Solved

Cisco 2600 Monitoring tools

Posted on 2009-05-19
22
544 Views
Last Modified: 2012-05-07
Hi Guys
I have a dedicated link between 2 points. The link recently is reaching his limit 4MB.
I need to identify what is using it (email, http, etc.) by protocol.
also I need to identify the hosts that are using it most.
I would like your suggestion for a free tool to monitor cisco 2600 with below features:
1) protocol utilization -
2) utilization by host
3) email alerts if possible.

currently I am using MRTG to monitor the bandwith utilization only.
0
Comment
Question by:jackdaniel_china
  • 11
  • 6
  • 3
  • +1
22 Comments
 
LVL 20

Accepted Solution

by:
RPPreacher earned 500 total points
ID: 24428235
Enable netflow on the router
Use the free netflow monitor here
http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24428237
0
 

Author Comment

by:jackdaniel_china
ID: 24428277
Thank youI
am downloading them now...get back to you ASAP.
thanks
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 8

Expert Comment

by:ludo_friend
ID: 24428485
rppreacher is right, solarwinds free netflow suite is very good,
also have a look at thier ip-sla tool.

I run manageengine netflow analyzer which I swear by (not free though), very good working out what your connection is doing both now, and two days ago (provides very good historical analysis )
 http://www.manageengine.com/products/netflow/
0
 

Author Comment

by:jackdaniel_china
ID: 24428512
thanks for your help!
I am in a little hury so let me see

I am running IOS Version 12.2(8)T5 ( that it supose to be supported)
problem 1
I could not use the configuration tool.
I have snmp-server communite test RW

problem 2
I set ip flow by hand as below but the analyzer cannot get it.

interface FastEthernet0/1
 ip address 192.168.5.2 255.255.255.248
 ip route-cache flow
 duplex auto
 speed auto
!
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as
ip flow-export destination 192.168.181.78 2055

looks like it's exporting it..
Flow export is enabled
  Exporting flows to 192.168.181.78 (2055)
  Exporting using source interface FastEthernet0/1
  Version 5 flow records, peer-as
  358 flows exported in 51 udp datagrams
  0 flows failed due to lack of export packet
  1 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

anythinkg I am missing?
thanks

0
 
LVL 8

Expert Comment

by:ludo_friend
ID: 24428556
the only difference is that on my interfaces I'm monitoring I have...
ip fow ingress
ip flow egress

other that that - you don't have a personal firewall or anything running on the pc which is collecting the flows?
0
 

Author Comment

by:jackdaniel_china
ID: 24428584
I do have a Kaspersky firewall, but I disabled it already and I keep the same results.
for configuration tool I get
The device you specified does not allow the configuration of netflow support, ports... through SNMP

on the Analyzer
I can see the fraffic in and out but at Sending NetFlow is null
If I try to start it I get:
neflow is not detected onthe selected interface
please select another or configure the interface to send netlflow....

thanks :)
0
 

Author Comment

by:jackdaniel_china
ID: 24428633
Hi
I took out the options and seems it's capturing now.
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as

but I stll cannot configure it by the configuration tool, only by hand!
thanks for your help!!!
get back later!
trying to read the reports now!
cheers
0
 
LVL 1

Expert Comment

by:equarando
ID: 24428856
Why not use NBAR to look at whats going on, then based on what NBAR see's implement some QoS.

to enabble nbar
router(conf-if)#ip nbar protocol-discovery

and to view what it see's
router#sh ip nbar protocol-discovery

then based on what protocols you see using up your link.

1.Create some traffic classes (based on your needs)
2. Mark IP precedence on the incoming policy map for the inside interface (LAN)
3. then on the outside policy map set which IP precedence levels go in what queue
0
 

Author Comment

by:jackdaniel_china
ID: 24428969
Thanks for you idea!
I do not have any router for testing now, all are production routers do do many tests

I tried to enable it and I got CEF switching is required for NBAR 'protocol-discovery' command

do you have an example of it's exit?

thank you
0
 

Author Comment

by:jackdaniel_china
ID: 24429070
ok, going back to the NetFlow Analyzer.

I am first trying to analyze witch hosts is using more the link to check what's going on....

but for some reasons on Endpoints the ips are "a littel strange"
example
the top outbound ip is 140.173.192.168 (it's not in our internal ip range)
actually all top 5 are not...

any idea?
0
 
LVL 1

Expert Comment

by:equarando
ID: 24429212
Use the "ip cef" cmd to enable it globally in global config mode
0
 

Author Comment

by:jackdaniel_china
ID: 24429259
HI Equarando, it works, thank you
I also need to find out the hosts that are the top ones in utilization of the links.
thanks
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24430285
Are you NATting before the router?  Maybe a PIX or some other firewall?
0
 
LVL 1

Expert Comment

by:equarando
ID: 24434182
No prob, I dont think NBAR will be able to tell you what hosts are using up most of your link, but this will resolve any congestion problems.
0
 

Author Comment

by:jackdaniel_china
ID: 24437504
Hi RPPreacher:
no, there is no NAT.
thank you!!!
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24437539
Drop the peer-as option
0
 

Author Comment

by:jackdaniel_china
ID: 24437611
I took it out already! thank you

this is my current configuration...
interface Serial0/0
 ip address 192.168.4.1 255.255.255.252
 ip route-cache flow
 down-when-looped
 ip rtp header-compression
 ip rtp compression-connections 30

!
ip flow-export destination 192.168.181.78 2055
ip classless

I can get the information but just looks like it changes some ip sources... I am still looking on it..
example...
192.168.185.108 xxxx
185.108.192.168 xxxx ( THIS ONE DOES NOT EXISTS AND LOOKS TO BE SAME AS ABOVE)

thanks a lot for the tip, it's helping me a lot already!
I am also looking on the suggestion on having some access list but I am not very familiar with it yet in cisco routers and since I do not have a router to test need to plan well before doing it.

get back soon!
cheers
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24437620
did you specific version 5?

ip flow-export version 5

Maybe something is wacky with the real time netflow analyzer...

Try looking at the flow with scrutinizer
http://www.plixer.com/products/free-netflow.php
0
 

Author Comment

by:jackdaniel_china
ID: 24437956
Hi
I had but I took out before when I could not get the info from netflow in my computer.
do you suggest to try to put it back?
thank you
I am downloading the other software to check!
cheers
0
 

Author Comment

by:jackdaniel_china
ID: 24439030
the scrutinize looks very good!

I am using both now to compare the products.
now my reports are normal, I mean the ips are coming correctly.
thanks
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 24440680
Cool.   Anything else before accepting solution?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Claiming a Domain Name 7 52
svi stops eigrp advertisement 13 34
Ping and real time 48 57
Dlink-DIR 816 router 4 21
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question