I have a Cisco 2620 that I have finally managed to get Netflow working with ManageEngine NetFlow Analyzer. Recently our WAN connection has been a bit eratic and I want to monitor the traffic to see if I have any rogue machines on my network. Currently we have a proprietary box installed by our ISP (Time Warner) which combins 2 full T1's and a fractional. It has a standard LAN which goes into a PIX firewall and from there into my Layer 2 Cisco switches (2950s and 3560s).
I am trying to figure out how to utilize the Cisco 2620 to analyze the traffic entering and leaving the building via the WAN. Currently the 2620 has a T1 CSU/DSU interface card and the standard built in 10/100 port. I am at a loss to discover a way to put this in line to monitor the traffic.
I really like the detail that NetFlow gives me on the port traffic with source and destination IP addresses and would like to figure out a way to utilize it in my setup. I don't know the best way to do this, if I have to buy an expansion card or if there is something better out there to do what I am trying to do.
I am open to suggestions. Thanks in advance.