Cisco NAM 2000 Series Appliances

Cisco NAM 2200 Series Appliances with Software 5.0 Q and A Item

  • Viewing Options

  • PDF (367.6 KB)
  • Feedback


Q.   What are the Cisco ® NAM 2200 Series Appliances?
A.    The Cisco NAM 2200 Series Appliances provide comprehensive network and application visibility that empowers network administrators to optimize network resources, troubleshoot performance issues, and help ensure a consistent end-user experience. An extension of the Cisco Network Analysis Module (NAM) blades, the Cisco NAM 2200 Series Appliances offer next-generation performance, superior scalability, and maximum deployment flexibility, providing consistent performance visibility throughout the Cisco Borderless Network.
The design of the Cisco NAM 2200 Series Appliances is founded on the Cisco Common Appliance Model, Cisco’s computing-optimized platform, and includes purpose-built hardware to maximize packet processing in high-speed networking environments. The results are robust appliances that provide granular traffic analysis, rich application performance measurements, exceptional voice quality of experience monitoring, and deep insightful packet captures.
The Cisco NAM 2200 Series Appliances with Software 5.0 comes with a next generation web-based graphical user interface (GUI) that includes prepackaged reports, workflows, and contextual navigation to expedite problem resolution and optimization decisions. It also comes with a new Performance Database that preserves historical data, allowing you to understand what happened in the past when an event that affected network performance occurred. Other NAM Software 5.0 innovations are highlighted in the NAM Software 5.0 section of this document.
Q.   How many models of Cisco NAM 2200 Series Appliances are available? Can you describe them?
A.    Cisco offers two Cisco NAM 2200 Series Appliances: the Cisco NAM 2220 Appliance and the Cisco NAM 2204 Appliance. The Cisco NAM 2220 Appliance includes two 10 Gigabit Ethernet monitoring interfaces and six 146 GB Serial Attached SCSI (SAS) hard disk drives with RAID for multiservices monitoring in high-speed, high-density environments. The Cisco NAM 2220 comes with an option for redundant power. To extend uptime, both the hard disk drives and the power supplies are hot-swappable. The Cisco NAM 2204 includes four 1 Gigabit Ethernet monitoring interfaces and two 250 GB Serial Advanced Technology Attachment (SATA) hard disk drives to meet diverse performance analysis needs in scalable multigigabit switching and routing environments. The Cisco NAM 2204 is available in two models depending on the interface connection type: the NAM2204-RJ45 (copper connection) and the NAM2204-SFP (optical connection).
Q.   What are the key features and benefits of the Cisco NAM 2200 Series Appliances?
A.    The key features and benefits of the Cisco NAM 2200 Series Appliances are provided in Table 1.

Table 1.       Key Features and Benefits of the Cisco NAM 2200 Series Appliances



Intelligent application performance (IAP) metrics

Analyze transaction-aware analytics to help characterize the end-user experience and isolate application response time problems to the network, server, or the application itself.

Comprehensive voice quality monitoring

View Mean Opinion Score (MOS) along with key performance metrics for each Real Time Protocol (RTP) stream. In addition, NAM monitors response time for TCP-based signaling protocols. Combined voice quality monitoring and real-time troubleshooting help ensure delivery of committed service levels to the end user.

Historical analysis

Supports historical data analysis to accelerate problem resolution, advance optimization and capacity planning decisions.

Visibility into WAN-optimized networks

Obtain end-to-end proof points demonstrating how Cisco Wide Area Application Services (WAAS) has improved application delivery. NAM reports on application response time, WAN bandwidth usage, LAN/WAN data throughput, and many other metrics to help ensure effective use of Cisco WAAS.

Monitoring virtual machine (VM) network traffic

Extend operational visibility to the virtual switching layer with Cisco Nexus 1000V switch deployments. Gain insight into VM-to-VM interactions, virtual network traffic behavior, and virtual interface statistics. Monitors the VMs uninterrupted by VM migration.

Granular flow- and packet-based traffic analytics

View short- and long-term performance data on hosts, conversations, and applications that use critical network resources.

LAN and WAN monitoring in one solution

Gain visibility into traffic from local and remote switches and routers for comprehensive traffic monitoring.

Web-based captures for deep, insightful data analysis

Capture the packets to help resolve acute problems before they affect users. Perform captures using a web browser from any desktop, and view packet capture decodes through the Traffic Analyzer GUI while the data is still being captured. Quickly pinpoint and resolve problem areas using trigger-based captures, decodes, filters, and packet capture error scan.

Visibility into Virtual Switch System (VSS) deployments

Monitor both virtual switches in VSS environments, reducing management overhead while improving operational efficiency.

