Re: [mrtg] fwsm context traffic

[Justin M. Streiner]

On Tue, 24 Mar 2009, paolo wrote:

Right, I'm polling each context individually. I get the interfaces list
for each one properly populated with the right name and gigabit speed, but
it fails getting the counters (no V2 counters, dropping back to V1).
But neither V1 counters are there when I poll with the proper OID.
I think it has to do with the fact they are virtual interfaces. I can
measure overall traffic in the 6 Gb backplane etherchannel but I
need traffic per context (DMZ, Intranet....).

At this point I'm not doing per-context statistics.  I also checked and I 
don't see any Counter64s when I walk the MIB-II tree or the 
vendor-specific MIB tree on one of my FWSMs, which leads me to believe 
that the HC counters are not implemented in the FWSM 3.2 MIB.  I don't 
have any FWSMs running 4.0 at this point, but I should probably stand one 
up in my lab at some point.

I'm running 3.2(7) on most of my FWSMs at the moment.

As a work-around you could probably poll the HC counters for the Vlan 
interfaces that are getting sent into the FWSM.  Are you running in 
transparent mode or routed mode?

jms

--- On Tue, 3/24/09, McDonald, Dan <dan.mcdon...@austinenergy.com> wrote:

From: McDonald, Dan <dan.mcdon...@austinenergy.com>
Subject: Re: [mrtg] fwsm context traffic
To: mrtg@lists.oetiker.ch
Date: Tuesday, March 24, 2009, 3:41 PM
On Tue, 2009-03-24 at 11:55 -0700,
paolo wrote:
Hi,
I use the 6500 fw service module (v3.2) and I'm trying
to measure
traffic in the interfaces of my virtual firewalls
-contexts- using
mrtg. But when the mrtg snmp poller contacts the
virtual firewall, it
answers that no V2 counters (high speed counters) were
found despite
it properly reports the interface name and speed.

Odd, I've not had any problem detecting HC counters on fwsm
2.3.5 using
snmp v2c

Has anybody been successful in measuring traffic of
this fwsm contexts
using mrtg or similar? Maybe this counters are not
filled by the fw
and then there's no way?

Yes, but I'm not using contexts.  I think you have to
monitor every
context individually (meaning, treat them as separate
firewalls, each
with its own snmp config...)

--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com


-----Inline Attachment Follows-----

_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg





_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
_______________________________________________
mrtg mailing list
mrtg@lists.oetiker.ch
https://lists.oetiker.ch/cgi-bin/listinfo/mrtg