Lecture 11 Simple Network Management Protocol  Set an MIB variable - The SNMP agent performs this function in

response to a SetRequest-PDU from the network manager. The

https://www.youtube.com/watch?v=_8lc21IOpKk
 SNMP managers runs SNMP management software SNMP agent changes the value of the MIB variable to the value
SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)  As shown in the figure, the SNMP manager collect information specified by the network manager. An SNMP agent reply to a set
from SNMP agent using the “get” operations or the get action and request includes the new settings in the device.
Introduction to SNMP can change configurations on the agent by using the “set” action.
*when the network is mapped and all of the components are using the In addition, SNMP agents can forward information directly to the
same cloud, it is time to look at how you can manage your network using network manager using “traps”.
SNMP*  the SNMP agent and MIB reside on SNMP client devices.
Network devices that must be managed such as switches, routers,
 SNMP was developed to allow administrators to manage nodes servers, and firewall. Network devices that must be managed are
(such as servers, workstations, routers, switches, and security equipped with an SNMP agent software module/
appliances) on an IP network. It enables network administrators to  The figure here illustrated the used of SNMP requests to determine
monitor and manage network performance, find, and solve network SNMP Operation if the interface g0/0/0 is up. The administrator maybe wants to
problems, and plan for network growth.  SNMP agents that reside on managed devices collect and store check the MIB variable to find out if that interface is specifically
 SNMP is an application layer protocol that provides a message information about the device and its operation locally in the MIB. g0/0/0 is up/up
format for communication between managers and agents. The The SNMP manager then uses the SNMP agent to access SNMP Agent Traps
SNMP system consists of three elements: information within the MIB.
- SNMP manager  There are two primary SNMP manager requests, get and set. In  In an NMS or the network management system, periodically pulls
- SNMP agents (managed node) addition to configuration, a set can cause an action to occur, like the SNMP agents that are residing on the managed devices using
- Management Information Base (MIB) restarting a router. the get request.
 To configure SNMP on a networking device, it is necessary to  get-request – is used by the NMS to query the device for data.  The NMS clears the device for data, using this process a network
define a relationship between the manager and the agent.  set-request – is used by the NMS to change configuration management application can collect information to monitor traffic
 SNMP defines how management information is exchanged variables in the agent device; it can also initiate actions within a loads and to verify the device configurations of managed devices.
between network management applications and management device. EX. a set can cause a router to reboot, send a configuration  The information can be displayed via a graphical user interface on
agents. The SNMP manager polls the agents and queries the MIB file or receive a configuration file. the NMS, averages, minimums or maximums can be calculated,
for SNMP agents on UDP port 161. SNMP agents send any SNMP  The SNMP manager uses the get and set actions to perform the the data can be graphed, or thresholds can be set to trigger a
traps to the SNMP manager on UDP port 162. operations describe in the table. notification process when the thresholds are exited. For example,
 The SNMP manager is part of a network management system an NMS can monitor CPU utilization on a cisco router, the SNMP
(NMS). The SNMP manager can collect information from an Operation Description manager samples the value periodically and presents this
SNMP agent by using the "get" action and can change get-request Retrieves a value from a specific variable information in a graph for network administrator or systems
configurations on an agent by using the "set" action. SNMP agents get-next-request Retrieves a value from a variable within a table; the administrators on duty. That is the use in creating a baseline,
can forward information directly to a network manager by using SNMP manager does not need to know the exact creating a report or viewing real-time information.
"traps". variable name. A sequential search is performed to  Periodic SNMP polling – does have advantages and
 The SNMP agent and MIB reside on SNMP client devices. MIBs find the needed variable from with a table.
disadvantages:
store data about the device and operational statistics and are meant get-bulk-request Retrieves large blocks of data, such as a multiple
Disadvantages:
rows in a table, that would otherwise require the
to be available to authenticated remote users. The SNMP agent is - There is a delay between the time that an event occurs and the
transmission of many small blocks of data. (only
responsible for providing access to the local MIB. works with SNMPv2 or later) time that it is noticed via polling by the NMS or the network
get-response Replies to a get-request, get-next-request and set- management system.
request sent by an NMS - There is a trade-off between polling frequency and bandwidth
set-request Stores a value in a specific variable usage.
