models support out-of-band communications through the serial port labeled Remote using Serial Line Internet Protocol (SLIP). You can use the SLIP connection as a secondary connection through which you can access all network statistics. Normally, the SLIP link is used as a backup link when the network is not operational or the agent is not accessible.

The SLIP function in the SwitchProbe device has these other features:

Provides SNMP communication over a serial link.

Forwards trap packets from a LAN to the SLIP port. When you use a modem, you can configure the agent to dial the remote node to forward the trap packet. To configure a modem, see "Modem Configuration Tutorial."
Routes IP packets between the SLIP port and the primary LAN interface.

The serial connection can be direct through EIA/TIA-232, or over telephone lines using dial-up modems. Communications over the serial line are the same as over the LAN, except the serial line packets are encapsulated using the SLIP protocol, as specified in RFC 1055.

SLIP Address Selection

The SwitchProbe agent uses a standard IP routing algorithm to route packets to different interfaces. You should configure the agent using an IP address that is not on the same subnet as the LAN IP address. The IP addresses that appear on the SLIP interface should be in a different subnet than the LAN interface; otherwise, the agent will not be able to route the packets correctly.

SLIP Configuration Overview

To configure the SLIP interface, you must use the console or the TrafficDirector Remote Login application.

To configure the SLIP interface, follow these steps:

Step 1 Connect to the agent using the console port or the TrafficDirector Remote Login application.

Step 2 Select the SLIP interface.

Step 3 Configure the following elements:

IP address
Subnet mask
Gateway address
Interface speed.

Step 4 Reselect the LAN management interface.

Step 5 Configure the IP stack on the management station to use SLIP.

Step 6 Create a new agent using the Remote Login application with the new IP address and interface used by the SLIP port.

This tutorial shows the steps you must follow to configure the agent to use the SLIP port. To configure the TrafficDirector application to access the agent through the SLIP port, see the Using the Campus TrafficDirector Application publication. Consult your TCP/IP software documentation for information about configuring your IP stack for SLIP.

Step 1 Connect to the agent using the Console or the TrafficDirector Remote Login application.

After connecting to the agent, the following configuration menu is displayed:

***** SwitchProbe Ethernet Rev 4.5 ***** 
 
Interface number :1
 
[1]  Change IP Address              204.240.143.103
[2]  Change Net Mask                255.255.255.0
[3]  Change Default Gateway Address 204.204.143.1
[4]  Change Read Community          public
[5]  Change Write Community         public
 
[8]  Select Interface               ETHERNET
[9]  Change Server Address          204.240.143.12
[10] Upgrade Software
[11] Enter Command-line mode
[12] Reset Agent
[31] Go top Next Page
 
Enter your response or Enter "exit" to logout

Step 2 Change the selected interface.

You must select the serial interface before you can configure it. The selected interface is shown across from menu item 8. In this example, the selected interface is Ethernet.

Change the selected interface by entering 8 and pressing Enter.

Selection# 8

 
Select the interface:
 
[1] ETHERNET                  MODE = MANAGE + MONITOR
[2] SERIAL                    MODE = MANAGE
[3] ETHERNET                  MODE = MONITOR
 
New interface [1] :

Step 3 Select the item that corresponds to the serial interface.

In this example, enter 2 and press Enter to select the serial interface. The configuration menu reflects the serial interface settings.

New interface : 2

 
***** SwitchProbe Ethernet Rev 4.5 *****
 
[1]  Change IP Address              Not configured
[2]  Change Net Mask                Not configured
[3]  Change Default Gateway Address 204.240.143.87
[4]  Change Read Community          public
[5]  Change Write Community         public
[6]  Change Interface Speed         9600
 
[8]  Select Interface               SERIAL
[9]  Change Server Address          204.240.143.12
[10] Upgrade Software
[11] Enter Command-line mode
[12] Reset Agent
 
[31] Go to Next Page
 
Enter your response or Enter "exit" to logout
 
Selection#:

Step 4 Change the IP address of the agent by entering 1 and pressing Enter.

Step 5 You are prompted to enter the new address.

Enter the address and press Enter.

The following example illustrates changing the IP address to 78.20.1.1:

Selection#: 1

New IP Address [0.0.0.0] : 78.20.1.1 
Warning: Net mask changed to conform to ip_addr

Note

Step 6 Change the agent's subnet mask by entering 2 and pressing Enter.

Step 7 You are prompted for the new subnet mask.

Enter the new subnet mask and press Enter.

The following example illustrates changing the subnet mask to 255.255.252.0:

Selection#: 2

New Net Mask Address [0.0.0.0] : 255.255.252.0

Step 8 Change the default gateway address of the agent by entering 3 and pressing Enter.

Step 9 You are prompted for the new address.

Enter the new gateway address and press Enter.