Pre- and postdeployment metrics

Glean valuable before and after traffic analytics to help plan for and verify changes in network resources, such as introducing new applications, establishing quality of service (QoS) policies, consolidating servers, and deploying voice over IP (VoIP).

Secure solution

Use TACACS+, Secure Sockets Layer (SSL), and Secure Shell (SSH) Protocol - based security.

Standards-based northbound interface

Ease NAM configuration and export of computed NAM data using standards-based APIs (REST/XML for configuration, NetFlow Version 9 for data export). Facilitates integration with customer in-house managed applications or third-party reporting application of choice.

Anytime, anywhere access

Access the embedded Traffic Analyzer web interface from any desktop, eliminating the need to send personnel to remote sites or haul large amounts of data over WAN links to the central site.

Deployment flexibility

Cisco NAM can be deployed in blade form factor in Cisco Catalyst® 6500 Series Switches, Cisco 7600 Series Routers, and Cisco Integrated Services Routers, as multigigabit appliances with platforms such as the Catalyst 4500, Nexus 7000 switches, and as virtual service blades residing directly on WAAS devices or on the Nexus 1010 Virtual Service Appliance. The complement of physical and virtual blades and of appliances allows NAM instrumentation to be broadly deployed in the network for comprehensive performance monitoring.

Q.   What are the business benefits of deploying Cisco NAM 2200 Series Appliances?
A.    Table 2 provides an overview of the business benefits that the NAMs offer.

Table 2.       Business Benefits of Deploying Cisco NAMs



Improve operational efficiency with faster problem resolution and greater productivity

  Rapid problem isolation with prepackaged reports, visual correlation, contextual navigation, and one-click packet captures
  Packet Capture Error Scan feature highlights observed protocol/packet level anomalies, accelerating complex root-cause analysis
  Combined packet and flow analysis reduces time to noteworthy and actionable information to expedite troubleshooting
  Remote management eliminates the need to travel to remote sites

Enhance service levels with consistent application performance visibility across the network

  Accurate characterization of performance with advanced analytics for voice and TCP applications
  Consistent application recognition using new application classification architecture
  Improved end-user experience with effective use of control and optimization techniques such as QoS and Cisco WAAS
  Preemption of performance issues with threshold-based proactive alerts reduces downtime and failures

Reduce total cost of ownership

  Integrated with Cisco platforms, NAM delivers reduced network footprint, lower operational cost, and simplified manageability
  NAM form factors offer cost-effective options and deployment flexibility to address location-specific network instrumentation needs
  Open standards-based API preserves investment in existing management assets
Q.   What are the primary differences between the Cisco NAM 2220 Appliance and the Cisco NAM 2204 Appliance?
A.    The NAM 2220 and the NAM 2204 share a similar hardware foundation and the same software application, but differ in the following important ways:

   The NAM 2220 includes a more powerful processor and a faster packet-processing engine that provides more than four times the monitoring performance of the NAM 2204.

   The NAM 2220 includes higher density storage commensurate with its higher monitoring performance. Two of the NAM 2220’s six SAS drives support RAID 1 to minimize downtime. The other four support RAID 0 to improve the speed at which capture data are written to the drives.

   The NAM 2220 includes an option for a redundant power supply. When a redundant power supply is available, the unit will continue to operate should a power supply fail. The failed power supply can then be replaced without having to power down the unit.

   The NAM 2220 supports up to two 10 Gigabit Ethernet optical connections. The NAM 2204 supports up to four each of either 10/100/1000 RJ-45 connections or 1 Gigabit Ethernet optical connection.

   The form factor of the NAM 2220 is two rack units (RUs); the NAM 2204 is one RU.

   As a result of the NAM 2220’s higher monitoring performance, it offers higher scalability, supporting the monitoring of a larger number of conversations, Real Time Protocol (RTP) streams, WAAS connections, NetFlow records, and so on.