*To mitigate these disadvantages, it is possible for the SNMP
 The SNMP agent responds to SNMP manager requests as follows: agents to generate and send traps to inform the NMS immediately
 Get an MIB variable - The SNMP agent performs this function in of certain events*
response to a GetRequest-PDU from the network manager. The
 Traps are unsolicited messages alerting the SNMP manager to a
agent retrieves the value of the requested MIB variable and
condition or event on the network.
responds to the network manager with that value.
 Example of trap conditions include but not limited to improper  Get-response are coming from the managed object together with Result Uses a community string match for authentication
user authentication. Restarts, link status are poor status something the trap.
like g0/0/0 goes up or down, mac address tracking, closing a TCP
connection, loss of connection to neighbor or other significant
events. Evolution of SNMP SNMP v2c
 Trap-directed notifications reduce network and agent resources by
eliminating the need for some of SNMP polling requests. There are three versions of SNMP:  Both SNMPv1 and SNMPv2c uses community-based form of
 The figure illustrates the use of an SNMP trap to alert the network security.
 SNMPv1
administrator/system administrator that interface G0/0/0 has failed.  The community of managers that is able to access the MIB of the
- This is the simple network management protocol, a full internet
The NMS software can send the network administrator a text agent is defined in a community string, unlike in SNMPv1,
standard that is defined in RFC 1157.
message, pop up a window on the NMS software, or turn the router SNMPv2c includes a bulk retrieval mechanism and more detailed
- Legacy standard defined in RFC 1157. Uses a simple
icon red in the NMS GUI. error message reporting to management stations.
community-string based authentication method. Should not be
 We are using SNMP every time we communicate with the  The bulk retrieval mechanism reserves tables and large quantities
used due to security risks and it is already obsolete.
managed objects. If you have received notification, that is of information minimizing the number of round trips required.
 SNMPv2c
considers to a trap.  The SNMPv2c improve error handling includes expanded error
- Defined in RFCs 1901-1908. Uses a simple community-string
codes that distinguish different kinds of error conditions, these
based authentication method. Provides for bulk retrieval options,
conditions are reported through a single error code in SNMPv1.
well as more detailed error messages.
 Error return codes in SNMPv2c includes the error type.
- It uses a community string based on the administrative
framework. Up to now there are some networks who are still using Note: SNMPv1 and SNMPv2c offer minimal security features,
SNMP version2c specifically SNMPv1 and SNMPv2c can neither authenticate the source of
 SNMPv3 the management message nor provide encryption. The SNMPv3 is most
- Defined in RFCs 3410-3415. Uses username authentication, currently described in RFC’s 3410 and 3415, so it adds methods to ensure
provides data protection using HMAC-MD5 or HMAC-SHA and the secure transmission of critical data between managed devices.
 The exchange of all SNMP messages in illustrated in the figure encryption using DES, 3DES, or AES encryption.
SNMPv2c
- SNMPv3 is an interoperable standards-based protocol originally
Level noAuthNoPriv
defined in RFC 2273-2275.
Authentication Community string
- It provides secure access to devices by authenticating and
Encryption No
encrypting packets over the network. Result Uses a community string match for authentication
- It includes this security features message integrity to ensure that a
packet was not tampered while in transit.
- Authentication to determine that the message is from a valid SNMP v3
source and encryption to prevent the content of the message being
 SNMPv3 provides for both security models and security levels.
read vy an authorized source.
The security model is an authentication strategy set up for user and
- Most organization nowadays are implementing SNMPv3, but
the group within the user’s resides or which the user resides.
some continuously patronize SNMPv1 and 2c
 The security level is the permitted or is a permitted level of
Now all versions of SNMP use SNMP managers, agents, and MIBs. The 3 security within the security model. So, a combination of security
components are still there. The CISCO IOS software supports the above level and security model determine which security mechanism is
three versions. used when handling an SNMP packet.
