When the RMON specification was developed, LANs were mainly shared Ethernet or Token Ring networks, and the virtual LAN (VLAN) concept did not exist. A monitoring device such as an RMON probe was connected to an Ethernet hub or Token Ring and it could see all the traffic from all the devices in this segment. With the advent of switches and VLANs, this concept was no longer operational, so extensions were required. Initially, Cisco supported VLAN monitoring by offering probes with an implementation of the Cisco VLAN Trunk Protocol (VTP). The standardization of VLANs and VLAN monitoring evolved in parallel, resulting in the IEEE 802.1Q standard for VLANs and SMON for network monitoring purposes. The SMON MIB, as specified by RFC 2613, extends the RMON MIB by providing remote monitoring device implementations specifically for switched network environments, supporting 802.1Q VLAN definitions. SMON supports a port copy feature to copy traffic from one switched port to a monitoring port on the same switch. Although a portCopy function already exists in RMON 1, SMON extends this concept to copy complete VLAN information. This eases the operators' task, because only the desired VLAN needs to be selected, not individual ports. The copy can be done as port-to-port, multiport-to-port, or multiport-to-multiport.

The principles behind SMON are as follows:

  • SMON extends RMON by adding support for standard VLAN monitoring.

  • The MIB contains 32-bit and 64-bit SNMP counters.

Supported Devices and IOS Versions

Polling the smonCapabilities MIB OID (from the probeConfig group) indicates which SMON MIB capabilities this RMON probe supports. For example:

  • The 6500/7600 devices support the portCopy and VLAN statistics functionalities.

  • The Cisco NAM for the Catalyst 6500 supports SMON.

CLI Operations

The Catalyst 6500 supports the smonVlanStats; however, the functionality can be configured only by SNMP, not via the CLI.

SNMP Operations

The SMON MIB contains four different groups:

  • smonVlanStats configures and monitors the VLAN statistics tables. The statistics collected represent a distribution based on the IEEE 802.1Q VLAN ID (VID) for each good frame attributed to the data source for the collection. Counters include the number of packets and bytes (32-bit and 64-bit), nonunicast packets, the number of counter overflows, and a time stamp to identify the last update.

  • smonPrioStats allows configuration and monitoring of collections based on the value of the 3-bit user priority field encoded in the Tag Control Information (TCI) field. This table merely reports the priority encoded in the VLAN headers, not the priority (if any) given to the frame for switching purposes. Counters include the number of packets and bytes (32-bit and 64-bit), as well as the number of counter overflows.

  • dataSource describes data sources and port copy capabilities, which an NMS can use to discover the identity and attributes on a given agent implementation. A description exists for each port to describe functions, such as counting error frames, acting as an SMON or RMON collection source, and express port copy functions. This table is populated by the SMON agent, with one entry for each supported data source.

  • portCopy provides the ability to copy all frames from a specified source to a specified destination within a switch. One-to-one, one-to-many, many-to-one, and many-to-many source-to-destination relationships may be configured. Source and destination are described by ifIndex parameters. The packet direction at the source port is provided as copyRxOnly (copy only the received packets), copyTxOnly (copy only the transmitted packets), or copyBoth (copy received and transmitted packets). Because it is possible to oversubscribe a destination port, the portCopyDestDropEvents counter should be monitored, because it counts the total number of events in which the switch dropped port copy packets at the destination port because of lack of resources. Note that this number is not necessarily the number of packets dropped; it is just the number of times this condition has been detected.


For configuration details on the Cisco NAM, refer to the online documentation at

Collection Monitoring

Instead of including a long snmpwalk summary, Figure 5-5 illustrates the VLAN monitoring via SMON-MIB.

Figure 5-5. NAM VLAN Monitoring Example

[View full size image]

Part II: Implementations on the Cisco Devices