The following example illustrates changing the default gateway address to 78.20.0.94:

Selection#: 3

New Default Gateway Address [204.240.143.87] : 78.20.0.94

Step 10 Set the speed of the serial interface by entering 6 and pressing Enter.

Step 11 Enter the desired speed (in bits per second).

The following example illustrates changing the interface speed to 19.2 kbps:

Selection#: 6

Enter Baud Rate <1200, 2400, 4800, 9600,19200, 38400, 56000, 
11520>
New Interface Speed [9600] : 19200

 
***** SwitchProbe Token Ring Rev 4.5 ***** 
 
Interface number :2
 
[1]  Change IP Address              78.20.1.1
[2]  Change Net Mask                255.255.252.0
[3]  Change Default Gateway Address 78.20.0.94
[4]  Change Read Community          public
[5]  Change Write Community         public
[6]  Change Interface Speed         19200
 
[8]  Select Interface               Token Ring
[9]  Change Server Address          204.240.143.12
[10] Upgrade Software
[11] Enter Command-line mode
[12] Reset Agent
 
Enter your response or Enter "exit" to logout
 
Selection#:

Step 12 Select the item that corresponds to the Ethernet interface by entering 1 and pressing Enter.

The configuration menu is displayed:

New interface [1] : 1

 
***** SwitchProbe Ethernet Rev 4.5 ***** 
 
[1]  Change IP Address               45.20.1.2
[2]  Change Net Mask                 255.255.252.0
[3]  Change Default Gateway Address  45.20.0.94
[4]  Change Read Community           public
[5]  Change Write Community          public
 
[8]  Select Interface                ETHERNET
[9]  Change Server Address           204.240.143.7
[10] Upgrade Software
[11] Enter Command-line mode
[12] Reset Agent
 
Enter your response or Enter "exit" to logout
 
Selection#:

Step 13 Reset the SwitchProbe agent.

For more information about resetting the SwitchProbe agent, see "Resetting a SwitchProbe Device Agent" in "Configuration."

Modem Support

Before the SwitchProbe agent can use a modem through the Remote serial port, SLIP must be configured correctly. The agent supports Hayes-compatible modems connected to the Remote serial port for SLIP connections with remote management stations.

Modem Configuration Commands

You configure the modem through the agent console using command-line mode. For more information about command-line mode, see ""Command-Line Mode."

To access command-line mode, follow these steps:

Step 1 Connect to the agent through the console or through the TrafficDirector Remote Login application.

Step 2 Enter 11 to access the command-line mode and press Enter.

Selection#: 11

Enter "quit" to exit the command-line mode.
%

The object name for modem options is modem. To get help on modem options, use the
help modem command, as shown in the following example:

% help modem 
Command to display or change modem data:
set modem var value
get modem var
var:
init_string          hangup_string         connect_string
noconnect_string     phone_number1         phone_number2
connect_protocol     connect_time          connect_retry
disconnect_time
do modem connect

To display all modem parameters, use the get modem command, as shown in the following example:

% get modem

init_string	            AT S0=1 Q0 S10=20^M
hangup_string	          ^2+++^2ATH0^M 
connect_string	         #CONNECT#CONNECT 9600#
noconnect_string	       BUSY#NO CARRIER#NODIALTONE#NOANSWER#
phone_number1	
phone_number2	
cp<connect_protocol>	
connect_time	           30
connect_retry	          10
disconnect_time	        30
mode                    2
status                  0

To display the contents of a specific modem control string, use the get command with the modem object and the name of the control string, as shown in the following example

% get modem connect_time

10

The following example sets the modem connect time to 20:

% set modem connect_time 20

 
% get modem connect_time

20

Modem Control Strings

Modem control strings are ASCII strings used to initialize and communicate with the modem.

You should enclose all strings containing blank spaces in quotes. All modem control strings are limited to 40 characters. If you use more characters than the maximum allowed, the string is not accepted.

You can embed control characters such as carriage-returns in the strings by preceding the control character with a ^ character. For example, to embed a carriage-return (Ctrl-M), enter ^M.

The strings can also contain the following special control characters:

^digit 1 through 9—Delay 1 to 9 seconds.
^s—Send the string.
^w—Wait for the string.

You can use the # character as a delimiter for strings.