 So, available security models are SNMPv1, SNMPv2c and
Version 1 is a legacy solution and is not often encountered in the networks SNMPv3
 This diagram, this is the continuation of the figure earlier today. So, therefore this video lecture focuses only on version2c and
presented. It started when the interface g0/0/0 goes down, so there version3 SNMPv3 noAuthNoPriv
is an SNMP drop sent to the administrator. Sent text, turn red etc.,
so that would be notified on the administrator’s machine. SNMP v1  The tables presented identifies the characteristics of different
 The SNMP operations that are get-request, get-next-request, and combinations of security models and levels.
SNMPv1
set-request are all coming from the manager going to the managed Level noAuthNoPriv SNMPv3 noAuthNoPriv
device. This managed device is either a router, switch, firewall or Authentication Community string Level noAuthNoPriv
workstations. Encryption No Authentication Community string
 Encryption No - Read-only (ro) - This type provides access to the MIB
Result Uses a username match for authentication (an variables, but does not allow these variables to be changed,
improvement over SNMPv2c) only read. Because security is minimal in version 2c, many
organizations use SNMPv2c in read only mode.
- Read-write (rw) or full access- This type provides read and
SNMPv3 authNoPriv
write access to all objects in the MIB.
SNMPv3 authNoPriv  To view or set MIB variables, the user must specify the
Level authNoPriv appropriate community string for read or write access.
Authentication Message Digest 5 (MD5) or Secure Hash Algorithm  To view or set map variables, you must specify an appropriate
(SHA) community string for the read or write access, it could be RO or
Encryption No RW.
Result Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms How SNMP operate with the community string

SNMPv3 autoPriv
 A network administrator must configure the SNMP agent to use
the SNMP version supported by the management station, because
an agent can communicate with multiple SNMP managers, it is
possible to configure the software to support communications by
using v1, v2c or v3.
 The third implementation of SNMPv3 is with authentication and
privacy.
SNMPv3 authPriv  Next is the management station sends a requests to the agent for
Level authPriv (requires the cryptographic software image) connection statistics and includes the community string, so
Authentication MD5 or SHA something like how many users are on their web server? Or how
Encryption Data Encryption Standard (DES) or Advanced many users are currently connected to the web server?
Encryption Standard (AES)  This would be using get 192.168.1.10 2#B7!9
Result Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms. Allows specifying the
User-based Security Model (USM) with these  Assuming that you are given this topology here, you got your
encryption algorithms: webserver with SNMP agent, you’ve got your SNMP management
 DES 56-bit encryption in addition to station with the manager at 192.168.1.5 and you’ve got a central
authentication based on the CBC-DES (DES- MIB.
56) standard  On this diagram, the customer called, and their web server is really
 3DES 168-bit encryption
slow. The user calls to report a problem, so just like in an
 AES 128-bit, 192-bit, or 256-bit encryption
enterprise, the end user will be calling to support and to report any
problem experienced on the network.
Community Strings
*For SNMP to operate, the network management system must have access
to the MIB, to ensure that access requests are valid some form of
authentication must be in place.
 SNMPv1 and SNMPv2c use community strings that control
access to the MIB. Community strings are plaintext passwords.  Next is, does my community string match for 2#B7!9? if there is a
SNMP community strings authenticate access to MIB objects. yes, is 192.168.1.5 an IP address I know? If yes, then there is a
 There are two types of community strings: reply. So, the agent verifies community string and IP address.
 NMS and graphed. This creates a baseline for the network
administrator.
 Threshold values can be set relative to this baseline. When CPU
utilization exceeds this threshold notifications are sent.
 The data is retrieved via the snmpget utility, issued on the NMS.
Using the snmpget utility, you can manually retrieve real-time
MIB Object ID data, or have the NMS run a report. This report would give you a
period of time that you could use the data to get the average.
 MIB or the management information base is defined as the  The SNMP get utility requires that the SNMP version, the correct
database or the virtual database of the managed objects. Every community, the IP address of the network device the query and the
managed object has a MIB. OID number are set.
