• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 608
  • Last Modified:

Cisco 2600 Monitoring tools

Hi Guys
I have a dedicated link between 2 points. The link recently is reaching his limit 4MB.
I need to identify what is using it (email, http, etc.) by protocol.
also I need to identify the hosts that are using it most.
I would like your suggestion for a free tool to monitor cisco 2600 with below features:
1) protocol utilization -
2) utilization by host
3) email alerts if possible.

currently I am using MRTG to monitor the bandwith utilization only.
0
jackdaniel_china
Asked:
jackdaniel_china
  • 11
  • 6
  • 3
  • +1
1 Solution
 
RPPreacherCommented:
Enable netflow on the router
Use the free netflow monitor here
http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx
0
 
RPPreacherCommented:
0
 
jackdaniel_chinaAuthor Commented:
Thank youI
am downloading them now...get back to you ASAP.
thanks
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
ludo_friendCommented:
rppreacher is right, solarwinds free netflow suite is very good,
also have a look at thier ip-sla tool.

I run manageengine netflow analyzer which I swear by (not free though), very good working out what your connection is doing both now, and two days ago (provides very good historical analysis )
 http://www.manageengine.com/products/netflow/
0
 
jackdaniel_chinaAuthor Commented:
thanks for your help!
I am in a little hury so let me see

I am running IOS Version 12.2(8)T5 ( that it supose to be supported)
problem 1
I could not use the configuration tool.
I have snmp-server communite test RW

problem 2
I set ip flow by hand as below but the analyzer cannot get it.

interface FastEthernet0/1
 ip address 192.168.5.2 255.255.255.248
 ip route-cache flow
 duplex auto
 speed auto
!
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as
ip flow-export destination 192.168.181.78 2055

looks like it's exporting it..
Flow export is enabled
  Exporting flows to 192.168.181.78 (2055)
  Exporting using source interface FastEthernet0/1
  Version 5 flow records, peer-as
  358 flows exported in 51 udp datagrams
  0 flows failed due to lack of export packet
  1 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

anythinkg I am missing?
thanks

0
 
ludo_friendCommented:
the only difference is that on my interfaces I'm monitoring I have...
ip fow ingress
ip flow egress

other that that - you don't have a personal firewall or anything running on the pc which is collecting the flows?
0
 
jackdaniel_chinaAuthor Commented:
I do have a Kaspersky firewall, but I disabled it already and I keep the same results.
for configuration tool I get
The device you specified does not allow the configuration of netflow support, ports... through SNMP

on the Analyzer
I can see the fraffic in and out but at Sending NetFlow is null
If I try to start it I get:
neflow is not detected onthe selected interface
please select another or configure the interface to send netlflow....

thanks :)
0
 
jackdaniel_chinaAuthor Commented:
Hi
I took out the options and seems it's capturing now.
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as

but I stll cannot configure it by the configuration tool, only by hand!
thanks for your help!!!
get back later!
trying to read the reports now!
cheers
0
 
equarandoCommented:
Why not use NBAR to look at whats going on, then based on what NBAR see's implement some QoS.

to enabble nbar
router(conf-if)#ip nbar protocol-discovery

and to view what it see's
router#sh ip nbar protocol-discovery

then based on what protocols you see using up your link.

1.Create some traffic classes (based on your needs)
2. Mark IP precedence on the incoming policy map for the inside interface (LAN)
3. then on the outside policy map set which IP precedence levels go in what queue
0
 
jackdaniel_chinaAuthor Commented:
Thanks for you idea!
I do not have any router for testing now, all are production routers do do many tests

I tried to enable it and I got CEF switching is required for NBAR 'protocol-discovery' command

do you have an example of it's exit?

thank you
0
 
jackdaniel_chinaAuthor Commented:
ok, going back to the NetFlow Analyzer.

I am first trying to analyze witch hosts is using more the link to check what's going on....

but for some reasons on Endpoints the ips are "a littel strange"
example
the top outbound ip is 140.173.192.168 (it's not in our internal ip range)
actually all top 5 are not...

any idea?
0
 
equarandoCommented:
Use the "ip cef" cmd to enable it globally in global config mode
0
 
jackdaniel_chinaAuthor Commented:
HI Equarando, it works, thank you
I also need to find out the hosts that are the top ones in utilization of the links.
thanks
0
 
RPPreacherCommented:
Are you NATting before the router?  Maybe a PIX or some other firewall?
0
 
equarandoCommented:
No prob, I dont think NBAR will be able to tell you what hosts are using up most of your link, but this will resolve any congestion problems.
0
 
jackdaniel_chinaAuthor Commented:
Hi RPPreacher:
no, there is no NAT.
thank you!!!
0
 
RPPreacherCommented:
Drop the peer-as option
0
 
jackdaniel_chinaAuthor Commented:
I took it out already! thank you

this is my current configuration...
interface Serial0/0
 ip address 192.168.4.1 255.255.255.252
 ip route-cache flow
 down-when-looped
 ip rtp header-compression
 ip rtp compression-connections 30

!
ip flow-export destination 192.168.181.78 2055
ip classless

I can get the information but just looks like it changes some ip sources... I am still looking on it..
example...
192.168.185.108 xxxx
185.108.192.168 xxxx ( THIS ONE DOES NOT EXISTS AND LOOKS TO BE SAME AS ABOVE)

thanks a lot for the tip, it's helping me a lot already!
I am also looking on the suggestion on having some access list but I am not very familiar with it yet in cisco routers and since I do not have a router to test need to plan well before doing it.

get back soon!
cheers
0
 
RPPreacherCommented:
did you specific version 5?

ip flow-export version 5

Maybe something is wacky with the real time netflow analyzer...

Try looking at the flow with scrutinizer
http://www.plixer.com/products/free-netflow.php
0
 
jackdaniel_chinaAuthor Commented:
Hi
I had but I took out before when I could not get the info from netflow in my computer.
do you suggest to try to put it back?
thank you
I am downloading the other software to check!
cheers
0
 
jackdaniel_chinaAuthor Commented:
the scrutinize looks very good!

I am using both now to compare the products.
now my reports are normal, I mean the ips are coming correctly.
thanks
0
 
RPPreacherCommented:
Cool.   Anything else before accepting solution?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

  • 11
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now