Control String Definitions

Modem control strings are defined in the following section. For an example of the modem control string, see "Modem Configuration Tutorial." The modem control strings are described briefly in the following list:

init_string—An initialization string used for the modem; sent when the modem is first initialized and controls the general operation of the modem.

hangup_string—This string is sent to the modem if a connection is made and the agent must disconnect.

connect_string—Used by the agent to compare text received from the modem. A match indicates a connection was made.

noconnect_string—Used by the agent to compare text received from the modem. A match indicates a connection was not made.

phone_number1—Sent to the modem to instruct the modem to dial out to make a connection. This string should include the dial command and the telephone number. This is the primary telephone number.

phone_number2—A secondary dialing string used by the agent if the primary telephone connection (phone_number1) fails. The primary telephone number is retried for a number of times specified by the connect_retry string before this string is used.

connect_protocol—Used by the agent to connect to the network after the modem has established a connection. This string handles the login name and password.

connect_time—After the agent dials a number, it waits for connect_time (in seconds) for a connection before it retries the number. The default value is 30.

connect_retry—The agent retries the primary telephone number (phone_number1) for this many times before it switches to the secondary telephone number (phone_number2). The default value is 10.

disconnect_time—The agent, after making a connection, disconnects if no data is sent by the agent for the number of seconds equal to disconnect_time. The default value is 30.

Modem Log

To aid in debugging, all messages to and from the modem can be logged to the event log. This can be enabled and disabled through the agent_options object.

% get agent_options 

router_discovery      on
router_enable         off
modem_log             off
slip_ip               off
packet_capture        on
traffic_generator     off
discover_wanspeed     off

The following example shows how to turn on the modem log:

%

set agent_options modem_log on

The following example shows how to turn off the modem log:

% set agent_options modem_log off

The following example shows how to view the event log:

%

get eventlog

M odem Configuration Tutorial

This tutorial illustrates the modem configuration process. Any entries you make for modem configuration take effect immediately without rebooting the agent.

While the modem commands in this example are intended to work on almost any Hayes-compatible modem, each modem is different. Consult your modem documentation for the correct commands. The initialization string is especially dependent on the specific modem type.

To configure the modem through the agent console using the command-line mode, see "Command-Line Mode."

Step 1 Access command-line mode by connecting to the agent through the console or through the TrafficDirector Remote Login application.

Step 2 Enter 11 to access command-line mode and press Enter:

Selection#: 11

Enter "quit" to exit the command-line mode.
%

Step 3 Use the get modem command to review the existing configuration:

% get modem

init_string           AT S0=1 Q0 S10=20^M
hangup_string         2+++^2ATH0^M 
connect_string        #CONNECT#CONNECT 9600#
noconnect_string      BUSY#NO CARRIER#NODIALTONE#NOANSWER#
phone_number1	
phone_number2	
cp<connect_protocol	
connect_time          30
connect_retry         10
disconnect_time       30

Step 4 Enter the modem initialization string "AT S0=1^M".

% set modem init_string "AT S0=1^M"

Note

end of the string. This is very important. If you forget to use this string, the command is not processed. This string is automatically sent to the modem when the agent is booted.

The agent interprets the string as:

Send the string AT S0=1 to the modem to instruct it to answer incoming calls on the first ring.
Send a carriage-return (Ctrl-M).

Step 5 Set the modem hangup string to "^2+++^2ATH0^M".

% set modem hangup_string ^2+++^2ATH0^M

The agent interprets the string as:

Delay 2 seconds.
Send the string +++ to switch the modem from data mode to command mode
Delay 2 seconds.
Send the string ATH0 so the modem hangs up.
Send a carriage-return (Ctrl-M).

Step 6 Set the modem connect string to match the message your modem sends when it makes a connection.

In this example, assume the message is CONNECT or CONNECT 14000. See your modem reference manual for the exact string used by your modem.

% set modem connect_string "#CONNECT#CONNECT 14000#"

The pound sign (#) is a string separator. The agent assumes that a connection is made if it receives either of the strings delimited by the # character.

Step 7 Set the modem noconnect string to match the message your modem sends when it fails to make a connection.

In this example, assume the message is BUSY or NO CARRIER, or NO DIALTONE or NO ANSWER. See your modem reference manual for the exact string used by your modem.

% set modem noconnect_string "#BUSY#NO CARRIER#NO DIALTONE#NO 
ANSWER#"

The syntax is the same as the connect string.

Note

does not work if entered as shown.

Step 8 Set the modem primary phone number to dial 1-555-123-4567.

% set modem phone_number1 ATDT15551234567^M

You must precede all modem commands with AT, and use the D commands to make the modem dial, and T to indicate touch-tone dialing (instead of pulse).

Step 9 Set the modem connect protocol as follows:

% set modem connect_protocol 
^2^s^M^wlogin:^smikec^M^wpassword:^ssecretword^M

Note

does not work if entered as shown.

The agent interprets the string as:

After the connection is made, wait for 2 seconds—^2
Send carriage return to the remote terminal—^s^M
Wait for the login prompt—^wlogin:
Send mikec followed by carriage return—^smikec^M
Wait for the password prompt—^wpassword:
Send secretword followed by carriage return—^ssecretword^M

If modem protocol and security support is not needed, set the connect_protocol string to empty:

% set modem connect_protocol ""

The agent waits for the connection to be established for a maximum of connect_time.