Q.   Is the Cisco NAM 2204 upgradeable to the Cisco NAM 2220?
A.    No. The NAM 2204 and the NAM 2220 have fixed configurations and cannot be transformed from one version to the other.
Q.   What is the Cisco NAM Traffic Analyzer?
A.    The Cisco NAM includes the embedded Traffic Analyzer application, which offers an intuitive, web-based GUI with prepackaged reports, workflows, and contextual navigation to expedite problem resolution and optimization decisions. It provides quick access to the configuration menus and interactive reports on the performance of voice, video, and TCP-based traffic. In addition, the Traffic Analyzer application hosts an embedded web server that enables remote access from anywhere so that network performance can be viewed, managed, and improved at any time, eliminating the need to travel to remote sites or haul large amounts of data over WAN links to a central site.
Q.   Where can the Cisco NAM 2200 Series Appliances be deployed in the network?
A.    The Cisco NAM 2200 Series Appliances are dedicated performance monitoring instrumentation and connect to the Switched Port Analyzer (SPAN) ports of a switch using copper or fiber optical interface modules. They can also connect to critical network links using third-party passive inline taps. They can be deployed in multiple places in the network and complement Cisco NAM blades to provide extensive network visibility. The Cisco NAM Appliances can be deployed at LAN aggregation points, for example, in the campus core and distribution layers, for always-on performance management; at services points, for example, in data centers or at Cisco Unified Communications Manager clusters in IP telephony networks, where assuring application delivery is critical; and in important access points, close to servers, key clients, in IP phone closets, where traffic monitoring is essential. They can also be deployed at WAN edges.

Latest Release: NAM Software 5.0

Q.   What key innovations does NAM Software 5.0 offer?
A.    The key Cisco NAM Software 5.0 innovations are described in Table 3.

Table 3.       New Features in Cisco NAM Software 5.0



Reinspired user experience

NAM software 5.0 introduces a next-generation GUI that helps accelerate troubleshooting and optimization decisions by providing access to critical information at your fingertips. It offers preconfigured dashboards to give you a comprehensive graphical overview of network performance. It also includes prepackaged interactive reports with helpful features such as contextual navigation, advanced filters, and one-click packet captures. The new GUI reduces not only the time it takes to solve problems, but also the time it takes to learn the product, giving you more time to spend on advancing new business initiatives.

Flexible site-based monitoring

This feature allows you to view network and application performance by logical groupings or sites that you can create to mirror your network topology. For example, you can create sites by geographic locations, departments, or even managed customer networks and view performance data on a per site basis making it easier to obtain both a global and local view of how your applications are performing.

Historical analysis with embedded Performance Database

The Cisco NAM’s Performance Database stores computed data so you can go back to the past to troubleshoot unanticipated performance issues or to analyze optimization needs.

Prepackaged analysis workflows

Prepackaged workflows help streamline and accelerate problem resolution. Not only do workflows improve the operational efficiency, they also provide you with actionable visibility to validate and improve optimization decisions.

NetFlow and packet data analysis in one box

NetFlow and packet data complement each other to provide a powerful monitoring solution, all in one box. With expanded NetFlow reporting capabilities, you can obtain an extensive view of the traffic to see who is using your network, what applications they’re using, and how much bandwidth is being consumed. Pinpointing traffic of interest, you can use packet-based data to perform a “deeper dive” to quickly spot and address issues that affect performance.

NBAR-based application recognition

The Cisco NAM now supports standardized application identifiers generated by Network-based Application Recognition (NBAR) to help deliver consistency to application recognition across the network.

Packet Capture Error Scan

The Packet Capture Error Scan feature automatically highlights packet-level anomalies to accelerate root-cause analysis and avoid having manually to inspect the packet data to find the “needle in the haystack.”

NetFlow Version 9 Data Export

By exporting analytics in a standardized format, this new capability allows you to use computed NAM data to feed in-house or third-party reporting applications that you already own, building up additional value and building out existing investments.

Q.   When is NAM Software 5.0 available?
A.    Starting in late January 2011, current Cisco NAM customers can download Cisco NAM Software 5.0 from the Software Center at no charge using their Cisco SMARTnet ® contract access privileges. NAM Software 5.0 is available in February 2011 as part of NAM blade orders.
Q.   Which NAM hardware platforms support NAM Software 5.0?
A.    NAM Software 5.0 is supported on the hardware platforms listed in Table 4. All of the platforms in the list include a minimum of 1 GB memory. NAM Software 5.0 requires that the platform include this minimum. In addition, the platforms marked by an asterisk (*) include memory configurations above the 1 GB minimum. These memory configurations optimize NAM Software 5.0 performance.

Table 4.       NAM Hardware Platforms Supported with NAM Software 5.0

Hardware Part Number



Cisco NAM 2200 Series Appliances




Cisco Catalyst 6500 Series and Cisco 7600 Series NAM-1



Cisco Catalyst 6500 Series and Cisco 7600 Series NAM-2




Cisco Branch Routers Series NAM

Q.   If the NAM platform that I have is not supported, what options exist to allow me to use NAM Software 5.0?
A.    As indicated in the answer above, NAM Software 5.0 is supported on NAM hardware platforms that include at least 1 GB of memory. If you have either of the two end-of-sale NAM hardware platforms indicated below that include less than 1 GB of memory, Cisco recommends the following:

   For WS-SVC-NAM-1 (Cisco Catalyst 6500 Series NAM-1): Consider upgrading the memory to 2 GB by purchasing the field-installable Cisco Catalyst 6500 Series NAM-1 and NAM-2 Memory Upgrade Kit, MEM-C6KNAM-2GB=.

