[mrtg] fwsm context traffic

Justin M. Streiner mrtg at cluebyfour.org
Wed Mar 25 03:09:12 CET 2009

On Tue, 24 Mar 2009, paolo wrote:

> Right, I'm polling each context individually. I get the interfaces list
> for each one properly populated with the right name and gigabit speed, but
> it fails getting the counters (no V2 counters, dropping back to V1).
> But neither V1 counters are there when I poll with the proper OID.
> I think it has to do with the fact they are virtual interfaces. I can
> measure overall traffic in the 6 Gb backplane etherchannel but I
> need traffic per context (DMZ, Intranet....).

At this point I'm not doing per-context statistics.  I also checked and I 
don't see any Counter64s when I walk the MIB-II tree or the 
vendor-specific MIB tree on one of my FWSMs, which leads me to believe 
that the HC counters are not implemented in the FWSM 3.2 MIB.  I don't 
have any FWSMs running 4.0 at this point, but I should probably stand one 
up in my lab at some point.

I'm running 3.2(7) on most of my FWSMs at the moment.

As a work-around you could probably poll the HC counters for the Vlan 
interfaces that are getting sent into the FWSM.  Are you running in 
transparent mode or routed mode?


> --- On Tue, 3/24/09, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
>> From: McDonald, Dan <Dan.McDonald at austinenergy.com>
>> Subject: Re: [mrtg] fwsm context traffic
>> To: mrtg at lists.oetiker.ch
>> Date: Tuesday, March 24, 2009, 3:41 PM
>> On Tue, 2009-03-24 at 11:55 -0700,
>> paolo wrote:
>>> Hi,
>>> I use the 6500 fw service module (v3.2) and I'm trying
>> to measure
>>> traffic in the interfaces of my virtual firewalls
>> -contexts- using
>>> mrtg. But when the mrtg snmp poller contacts the
>> virtual firewall, it
>>> answers that no V2 counters (high speed counters) were
>> found despite
>>> it properly reports the interface name and speed.
>> Odd, I've not had any problem detecting HC counters on fwsm
>> 2.3.5 using
>> snmp v2c
>>> Has anybody been successful in measuring traffic of
>> this fwsm contexts
>>> using mrtg or similar? Maybe this counters are not
>> filled by the fw
>>> and then there's no way?
>> Yes, but I'm not using contexts.  I think you have to
>> monitor every
>> context individually (meaning, treat them as separate
>> firewalls, each
>> with its own snmp config...)
>> --
>> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
>> Austin Energy
>> http://www.austinenergy.com
>> -----Inline Attachment Follows-----
>> _______________________________________________
>> mrtg mailing list
>> mrtg at lists.oetiker.ch
>> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
> _______________________________________________
> mrtg mailing list
> mrtg at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg

More information about the mrtg mailing list