Step 10 Set the connect_time to 30 seconds.

% set modem connect_time 30

The agent retries a number for a maximum of connect_retry times.

Step 11 Set the connect_retry string to 5 times.

% set modem connect_retry 5

Step 12 Set the modem secondary phone number to dial 1-555-123-1111.

After the agent has failed to make a connection after connect_retry attempts, it tries to use the secondary phone number.

% set modem phone_number2 ATDT15551231111^M

You must precede all modem commands with AT, and use the D commands to make the modem dial, and T to indicate touch-tone dialing (instead of pulse).

After the connection is made by the agent, if data is not sent for more than disconnect_time, then the agent disconnects the connection.

Step 13 Set the disconnect_time string to 30 seconds.

% set modem disconnect_time 30

Security Options

When you select Security Options from the Agent Configuration Utility main menu, four options appear in a sub-menu. These options allow you to configure security-related functions in the SwitchProbe device:

Change admin_password—All SwitchProbe devices are shipped with no admin password. By default, you do not need to enter a password to access the Agent Configuration Utility on a local console to view the utility's settings and enter new values in the utility's settings.

: This option allows you to establish or modify a password required to access the Agent Configuration Utility on a local console or using the TrafficDirector Remote Login application to view the utility's settings and enter new values.

Change user_password—All SwitchProbe devices are shipped with no user password. By default, you do not need to enter a password to access the Agent Configuration Utility on a local console to view the utility's settings.

: This option allows you to establish or modify a password that will be required to access the Agent Configuration Utility on a local console or using the TrafficDirector Remote Login application to view the utility's settings.

Change capture slice size—All SwitchProbe devices are shipped with a default capture slice size of 4096.

: Because some packet data might be sensitive in nature, this option allows you to modify the buffer size of each packet.

Toggle data capture—All SwitchProbe devices are shipped with this option turned on. By default, each SwitchProbe device can capture each packet that the device sees on any attached segment.

: Because some packet data might be sensitive in nature, this option allows you to disable the data capture ability.
: This option can be toggled off (disable data capture) using the TrafficDirector Remote application or from a local console. As an added security feature, after this option is toggled to off, it can only be toggled on from the local console.

Data Capture

Data Capture enables a SwitchProbe device to collect selected packets for later decoding and analysis. You can use the TrafficDirector Protocol Decode application to upload them to the client software for seven-layer protocol analysis.

By default, packet capture is enabled in a SwitchProbe device. After packet capture functionality is disabled in an agent, you can only enable it from the local console.

To toggle packet capture functionality on or off, follow these steps:

Step 1 Access the Agent Configuration Utility.

Step 2 Enter 8 and press Enter.

Step 3 Enter 31 and press Enter to go to the next page.

Step 4 Enter 22 and press Enter.

Step 5 Enter 8 and press Enter.

Step 6 Enter 11 to return to the main menu.

Console Logout

This function is a security feature designed to secure an unattended password-protected SwitchProbe device.

If a user or admin password has been assigned to the SwitchProbe device, the Console Logout function will immediately end your Agent Configuration Utility session and display a prompt to enter a user or admin password. This function is useful for authorized users (using a password) of a SwitchProbe device to temporarily log out of the SwitchProbe device without exposing the SwitchProbe device to unauthorized use.

If a user or admin password has not been assigned to the SwitchProbe device, the Console Logout function performs no useful task, but redisplays the current screen.

Access List Security

All SwitchProbe models support the SNMP community mechanism for security. Stations attempting to access the SwitchProbe device must know the read community name to have read access, and must know the write community name to have write access.

All SwitchProbe models also support an access list that controls which IP address groups are allowed access, and what level of access they have. The access list allows four different groups of access; you can assign each group a different access level.

Access Levels

The access levels are shown in Table 10-1. When an address matches more than one group in the access list and qualifies for rights at more than one level, the access level with the highest priority number is granted.

Table 10-1: A ccess Priorities, Levels, and Rights

Priority	Level	Rights
4	rw	Read and write access is allowed.
3	ro	Read only. No writes allowed. Cannot use Remote Login.
2	pw	Partial write only. No writes allowed. Cannot use Remote Login. Can access Resource Manager. No data capture.
1	no	No access allowed.

Note If a management station running the TrafficDirector application has partial write or read-only access to a SwitchProbe device, it can only run the TrafficDirector Traffic Monitor or Protocol Monitor applications if the dvinst.cfg file is modified so it does not try to write to the SwitchProbe device. For more information, see the Using the Campus TrafficDirector Application publication.

Address Groups

You can define a maximum of four different groups and access each group with a different access group. An address group can be an individual IP address or a group of addresses, defined by the network address and network mask:

Network address—IP or network or subnet address of all nodes allowed to access the agent.
Network mask—Mask for the network address, network, or subnet address. The mask field is used to distinguish what type of address is specified in the IP network address field. For a single IP address, the mask is 255.255.255.255.

