Solved

Cisco 2600 Monitoring tools

Posted on 2009-05-19
22
510 Views
Last Modified: 2012-05-07
Hi Guys
I have a dedicated link between 2 points. The link recently is reaching his limit 4MB.
I need to identify what is using it (email, http, etc.) by protocol.
also I need to identify the hosts that are using it most.
I would like your suggestion for a free tool to monitor cisco 2600 with below features:
1) protocol utilization -
2) utilization by host
3) email alerts if possible.

currently I am using MRTG to monitor the bandwith utilization only.
0
Comment
Question by:jackdaniel_china
  • 11
  • 6
  • 3
  • +1
22 Comments
 
LVL 20

Accepted Solution

by:
RPPreacher earned 500 total points
Comment Utility
Enable netflow on the router
Use the free netflow monitor here
http://www.solarwinds.com/products/freetools/netflow_analyzer.aspx
0
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
0
 

Author Comment

by:jackdaniel_china
Comment Utility
Thank youI
am downloading them now...get back to you ASAP.
thanks
0
 
LVL 8

Expert Comment

by:ludo_friend
Comment Utility
rppreacher is right, solarwinds free netflow suite is very good,
also have a look at thier ip-sla tool.

I run manageengine netflow analyzer which I swear by (not free though), very good working out what your connection is doing both now, and two days ago (provides very good historical analysis )
 http://www.manageengine.com/products/netflow/
0
 

Author Comment

by:jackdaniel_china
Comment Utility
thanks for your help!
I am in a little hury so let me see

I am running IOS Version 12.2(8)T5 ( that it supose to be supported)
problem 1
I could not use the configuration tool.
I have snmp-server communite test RW

problem 2
I set ip flow by hand as below but the analyzer cannot get it.

interface FastEthernet0/1
 ip address 192.168.5.2 255.255.255.248
 ip route-cache flow
 duplex auto
 speed auto
!
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as
ip flow-export destination 192.168.181.78 2055

looks like it's exporting it..
Flow export is enabled
  Exporting flows to 192.168.181.78 (2055)
  Exporting using source interface FastEthernet0/1
  Version 5 flow records, peer-as
  358 flows exported in 51 udp datagrams
  0 flows failed due to lack of export packet
  1 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

anythinkg I am missing?
thanks

0
 
LVL 8

Expert Comment

by:ludo_friend
Comment Utility
the only difference is that on my interfaces I'm monitoring I have...
ip fow ingress
ip flow egress

other that that - you don't have a personal firewall or anything running on the pc which is collecting the flows?
0
 

Author Comment

by:jackdaniel_china
Comment Utility
I do have a Kaspersky firewall, but I disabled it already and I keep the same results.
for configuration tool I get
The device you specified does not allow the configuration of netflow support, ports... through SNMP

on the Analyzer
I can see the fraffic in and out but at Sending NetFlow is null
If I try to start it I get:
neflow is not detected onthe selected interface
please select another or configure the interface to send netlflow....

thanks :)
0
 

Author Comment

by:jackdaniel_china
Comment Utility
Hi
I took out the options and seems it's capturing now.
ip flow-export source FastEthernet0/1
ip flow-export version 5 peer-as

but I stll cannot configure it by the configuration tool, only by hand!
thanks for your help!!!
get back later!
trying to read the reports now!
cheers
0
 
LVL 1

Expert Comment

by:equarando
Comment Utility
Why not use NBAR to look at whats going on, then based on what NBAR see's implement some QoS.

to enabble nbar
router(conf-if)#ip nbar protocol-discovery

and to view what it see's
router#sh ip nbar protocol-discovery

then based on what protocols you see using up your link.

1.Create some traffic classes (based on your needs)
2. Mark IP precedence on the incoming policy map for the inside interface (LAN)
3. then on the outside policy map set which IP precedence levels go in what queue
0
 

Author Comment

by:jackdaniel_china
Comment Utility
Thanks for you idea!
I do not have any router for testing now, all are production routers do do many tests

I tried to enable it and I got CEF switching is required for NBAR 'protocol-discovery' command

do you have an example of it's exit?

thank you
0
 

Author Comment

by:jackdaniel_china
Comment Utility
ok, going back to the NetFlow Analyzer.

I am first trying to analyze witch hosts is using more the link to check what's going on....

but for some reasons on Endpoints the ips are "a littel strange"
example
the top outbound ip is 140.173.192.168 (it's not in our internal ip range)
actually all top 5 are not...

any idea?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Expert Comment

by:equarando
Comment Utility
Use the "ip cef" cmd to enable it globally in global config mode
0
 

Author Comment

by:jackdaniel_china
Comment Utility
HI Equarando, it works, thank you
I also need to find out the hosts that are the top ones in utilization of the links.
thanks
0
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
Are you NATting before the router?  Maybe a PIX or some other firewall?
0
 
LVL 1

Expert Comment

by:equarando
Comment Utility
No prob, I dont think NBAR will be able to tell you what hosts are using up most of your link, but this will resolve any congestion problems.
0
 

Author Comment

by:jackdaniel_china
Comment Utility
Hi RPPreacher:
no, there is no NAT.
thank you!!!
0
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
Drop the peer-as option
0
 

Author Comment

by:jackdaniel_china
Comment Utility
I took it out already! thank you

this is my current configuration...
interface Serial0/0
 ip address 192.168.4.1 255.255.255.252
 ip route-cache flow
 down-when-looped
 ip rtp header-compression
 ip rtp compression-connections 30

!
ip flow-export destination 192.168.181.78 2055
ip classless

I can get the information but just looks like it changes some ip sources... I am still looking on it..
example...
192.168.185.108 xxxx
185.108.192.168 xxxx ( THIS ONE DOES NOT EXISTS AND LOOKS TO BE SAME AS ABOVE)

thanks a lot for the tip, it's helping me a lot already!
I am also looking on the suggestion on having some access list but I am not very familiar with it yet in cisco routers and since I do not have a router to test need to plan well before doing it.

get back soon!
cheers
0
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
did you specific version 5?

ip flow-export version 5

Maybe something is wacky with the real time netflow analyzer...

Try looking at the flow with scrutinizer
http://www.plixer.com/products/free-netflow.php
0
 

Author Comment

by:jackdaniel_china
Comment Utility
Hi
I had but I took out before when I could not get the info from netflow in my computer.
do you suggest to try to put it back?
thank you
I am downloading the other software to check!
cheers
0
 

Author Comment

by:jackdaniel_china
Comment Utility
the scrutinize looks very good!

I am using both now to compare the products.
now my reports are normal, I mean the ips are coming correctly.
thanks
0
 
LVL 20

Expert Comment

by:RPPreacher
Comment Utility
Cool.   Anything else before accepting solution?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now