SNMP: Monitoring External (WAN) Traffic Only.

Hello - a few questions for our office:

We are monitoring In/Out Bits for Total Bandwidth on a handful of switches using Cacti.

#1 -
Is it possible to graph traffic that only goes across the internet and is not transmitted from one port to another.

My problem stems from 2 users transferring data between 2 local switch ports. For billing purposes, we only need to know how much traffic is transferred in/out the wan, not internal traffic caused by sharing files.

#2 - Will setting up VLANs solve this issue? Does monitoring a VLAN include LAN traffic?

#3 - Am I right to say that if a user transfers large files over the local LAN from one office to another it will slow down the overall performance of the network and WAN (internet) speed?


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

1) No.  The monitors on a switch sees bytes in/out on the port.  It does not see MAC addresses or  IP addresses.  However, if you know what port the WAN connection is connected to you can monitor the traffic on that port.  All traffic in/out on the port would be your Internet traffic.

2) Not really, but sort of.  You could have one VLAN for internal traffic and one for Internet Traffic.  However, by monitoring the physical port that the WAN connection is on (see #1) you get the same measure ment.

3) If the two offices use the Internet as the network, then yes transferring files between offices will slow down the over all performance of the WAN.

Now, you mentioned traffic from one office to another.  When you say "internal" traffic, what do you mean?  Traffic within your building only, or do you consider traffic in between offices as "internal" even if it crosses the WAN?
xyxlorAuthor Commented:
All offices are inside the same building...
On a 48 port switch, I consider all traffic that does not leave through ports 49 or 50 to be "Internal". So traffic going from switch port 17 to switch port 18 is considered internal.

Cool - thanks for your response so far... the problem I seem to be having is the need to graph internet usage of each office suite, but internal network traffic is throwing our numbers off...

For example, we want to bill each user in the office for how much traffic they send or receive from the internet, but those without office routers are producing unusually large graphs due to internal networking and file transfers.

See my dilemma? I want to model the same billing a webhost or data center would use... and I don't think they monitor internal traffic.

O.K.  That will be a bit tough.  Data Center and Web hosting companies do things a bit different from you want to do in most cases.

Web hosting companies look at ALL data to/from the web server.  They don't care if the traffic is to a host within the hosting site or on the Internet.

Data Centers typically have high end L3 switches that support Cisco's NetFlow or something like it.  For devices that support it, NetFlow keeps track of traffic based on IP addresses and ports.  So you can easily measure "inside" and "outside" traffic and even what type of traffic it is (HTTP, SMTP, Telnet, FTP, ect.)

VLAN's will not help.  As even with VLAN you canNOT tell which VLAN's the traffic is going between.  All you can tell is it is going to/from the "Internet VLAN."  With a L2 switch only you would need another device/computer that could do routing also.

As for the internal traffic between offices affecting WAN speed.  Most likely it is not, but it can.  If user in office 1 is copying a file to a computer/server in office 2 and is copying enough data to run the ports at their capacity, then anybody in office 1 or 2 will be impacted if they need to get to a host via the switch.  However somebody in office 3 will not be impacted as long as they are not attempting to get to something in office 1 or 2.

What type of switch do you have?

What type of router do you have connecting you to the Internet?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

xyxlorAuthor Commented:
We are using Layer 2 Switches : D-LINK 3550
The internet is routed through a T1 Adtran Router, to the PIX 501. The PIX 501 then connects directly to the switches.

Thanks for the information so far, it has helped a lot. I am going to do a little more research and then award points.


How many total customers do you have?

Which version of PIX software are you running?

Although it could be a pain, depending on which version of PIX you are running you could create a unique VLAN for each customer, then have all of the VLAN's defined to the PIX as sub-interfaces.  Then you should (I have never done this) use SNMP to query each sub interface on the PIX.

This could make access-control lists a bit more complicated as you could end up needed one list per vlan.
xyxlorAuthor Commented:
Thanks for your help - it's given me a good start on where to look next :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.