When an SNMP request is received from a node, its source IP address is logically ANDed with the mask. The result of the logical AND is compared with the network address field.

If the comparison is successful, that group's access level is granted to that node. However, the node can match multiple entries in the access list. When a node matches multiple access levels, the access level with the highest priority is used.

Use the following guidelines for specifying masks:

To allow access to a particular node, use the mask 255.255.255.255.
To allow access to an entire subnet, use the subnet mask for that subnet as the mask.
To allow access to all nodes, use network address 0.0.0.0 and mask 0.0.0.0.

Configuring Access List Security

To configure Access List Security, follow these steps:

Step 1 Access command-line mode through the agent console, or by first connecting to the agent through the console or through the TrafficDirector Remote Login application.

Step 2 Enter item 11 and press Enter:

Selection#: 11

Enter "quit" to exit the command-line mode.
%

Step 3 To display instructions for displaying and changing the SNMP access list, use the help access_list command and press Enter:

% help access_list 
Command to display or change SNMP access list: 
get access_list
set access_list entry# address mask level
entry#         -> the entry number in the access list
address        -> IP/NET address
mask           -> mask for IP/NET address
level          -> level of access allowed [no, rw, pw, ro]
set access_list entry# level
clear access_list

Step 4 Use the get command to view the current access list.

When the SwitchProbe device is manufactured, all entries in the table have no access, and the access list security feature is disabled:

% get access_list

 
Entry    IP/NET Addr    Mask       Level
[1]      0.0.0.0        0.0.0.0     no
[2]      0.0.0.0        0.0.0.0     no
[3]      0.0.0.0        0.0.0.0     no
[4]      0.0.0.0        0.0.0.0     no

Step 5 Use the set command to change the access list.

The command must specify the access_list object, the entry number, the network address, the mask, and the access level.

Note When setting an entry in the access_list, the first entry should always be with read/write (rw) access. When deleting an entry from the list, you should leave at least one entry with rw access.

Note Any

changes to the access_list are effective immediately. Use care when changing the access level using the TrafficDirector

Remote Login feature. If you change the access level of the node used for Remote Login, the communication might be terminated as soon as you enter the command.

The following example grants read and write access to one specific node with the address 45.20.0.5. All other nodes have no access.

% set access_list 1 45.20.0.5 255.255.255.255 rw

% get access_list

 
Entry       IP/NET Addr    Mask             Level
[1]         45.20.0.5      255.255.255.255  rw
[2]         0.0.0.0        0.0.0.0          no
[3]         0.0.0.0        0.0.0.0          no
[4]         0.0.0.0        0.0.0.0          no

Disabling Access List Security

Your SwitchProbe device is shipped with the Access List Security feature disabled by default. All entries in the table have no access and the SNMP security feature is disabled.

To clear the access list, use the following command:

% clear access_list

You can also create an entry in the table with an IP network address of 0.0.0.0, a mask of 0.0.0.0, and the level as rw, allowing all nodes to read/write to the agent:

%

set access_list 1 0.0.0.0 0.0.0.0 rw

Access List Examples

Access list examples are shown in Table 10-2 and Table 10-3.

Table 10-2: Examples of Incorrectly Configured Access Lists

IP Network Address	Mask	Level	Comments
45.96.20.0	255.255.255.0	rw	All nodes on this subnet allow read and write access. This rw overrides the pw access granted for the larger subnet (Entry 3).
45.96.20.100	255.255.255.255	no	Because this node is part of the subnet in Entry 1 and rw overrides no, this node would be granted read and write access.
45.96.0.0	255.255.0.0	pw	All nodes on this subnet allow only partial-write access, which is read-only plus access to Resource Manager.

Table 10-3: Examples of Correctly Configured Access Lists

IP Network Address	Mask	Level	Comments
45.96.35.100	255.255.255.255	rw	This node allows read and write access.
45.96.20.0	255.255.0.0	ro	All nodes on subnet 45.96.20.0 allow read access only.
0.0.0.0	0.0.0.0	pw	All nodes allow partial-write access only.

Static Routes

SwitchProbe devices support the addition of static routes through the local or remote console. A static route is volatile and is deleted when the device is power-cycled.

Static routes are configured through the agent console using the command-line mode. For more information on command-line mode, see "Command-Line Mode." You can access command-line mode by first connecting to the agent through the console or through the TrafficDirector Remote Login application.

Enter 11 and press Enter.