   For NME-NAM-80S (Cisco Branch Routers Series NAM): Consider taking advantage of the Cisco Technical Migration Program (CTMP) to trade-in your NME-NAM-80S NAM for a NME-NAM-120S NAM and protect your existing investment. The -120S NAM platform, which replaces the -80S, is available on supported Cisco ISR and ISR G2 routers.

Q.   How do the NAM Software 5.0 features benefit Cisco NAM 2200 Series Appliances users?
A.    NAM Software 5.0 helps enable you to get critical network information at your fingertips. Whether you are responding to a help desk call on slow application performance, understanding application performance or traffic behavior before and after deploying technologies such as Cisco Wide Area Application Services (WAAS) or Cisco Catalyst 6500 Virtual Switching System (VSS), or learning whether application performance has also made the leap with your migration from physical servers to virtual machines, it accelerates performance troubleshooting process and network resource optimization decisions for cost-effective service delivery. The Cisco Catalyst 6500 NAM users can take advantage of all the new features listed in Table 3.
Q.   Will I be able to perform a software upgrade from NAM 4.x to NAM Software 5.0 or do I need to freshly install NAM Software 5.0?
A.    NAM Software 5.0 introduces a new embedded performance database and a new internal data schema. As a result, a fresh install is needed.
Q.   Will I lose any data when I migrate from NAM 4.x to NAM Software 5.0?
A.    Since NAM software 5.0 introduces a new “backend”, installing NAM Software 5.0 will result in loss of data and configuration settings. The configuration settings can be exported prior to upgrade and reimported after the upgrade to minimize the loss. The “config upload” and “config network” commands to perform these tasks are documented in the command reference guide. Note that some of the configuration settings are no longer applicable.

Technical Overview

Q.   How does the Cisco NAM with Software 5.0 work?
A.    The Cisco NAM collects packets or flows (NetFlow Data Export [NDE]) being sent to it from the switch or router. The NAM parses the packets, gathers relevant data, and stores processed information in the Performance Database. This database provides valuable traffic information on voice, video, and data traffic, VLANs, Differentiated Services (DiffServ) configurations, hosts, conversation pairs, application usage, and application response times. This information is presented in the NAM’s Traffic Analyzer GUI in easy-to-read interactive reports.
The packets that the Cisco NAM collects are defined by the user’s selecting one or more data sources. Data sources, which are features of the switch, router, or WAAS device, are described in Table 5. The Cisco NAM has independent backplane interfaces to collect SPAN/VACL traffic and NDE/WAAS/ERSPAN.

Table 5.       Cisco Catalyst 6500 Series and Cisco 7600 Series NAM Traffic Sources

Traffic Source


SPAN, Remote SPAN (RSPAN), and Encapsulated RSPAN (ERSPAN)

Using the SPAN, RSPAN, and ERSPAN capabilities of Cisco Catalyst 6500 Series Switches, traffic from ports, VLANs, and EtherChannel links can be mirrored to the NAM. The NAM collects statistics on all layers of network traffic spanned to it. RSPAN allows traffic to be collected from other RSPAN-enabled devices in the same VLAN Trunk Protocol (VTP) domain. ERSPAN allows traffic to be sent to the NAM using generic routing encapsulation (GRE) tunnels from a Layer 3 network.


The NAM uses VACLs to capture or “filter” selected VLANs and WAN traffic (on Cisco IOS® devices only) to the NAM ports. Additional filtering rules can also be applied to target specific data flows. The NAM must be specified as the capture destination for VACL entries when configuring the local supervisor.


NetFlow Data Export records offer an aggregate view of the network traffic. When enabled on the switch, the NetFlow data source becomes available on the Cisco NAM without the need to create any SPAN sessions. In addition, the NAM can receive NDE from remote devices for analysis.


The NAM uses the built-in instrumentation on WAAS to gather information about the optimized and pass-through traffic to provide end-to-end application performance visibility in a Cisco WAAS environment. The information allows NAM to measure application response time, transaction time, bandwidth usage, and LAN/WAN data throughput to accurately quantify the impact of Cisco WAAS optimizations.