 The MIB organizes variables hierarchically. Formally, the MIB  The figure demonstrates the use of a freeware SNMP get utility
defines each variable as an object ID (OID). OIDs uniquely which allows quick retrieval of information from the MIB.
identify managed objects. The MIB organizes the OIDS based on
RFC standards into a hierarchy of OIDs, usually shown as a tree.
 The MIB tree for any given device includes some branches with
variables common to many networking devices and some branches
with variables specific to that device or vendor.
 RFCs define some common public variables. Most devices
implement these MIB variables. In addition, networking equipment
vendors, like Cisco, can define their own private branches of the
tree to accommodate new variables specific to their devices.

 The figure shows portions of the MIB structure defined by Cisco.  This figure illustrates a 5-minute samples of router CPU utilization
Note how the OID can be described in words or numbers to help over a period of few weeks.
 Afterwards, the agent sends all statistics for the number of locate a particular variable in the tree
connections so variable 10,000  OIDs belonging to Cisco, are numbers as follow: .iso (1).org (3).
dod (6). internet (1). private (4). enterprises(1).cisco(9).
 Therefore, the OID us 1.3.6.1.4.1.9 -> pertains cisco

 Go back to 29:25 in the vid

 -c = is the community, this is the SNMP password called
community string
 IP address = IP of the monitor or device of the managed object
 OID number = OID of the MIB variable
SNMP Object Navigator
SNMP Polling Scenario  The snmpget utility gives some insight into the basic mechanics of
 Therefore, the agent or the manager will know that there are how SNMP works. However, working with long MIB variable
 SNMP can be used is to observe CPU utilization over a period of
10,000 users? No wonder this web server is slow. names like 1.3.6.1.4.1.9.2.1.58.0 can be problematic for the
time by polling devices. CPU statistics can then be compiled on the
 The management station receives the information coming from the average user. More commonly, the network operations staff uses a
SNMP agent.
 network management product with an easy-to-use GUI, which Step 4. (Optional) Restrict SNMP access to NMS hosts (SNMP managers)
makes the entire MIB data variable naming transparent to the user. that are permitted by an ACL. Define the ACL and then reference the
 The Cisco SNMP Navigator on the http://www.cisco.com website ACL with the snmp-server community string access-list-number-or-
allows a network administrator to research details about a name command.
particular OID. In some books they called it MIB browser
Step 5. (Optional) Specify the recipient of the SNMP trap operations with
the snmp-server host host-id [version (1 | 2c | 3 [auth | noauth | priv]}]
community-string command. By default, no trap manager is defined.
Step 6. (Optional) Enable traps on an SNMP agent with the snmp-server
enable traps notification-types command.
Securing SNMPv3
 Step 1: Configure an ACL to permit access to the protected
management network.
Router (config) # ip access-list standard acl-name
Router (config-std-nacl) # permit source_net

 In this figure is an example of using the navigator to research the  Step 2: Configure an SNMP view.
OID information for the y reload object. Router (config)# snmp-servar view view name oid-tree

CONFIGUTING SNMP  Step 3: Configure an SNMP group.

 The configuration is based on the cisco platform, so other vendors Router (config) # snmp-server group group-name v3
could have their own versions or could have their own syntax on priv read view-name access [acl-number | acl-name]
how to configure SNMP, but the principle is the same.
 SNMP is a protocol that is between the managed object and the  Step 4: Configure a user as a member of the SNMP group.
manager. Router (config)# snmp-server user username group-name v3
auth {md5 | sha} auth-password priv {des | 3des | aes {128 | 192
Step for Configuring SNMP | 256} privpassword
Step1. (Required) Configure the community string and access level (read-  The configuration of SNMP to cisco devices is very
only or read-write) with the snmp-server community string ro | rw straightforward.
command. Verifying SNMP Configuration
Step 2. (Optional) Document the location of the device using the snmp-
server location text command.
Step 3. (Optional) Document the system contact using the snmp-server
contact text command.
 RMON1 RFC 2819 Remote Network Monitoring Management
Information Base
 In the RMON components, we have the RMON probe and the Data
RMON2 RFC 4502 Remote Network Monitoring Management Analyzer. The RMON probe is usually connected on the segment
Information Base Version 2 using SMlv2 of the LAN. The RMON probe is the data gatherer, a physical
device.
