[mrtg] fwsm context traffic
Mike Mitchell
Mike.Mitchell at sas.com
Wed Mar 25 15:43:14 CET 2009
I'm running 3.2(10) without contexts.
I do
cfgmaker --ifref ip --ifdesc alias community at firewall:::::2
and haven't had a problem. I'm seeing traffic over 400 Mbps, so I know it's using the HC counters.
Actually, I do have one problem. The FSM reports 1 Gbps for 'ifSpeed' on each interface. It should really be 6 Gbps. Occasionally I exceed 1 Gbps and the graphs show 'Unknown' for those periods.
Mike Mitchell
-----Original Message-----
From: mrtg-bounces at lists.oetiker.ch [mailto:mrtg-bounces at lists.oetiker.ch] On Behalf Of Justin M. Streiner
Sent: Tuesday, March 24, 2009 10:09 PM
To: mrtg at lists.oetiker.ch
Subject: Re: [mrtg] fwsm context traffic
On Tue, 24 Mar 2009, paolo wrote:
> Right, I'm polling each context individually. I get the interfaces list
> for each one properly populated with the right name and gigabit speed, but
> it fails getting the counters (no V2 counters, dropping back to V1).
> But neither V1 counters are there when I poll with the proper OID.
>
> I think it has to do with the fact they are virtual interfaces. I can
> measure overall traffic in the 6 Gb backplane etherchannel but I
> need traffic per context (DMZ, Intranet....).
At this point I'm not doing per-context statistics. I also checked and I
don't see any Counter64s when I walk the MIB-II tree or the
vendor-specific MIB tree on one of my FWSMs, which leads me to believe
that the HC counters are not implemented in the FWSM 3.2 MIB. I don't
have any FWSMs running 4.0 at this point, but I should probably stand one
up in my lab at some point.
I'm running 3.2(7) on most of my FWSMs at the moment.
As a work-around you could probably poll the HC counters for the Vlan
interfaces that are getting sent into the FWSM. Are you running in
transparent mode or routed mode?
jms
> --- On Tue, 3/24/09, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
>
>> From: McDonald, Dan <Dan.McDonald at austinenergy.com>
>> Subject: Re: [mrtg] fwsm context traffic
>> To: mrtg at lists.oetiker.ch
>> Date: Tuesday, March 24, 2009, 3:41 PM
>> On Tue, 2009-03-24 at 11:55 -0700,
>> paolo wrote:
>>> Hi,
>>> I use the 6500 fw service module (v3.2) and I'm trying
>> to measure
>>> traffic in the interfaces of my virtual firewalls
>> -contexts- using
>>> mrtg. But when the mrtg snmp poller contacts the
>> virtual firewall, it
>>> answers that no V2 counters (high speed counters) were
>> found despite
>>> it properly reports the interface name and speed.
>>
>> Odd, I've not had any problem detecting HC counters on fwsm
>> 2.3.5 using
>> snmp v2c
>>
>>> Has anybody been successful in measuring traffic of
>> this fwsm contexts
>>> using mrtg or similar? Maybe this counters are not
>> filled by the fw
>>> and then there's no way?
>>
>> Yes, but I'm not using contexts. I think you have to
>> monitor every
>> context individually (meaning, treat them as separate
>> firewalls, each
>> with its own snmp config...)
>>
>> --
>> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
>> Austin Energy
>> http://www.austinenergy.com
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> mrtg mailing list
>> mrtg at lists.oetiker.ch
>> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
>>
>
>
>
>
> _______________________________________________
> mrtg mailing list
> mrtg at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/mrtg
>
More information about the mrtg
mailing list