Selection#: 11

Enter "quit" to exit the command-line mode.
%

In command-line mode, enter the help route command and press Enter to display a complete set of the routing commands:

% help route 
Commands to display or change agent routes:
get route
set route net mask gateway metric
net -> NET/IP address
mask-> mask for NET/IP address
gateway -> gateway for NET/IP address
clear route net mask

The following command is used with the route object to display the current routing table for the agent:

% get route

NET             MASK             GATEWAY         METRIC INTF  TTL   REFS  USE
127.0.0.1       255.255.255.255  127.0.0.1       0      0     999   1     0
172.20.57.255   255.255.255.255  172.20.57.219   0      0     999   1     6200
172.20.57.192   255.255.255.255  172.20.57.219   0      0     999   1     0
172.20.57.219   255.255.255.255  172.20.57.219   0      0     999   1     4294
172.20.0.0      255.255.255.255  72.20.57.219    0      0     999   1     0
172.20.57.192   255.255.255.192  172.20.57.219   0      1     999   1     122
0.0.0.0         0.0.0.0          172.20.57.193   15     1     999   1     11806

The following command sets a static route for all communication with the NET 45.20.0.X to be directed to the gateway 192.10.10.20:

% set route 45.20.0.0 255.255.252.0 192.10.10.20

The following command sets a static route for all communication with the IP address 45.20.0.5 to be directed to the gateway 192.10.10.20:

% set route 45.20.0.5 255.255.255.255 192.10.10.20

The following command deletes the previous static route:

% clear route 45.20.0.0 255.255.252.0

Private Routes

You can configure SwitchProbe devices to have private routes that are stored in NVRAM and configured in the agent route table at boot time. NVRAM can hold four private routes, each containing three fields—IP/Subnet address, mask for the IP/Subnet address, and gateway for the route.

Note All private route changes take effect when the device is booted.

You configure private routes through the agent console using command-line mode. For more information about command-line mode, see "Command-Line Mode."

You access command-line mode by connecting to the agent through the console or through the TrafficDirector Remote Login application.

Enter 11 and press Enter.

Selection#: 11

Enter "quit" to exit the command-line mode.
%

Use the help proute command to display a complete set of the private route commands:

% help proute

Command to display or change agent private routes:
get proute
set proute entry# net mask gateway metric
        entry#  -> entry number in the route table
        net     -> NET/IP address
        mask    -> mask for NET/IP address
        gateway -> gateway for NET/IP address
        metric  -> metric for route - default=0
set proute entry# no
clear proute

Use the get proute command to display the current private route table:

% get proute

Entry  IP/NET Addr        Mask               Gateway            Metric
[1]    Not configured
[2]    Not configured
[3]    Not configured
[4]    Not configured

Use the set proute command with the entry number, network address, mask, and gateway to change the private route table. In the following example, all packets destined for IP subnet 45.20.0.0 are sent to 192.10.10.20:

% set proute 1 45.20.0.0 255.255.0.0 192.10.10.20

% get proute

 
Entry  IP/NET Addr     Mask             Gateway            
[1]    45.20.0.0       255.255.0.0      192.10.10.20
[2]    Not configured
[3]    Not configured
[4]    Not configured

To invalidate a private route entry, use the set proute command followed by the entry number and the parameter no. The following example invalidates private route entry 1:

% set proute 1 no

% get proute

Entry  IP/NET Addr        Mask               Gateway      
[1]    Not configured
[2]    Not configured
[3]    Not configured
[4]    Not configured

To clear all private route entries, use the clear proute command:

% clear proute

SLIP Routing

A SLIP mini-routing feature is supported in all SwitchProbe devices. This feature allows trap messages from the network to be forwarded to remote management locations through the SLIP interface. It allows access to the network through the SLIP port for telnet and other IP-based activities. This feature be useful if the network segment is otherwise inaccessible.

Note The mini-routing feature is normally disabled.

The primary interface (for example, interface 1) has a secondary IP address used to make the agent act as a pseudo-IP router and for routing. If the mini-routing option is enabled, the agent routes all IP packets from the SLIP port to the LAN, and vice versa.

For packets coming from the SLIP interface not destined for this agent, but for another node on the network, the agent replaces the source IP address with the pseudo-IP address and recalculates the checksums before sending the packet across the LAN port.

The same process is followed for packets arriving on the LAN port that are destined for the pseudo-IP address. These packets are trapped and sent to the SLIP port using the SLIP port IP address as the source IP address. The checksum is recalculated before transmitting the packets on the SLIP port. All IP packets are supported for this pseudo-router.

The pseudo-routing function works only on IP packets; all other packets are not affected. When the IP packet reaches the SwitchProbe device, the firmware forwards it to the IP task. The IP task checks if the packet is intended for itself. If it is not intended for itself, and if the SLIP route option has been enabled, the IP packet is transmitted on the LAN interface after substituting the source IP address with the secondary IP address.

SLIP Routing Configuration

You enable and disable SLIP routing using the agent console in command line mode. For more information about command-line mode, see "Command-Line Mode."