HCRMO RFC 3273 Remote Network Monitoring Management  The Data Analyzer here, processor that analyzes the data. It uses
REMOTE NETWORK MONITORING (RMON) the SNMP network to carry the data collected by the agent through
N Information Base for High Capacity
https://www.youtube.com/watch?v=37xs6l32lFA Networks RMON.
 The RMON probe here, act as servers and the network
RMON Basic Concepts SMON RFC 2613 Remote Network Monitoring MIB management application that communicate with them act as client.
Extensions for Switched Networks While both agent, configuration, and data collection use SNMP.
 Extends the SNMP functionality without changing the protocol
 Allows the monitoring of remote networks (internetwork  RMON is designed to operate differently than other SNMP based
Overview RFC 3577 Introduction to RMON Family of MIB systems. Probes have more responsibility for data collection
management) Modules
 It supports MAC-layer (layer 2 in OSI) monitoring processing which reduces SNMP traffic and the processing load of
 Defines a Remote MONitoring (RMON) MIB that supplements the clients, so that is how SNMP and RMON related to each other.
MIB-II RMON Goals  Probes has more responsibility for data collection and processing
- with MIB-II, the manager can obtain information on individual which reduces the SNMP traffic on the network and the processing
 Monitoring subnetwork-wide behavior – it could perform offline load of the clients. Information is only transmitted to the
devices only operation, perform diagnostics, and to collect statistics
- with RMON MIB, the manager can obtain information the management application when required, instead of continuously
continuously even when the communication with the management pulling and monitoring the devices.
LAN as a whole station may not be possible or efficient.
 This are called network monitors, analyzers or probes which  Reducing the burden on agents and managers – The SNMP Networks with RMONs
pertains to network monitoring. uses the paradigm on the agent and managers. With the
 The remote network monitoring or RMON was developed by the implementation of RMON, it was able to reduce the burden on
IETF to support monitoring and protocol analysis of a local area agents and managers.
network.  Continuous off-line monitoring in the presence of failures (in
 The original version sometimes referred to as RMON1 focused on network or manager)
OSI layers 1 and 2 information in internet and token ring networks,  Proactive monitoring
should have been extended by RMON 2 which adds supports for - perform some of the manager functions (e.g., diagnostics)
network and application layer, monitoring and by SMON or switch - With proactive monitoring, continuously run the diagnostics
monitoring, which adds support for switched network. and lag network performance.
 It is an industry standard specification that provides much of the  Problem detection and reporting – given conditions the probe
functionality offered by a proprietary network analyzer. RMON continuously to check for them if there is or if there are any
agents are built into many high-end switches and routers. conditions that occur, it notifies the manager.
Important RFCs (leading to RMON standardization)  Provide value-added (analyzed) data – who generates most of
the traffic or errors in the network.
 RMON or remote monitoring is a standard monitoring  Support multiple managers
specification that enables various network monitors and console
systems to exchange network monitoring data. RMON Components  RMON is designed for flow-based monitoring, while SNMP is
 RMON provides network administrator or systems administrators RMON: Remote Network Monitoring often used for device-based management.
with more freedom in selecting network monitoring probes and  RMON is similar to other flow-based monitoring technologies
consoles with features that meet their particular networking needs. such as NetFlow in CISCO and S-Flow or switch flow, because the
 An RMON implementation typically operates in a client server data is collected, or the data collected deals mainly with traffic
model, so monitoring devices commonly called probes in this patterns rather than the status of individual devices.
context contain RMON software or agents that collect information  One disadvantages of this system is that remote device shoulder
and analyze buckets more of the management burden and require more resources to do
Name RFC Series Description so.
  Some devices balance this trade-off by implementing only a subset  This RMON probe here, is capable of monitoring the subnetwork
of RMON within the MIB groups. A minimal RMON X and subnetwork Y having their different set of clients or
implementation could support only statistics history, alarm, and workstations connected to it.
events.
 With the network here, router with RMON, FDDI probe, Ethernet
probe, and token ring probe, RMON is usually implemented on the Control of Remote Monitors
LAN segment.
