Packet monitoring on 2600
We are wanting to monitor what type of packets are going through a Cisco 2600 router (http, smtp, etc) to verify what is slowing a router down if there are performance issues. Normally, I would use debug commands, but we want to do this through HP OpenView. What is the best way?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
would netflow not help ?
ASKER
"Openview would only be able to report SNMP and possibly RMON data gathered from the router. If the router doesn't have the info, neither will Openview"
RMON does not do any packet analyzing does it (it won't distinguish between http, icmp, smtp, etc.)? We have SNMP working, but we have not done anything with RMON.
It sounds like the only way to set up a permanent solution is another third-party package ... I just thought Cisco would have something built in for monitoring purposes.
Yeah, if it was temporary, like you said, do a sniff, debug the the heck out of the router, etc. But we are trying to find something that unknowledgable workers could use.
Thanks for all you're help. Let me know what you think.
RMON does not do any packet analyzing does it (it won't distinguish between http, icmp, smtp, etc.)? We have SNMP working, but we have not done anything with RMON.
It sounds like the only way to set up a permanent solution is another third-party package ... I just thought Cisco would have something built in for monitoring purposes.
Yeah, if it was temporary, like you said, do a sniff, debug the the heck out of the router, etc. But we are trying to find something that unknowledgable workers could use.
Thanks for all you're help. Let me know what you think.
MAYBE CiscoWorks would do it - with an add on.
This is exactly what Fluke and Netscout were made to do.
This is exactly what Fluke and Netscout were made to do.
I know you were asking about packet monitoring. But one easy check for an indication as to why the router is slowing down is put <ip accounting out> on the WAN side. See if there is predominantly one IP address inside your network creating a huge amount of traffic or scanning through IP's (Welchia or variants). Do <show ip accounting> once configured and <clear ip accounting> if there is just way too much to go through. If your not seeing anything obvious that way, take the <ip accounting> off the WAN and put it on your Ethernet side. Do the same check.
ASKER
Thanks Quasiboy. I do know how to do a little bit of debugging, but I haven't used that specific technique. Good advice!