You can access command-line mode by connecting to the agent through the console or through the TrafficDirector Remote Login application. Enter 11 and press Enter:

Selection#: 11

Enter "quit" to exit the command-line mode.
%

SLIP routing is controlled by the slip_ip option in the agent_options object. To view the current setting, use the following command:

% get agent_options

 
options = 0x33
router_discovery      on
router_enable         off
modem_log             off
slip_ip               off
discover_wanspeed     off
real_iftype           off

To enable SLIP routing, use the following command:

% set agent_options slip_ip on

Creating IP Filters for Expert Data Reduction

You can create and download IP filters to SwitchProbe devices that determine whether to include or exclude packets from particular IP addresses. You can configure your SwitchProbe device to collect only packets from those hosts you want to monitor, eliminating unwanted hosts and conversations. To do so, you must provide the SwitchProbe device with the network address and mask of the hosts you want to include or exclude. There are two ways to provide the SwitchProbe device with this IP filter information:

Download the information using the TrafficDirector dvftp utility.

Pass the information directly to IP-DATAFILTER using the set command.

Downloading IP Filter Information Using dvftp

You download the required IP filter information by specifying the information in a text file, then passing the file as a parameter to the dvftp utility. This text file consists of lines in the following format:

ip_address             mask                      I/E

For example:

204.240.143.127     255.255.0.0    I
10.20.10.23         255.255.255.0  E

In this example, the SwitchProbe device includes (I) for collecting all packets from host 204.240.x.x, and excludes (E) all packets from host 10.20.10.x.

Use the following command to run the dvftp utility:

dvftp agentname filename IP-DATAFILTER

agentname—The name defined for the agent when adding it to the client software. The dvftp utility downloads the DLCI information to the interface number you specified when you added the agent to the TrafficDirector application.

filename—The text file containing the IP filter information. If you do not specify a path, dvftp searches for the file in the $NSHOME/usr directory.

IP-DATAFILTER—The file type.

If you are using the TrafficDirector application on a UNIX platform, run the dvftp utility directly from $NSHOME/bin; if you are running the TrafficDirector application on a Windows NT platform, enter the command from the TrafficDirector shell. If you do not include a path as part of filename, the path defaults to $NSHOME/usr.

Note The dvftp utility downloads the IP-DATAFILTER information to the interface specified for the agent name defined in the file $NSHOME/usr/agent.lst. To ensure that the utility downloads the IP-DATAFILTER information to the correct interface, verify that the agent has been added to the TrafficDirector application and that the correct interface is specified as the interface number.

To provide the SwitchProbe device with IP filter information using the dvftp utility, follow these steps:

Step 1 Verify that you have added the agent to the TrafficDirector application and specified the monitor interface.

Note

Step 2 Create a text file containing the IP filter information for the hosts you want to include or exclude. (You can save this file under a name you choose.)

Step 3 Enter the following command to run the dvftp utility:

% dvftp agentname filename IP-DATAFILTER

Setting IP-DATAFILTER from Command-Line Mode

As an alternative to using the dvftp utility for IP filter configuration, you can directly set the contents of the IP-DATAFILTER object from the command line. To do so, follow these steps:

Step 1 Access the Agent Configuration Utility.

Step 2 Enter 11 to access command-line mode and press Enter.

Step 3 Enter the following command:

% set data IP-DATAFILTER interface "ip_address mask 
I/E"

For example, the following command configures interface 3 to exclude for collection all packets from host 10.20.10.x. You use the get command to check the IP-DATAFILTER information:

% set data IP-DATAFILTER 3 "10.20.10.40 255.255.255.0 E"

 
% get date IP-DATAFILTER

 
ip addr        mask             interface       I/E
10.20.10.48    255.255.255.0    3               E

C onfiguring SNMP Trap Ports and Destinations

SwitchProbe devices generate SNMP traps as a result of alarm thresholds being crossed or changes in PVC status. You configure both the port(s) and destination addresses you need for SNMP traps.

Specify the port you want the agent to send traps to using the command-line object trap_port.

Specify the hosts to which you want the agent to send traps by maintaining the trap destination table using the TrafficDirector dvadmin utility.

Specifying Trap Ports

By default, all SNMP traps that the SwitchProbe device generates are sent to the TrafficDirector application at port 395. You can also configure the device to send traps to port 162, or to both ports.

The trap_port object contains the number of the port to which the SwitchProbe device sends SNMP traps. This object can contain the following values:

395 (default)
162
Both 395 and 162

To specify the ports to which you want the SwitchProbe device to send all SNMP traps, follow these steps:

Step 1 Access the Agent Configuration Utility.

Step 2 Enter 11 to access command-line mode and press Enter.