 RMON MIB contains features that support extensive control from
Example Configuration For Remote Monitoring NMS
- Configuration control
- Action Invocation
 RMON MIB is organized into a number of functional groups
 Each group may contain one or more control tables and one or
more data tables
 Control table (typically read-write) contains parameters that
describe the data in a data table (typically read-only)
Configuration Control
 At configuration time, NMS sets the appropriate control
parameters to configure the remote monitor to collect the desired
data
- the parameters are set by adding a new row to the control table
or by modifying an existing row
- a control table may contain objects that specify the source of
data to be collected, the type of data, the collection timing, etc.
 To modify or disable a particular data collection function:
- it is necessary first to invalidate the control row
 The two version of RMON which are RMON1 and RMON2.
- this causes the deletion of that row and the deletion of all
 In this figure, we gave a lot of probes that is scattered and  RMON1 – supports only the first and the second layer of the OSI
associated rows in data tables
implemented over the network. model. That is why there is RMON2 that extended the capability of
- NMS can create a new control row with the modified
 Each segment or LAN segment has their own probe, these probes RMON1 by operating and monitoring on the network layer up to
parameters
can be collected and that can be forwarded to the management the application layer.
console only if necessary. RMON Benefits (could get a system administrator or network  RMON1 operated on the layer one and two, physical and data link
administrator from RMON) : layer. While RMON2 extend the capacity and capability of that by
Example of RMON probe with two interfaces going beyond layer two starting at layer three network layer up to
 Monitors and analyzes locally and relays data; the application layer.
- Less load on the network
- If we have the last load on the network, so that means less RMON Groups and Functions
resources is used and therefore more of the data or more of the
power of the devices is contributed to the performance of the
network.
 Needs no direct visibility by NMS;
- More reliable information as RMON collects data on the
LAN segment.
 Permits monitoring on a more frequent basis
- faster fault diagnosis we could easily solve the problem if
there is a problem encountered or arises during the operation of
the organization or during the production’s operations
 Increases productivity for administrators
 Alarm rmon 3 Generates events when -alramTable Filter rmon 7 Filter function that -filterTable
the data sample enables capture of -channelTable
gathered crosses pre- desired parameters -filter2Table
established thresholds -filter defines packet -channel2Table
-if there would be some data patterns of interest
notifications needed, (ex. mac address or tcp
then we set the alarm. port defined the
 For the RMON, we could get the Token Ring Statistics, Ethernet - Definitions for RMON characteristics of read
Statistics, Host and Conversation Statistics, Filter group, alarm and SNMP traps to be packets that should be
generation and event generation that is going onto the network sent when statistic exit processed by the probe)
segment. All of these can be collected by an RMON and can be defined thresholds. such characteristics
forwarded to the network manager only is needed. Identify selected object determine a channel
 The RMON probe is basically placed on the LAN segment, so values that become Packet rmon 8 Packet capture -buffercontrolTable
remote monitoring network so data gathering happens on the greater or less or less Capture capability to gather -captureBufferTable
boundary of the LAN. than the threshold packets after they flow
during the sampling. through a channel
RMON1 Host rmon 4 Gathers statistical data -hostControlTable -it collect and forward
on hosts -hostTable package matching the
 RMON 1 has 10 groups divided into three categories
- host specific LAN -hostTimeTable filter
- Statistics groups (RMON1-10 excluded RMON3)
statistics (ex. bytes sent -hostControl2Table -it defines how much of
- Event reporting groups (RMON 3 and RMON 9) or bytes received frame the channel packet is
- Filter and packet capture group (RMON 7 and RMON 8) sent or frame receipts) captured and how much
 Groups with two in the same are enhancement of RMON2 Records mac address is transmitted to the
RMON1 MIB GROUPS & TABLES and statistics for management station.
packets received or Event rmon 9 Controls the generation -eventTable
Group OID Function Tables transmitted for its host of events and
Statistics rmon 1 Link level statistics -etherStatsTable detected on the subnet. notifications
- real time statistics (ex. -etherStats2Table HostTopN rmon 5 Computes the top N -hostTopNcontrolTable -it sends alerts or
utilization, Collison, the hosts on the respective SNMP traps for the
cyclic redundancy categories of statistical alarm group it defined
check errors) it counts gathered and lags events that are
packets with -record of N most active generated by objects in
characteristics defined connections over the other groups and
by objects in the given time period so initiates action.
etherStatsTable. that HostTopN. Token rmon 10 See Table 8.3 See Table 8.3
- The packet count is -It also determines the Ring -Which is an extension
for all the frames with most active and hosts specific to token ring.
regardless of the during every sampling -it is only being used by
device. interval for a specified token ring network.
History rmon 2 Periodic statistical data -historyControlTable variables such as
collection and storage -etherHistoryTable inpackets.
for later retrieval -historyControl2Table Matrix rmon 6 Statistics on traffic -matrixControlTable RMON2
-history of relate -eitherHistory2Table between pair of hosts -matrixSDTable  Applicable to Layers 3 and above
statistics. Developed a - the send received -matrixDSTable -RMON1 is focused on the physical and data link layer.
history for its traffic matrix between -matrixControl2Table
-RMON2 extends from layer three. From the network layer,
etherHistoryTable the systems. It record
host mac addresses and transport layer session, presentation and application layer.
object that’s just by
statistics such as in  Functions similar to RMON1
counting packets for
each object over a packets for  Enhancement to RMON1
number of defined conversation between  Defined conformance and compliance
something intervals. hosts.
RMON MIB2
  RMON MIB monitors MAC-level subnet traffic of host user or  RMON1 is limited on the first two layer and then the extension of
 RMON MIB2 can monitor traffic of packets at layers 3 to 7 of the simply the traffic it which is RMON2 covers layers 3-7
OSI Reference Model data by protocol  RMON is usually implemented on the LAN segment that’s why we
 Provides Network-layer Visibility from and to each are more on the ethernet network
- can distinguish between local LAN and remote LAN traffic of the host  If we have the network management console, the applications that
 Provides Application-layer Visibility Application rmon 17 Traffic data by a1MatrixSDTable monitor network.
- can analyze traffic to and from hosts for particular applications Layer Matrix protocol between a1MatrixDSTTable
pairs of hosts a1MatrixTopNControlTable
- can determine which applications are putting the load on the
a1MatrixTopNTable
net
User History rmon 18 User-specified usrHistoryControlTable
 RMON MIB2 is basically an extension of RMON MIB Collection historical data on usrHistoryObjectTable
Group OID Function Tables alarms and usrHistoryTable
Protocol rmon 11 Inventory of protocolDirTable statistics
Directory protocols Probe rmon 19 Configuration of serialConfigTable
-or list of Configuration probe parameters netConfigTable
protocols the trapDestTable
probe can serialConnectionTable
monitor RMON rmon 20 RMON2 MIB See Section 8.4.2
Protocol rmon 12 Relative statistics proptocolDistControlTable Conformance Compliances and
Distribution on octets and proptocolDistStatsTable Compliance
packets Groups
Address Map rmon13 Mac address to addressMapControlTable -requirements for
network address addressMapTable RMON2 MIB
on the interface performance.
-mapping of the
mac address to a Summary
network address
or the mapping of  RMON extends the SNMP functionality without changing the
the network layer protocol
IP to map later  RMON can monitor information on a whole subnetwork
addresses.  RMON is used extensively in analyzing network traffic for
Network rmon 14 Traffic data from n1HostControlTable problem detection and network planning
Layer Host and to each host n1HostTable  RMON2 allows monitoring of traffic at layers 3 to 7 in the OSI
-layer 3 traffic
Model
statistics per
 RMON2 can be used to analyze network traffic more accurately
each host that is
network layer even to the application level
host.
Network rmon 15 Traffic data from n1MatrixControlTable
Layer Matrix each pair of hosts n1MatrixSDTable
n1MatrixDSTable
n1MatrixTopNControlTable
n1MatrixTopNTable
Application rmon 16 Traffic data by a1HostTable
Layer Host protocol from and
to a host
-traffic statistics
by application
protocol per
source
destination pairs