Step 3 Do one of the following:

To direct all traps to port 162, use the following command:

: set trap_port 162

To direct all traps to port 395, use the following command:

: set trap_port 395

To direct all traps to both port 395 and port 162, use the following command:

: set trap_port 162 395

Note Use the TrafficDirector

dvadmin utility to maintain the agent's trap destination table and specify IP addresses to which you want the SwitchProbe device to send SNMP traps. For more information about the dvadmin utility, see the Using the Campus TrafficDirector Application publication.

Cisco Discovery Protocol

The Cisco Discovery Protocol (CDP) function is supported on Ethernet, ATM, Multiport Fast Ethernet, Fast EtherChannel, and Multiport T1/E1 WAN SwitchProbe devices.

CDP allows Cisco Systems' network management applications to automatically discover and learn certain configuration information about network devices that support the CDP protocol.

To provide this functionality, periodic CDP messages are sent from the SwitchProbe device to allow Cisco's network management applications to discover the device. These CDP messages are sent out only on the manage interface, although the CDP messages can be seen by all monitor interfaces. After a SwitchProbe device has been discovered, it can be polled by Cisco Network Management Applications to gather specific configuration information for that device.

FASTMIB Feature—Fast Ethernet and FDDI

All Fast Ethernet and FDDI agents include a FASTMIB feature that allows you to configure the device to improve the tracking of RMON1 statistics at the first indication of dropped packets.

When you enable the FASTMIB feature and the device starts dropping packets, it indicates that greater emphasis is placed on tracking RMON1 statistics than RMON2 statistics. As a result, the device can continue tracking MAC-layer statistics during periods of extremely heavy use.
When you disable the FASTMIB feature and the device starts dropping packets, it indicates that less emphasis is placed on tracking RMON1 statistics. The FASTMIB feature is enabled by default.

To change the FASTMIB feature, follow these steps:

Step 1 Access the Agent Configuration Utility.

Step 2 Enter 11 to access command-line mode and press Enter.

Step 3 Use the get agent_options fastmib command to check the current status of the FASTMIB feature.

Step 4 Enable or disable this feature as follows:

To enable the FASTMIB feature, use the set agent_options fastmib on command.
To disable the FASTMIB feature, use the set agent_options fastmib off command.

Locally Administered Address—Token Ring

The setting of a locally administered address is a feature available on a Token Ring interface only. To identify the location of the SwitchProbe device, you can assign a locally administered address (LAA) that changes the MAC address of the Token Ring interface. You configure the LAA using command-line mode on the agent console.

To configure the LAA, follow these steps:

Step 1 Access the Agent Configuration Utility main menu.

Step 2 Enter 11 to access command-line mode and press Enter.

Step 3 Enter the following command:

set mac_addr <local area address>

<local area address> is a new MAC address you want to assign to the Token Ring interface.

For example:

set mac_addr 00-80-8C-01-00-42.

Step 4 Enter quit and press Enter to return to the Agent Configuration Utility main menu.

The Agent Configuration Utility main menu is displayed again. The new values will not take effect until you reset the SwitchProbe's agent. To reset the SwitchProbe's agent, see "Resetting a SwitchProbe Device Agent" in "Configuration."

Note

local MAC address to 00-00-00-00-00-00.

Roving for Full RMON Analysis

You can set up the SwitchProbe device as a roving agent to achieve full RMON analysis on a specific switch port or other network device port on demand.

Roving is used in conjunction with mini-RMON. For example, you can set up an external proxy agent to provide continuous mini-RMON support for all ports, then use the same agent as a roving agent to achieve full RMON analysis on a particular port on demand.

Although you can use a single SwitchProbe model as a proxy RMON agent and a roving agent, they are two separate features—both are dependent on the device being monitored. For example, a network device might support proxy RMON but not roving.

To monitor a network device (such as a switch) with a roving agent, the device must support roving. A device supports roving when it meets the following two requirements:

There is an analyzer port, or a port that is not transmitting network traffic that you can designate as an analyzer port.

The device supports mirroring, which is the ability to direct a copy of traffic from a monitor port to an analyzer port where the roving SwitchProbe device can view that traffic.

Making the Roving Connection

Roving RMON involves a physical connection between the SwitchProbe device and the switch. Typical roving RMON configuration for a switch includes using one or more switch ports as a monitor port and one switch port as an analyzer port. The monitor port is the port on which you want to examine traffic; the analyzer port is the port where an external SwitchProbe device connected to the switch views that traffic.

You can use any dual-port SwitchProbe device as a roving agent. The agent ports must be of the same media type and configured as shown in Table 10-4.

Table 10-4: Roving Connections

SwitchProbe Interface	Mode	Connection	SwitchProbe Action
1	Manage	To the network with access to the switch.	Sets monitor port and communicates with the TrafficDirector application.
2	Serial/SLIP	Not used.
3	Monitor	Analyzer port.	Views monitor port traffic.

Table of Contents