Q.   How does the Cisco NAM with Software 5.0 use NetFlow?
A.    The Cisco NAM supports monitoring of both packet- and NetFlow-based traffic sources using independent backplane interfaces. These two data sources complement each other to provide a powerful and comprehensive monitoring solution. NetFlow can be used to gain an extensive view of the traffic to analyze who is using your network, what applications they’re using, and how much bandwidth is being consumed. It can be combined with deeper investigation using packet analysis using traffic sources such as SPAN, VACL, ERSPAN, or RSPAN. Also, NetFlow can be used to obtain visibility into traffic where SPAN is not available (for example, WAN interfaces, remote router interfaces, and so on).
NetFlow can be enabled on interfaces of local or remote devices and sent to the NAM for analysis. As a consumer, the NAM can receive NetFlow packets on its management port from devices such as Cisco routers and switches. Those records are stored in its performance database as if that traffic had appeared on one of the NAM data ports. The NAM understands NetFlow versions 1, 5, 6, 7, 8, and 9. Incoming NetFlow data is parsed by the NAM, stored in its internal database, and presented in the GUI in the same way as traffic from other data sources.
Some network devices have more than one “engine” that is capable of independently exporting NetFlow. Depending upon features of the device, flows can be exported from multiple flow caches in the hardware and/or software. For example, supervisor and line cards may be able to independently export flows from their local caches. By default, NAM Software 5.0 will automatically create independent data sources for each engine exporting NetFlow records to NAM.
Q.   How do the Cisco NAM Appliances gain visibility into traffic from more than one switch or router?
A.    There are multiple ways to gain visibility into traffic from more than one device with the Cisco NAM Appliances:

   The NAM Appliances include more than one monitoring interface, which allow them to collect traffic from more than one device.

   The NAM Appliances can be used with a passive inline tap to monitor traffic from/between multiple devices.

   The LAN or WAN traffic from other devices can be directed to the NAM Appliances for analysis using RSPAN, ERSPAN, or NDE.

Q.   How many monitoring ports do the Cisco NAM Appliances support?
A.    The NAM Appliances support the following number of monitoring ports:

   Up to two 10 Gigabit Ethernet monitoring ports on the NAM 2220

   Up to four 1 Gigabit Ethernet monitoring ports on the NAM 2204

Q.   What data sources are received on the monitoring ports? On the management port?
A.    The following data sources are received on the:

   Monitoring ports: SPAN, RSPAN, VACL capture, tap

   Management port: ERSPAN, NDE, WAAS Flow Agent

Q.   Is there a limit on the number of SPAN sessions that the NAM Appliances can support?
A.    The NAM 2204 Appliance has four physical monitoring interfaces and can monitor up to four switches using SPAN at one time. The NAM 2220 has two physical monitoring interfaces and can monitor up to two switches using SPAN at one time. Since the switch currently offers support for up to two SPAN sessions, the NAM 2204 can monitor one SPAN session each on four switches or two SPAN sessions each on two switches. The NAM 2220 can monitor one SPAN session each on two switches or two SPAN sessions each on one switch.
Q.   What are RAID 0 and RAID 1, and how do the appliances use RAID?
A.    RAID, which stands for Redundant Array of Independent Disks, is a technology that employs the simultaneous use of two or more hard disk drives to achieve greater levels of performance, reliability, or larger data volume sizes. Redundancy is a way that extra data is written across the array, which is organized so that the failure of one disk (or sometimes more) in the array will not result in loss of data. A failed disk may be replaced by a new one, and the data on it reconstructed from the remaining data and the extra data. A redundant array allows less data to be stored. There are various combinations of these approaches giving different trade-offs of protection against data loss, capacity, and speed. RAID levels 0, 1, and 5 are the most commonly found, and cover most requirements. RAID 0 (striped disks) distributes data across several disks in a way that gives improved speed and full capacity, but all data on all disks will be lost if any one disk fails. RAID 1 (mirrored disks) could be described as a real-time backup solution. Two (or more) disks each store exactly the same data, at the same time, and at all times. Data is not lost as long as one disk survives. Total capacity of the array is simply the capacity of one disk. At any given instant, each disk in the array is simply identical to every other disk in the array.
The NAM 2220 Appliance uses both RAID 0 and RAID 1. RAID 0 is used on the four drives that support the storage of packet capture data. RAID 1 is used on the two drives that store the NAM operating system and reports data. The NAM 2204 Appliance does not use RAID.
Q.   What is a managed device?
A.    Typically, performance monitoring appliances have little to no knowledge of the devices that they are monitoring. The NAM blade on the other hand, as integrated instrumentation, automatically exchanges information with the device hosting it to learn about that device. This simplifies a number of configuration and monitoring tasks and also allows the NAM blade to provide critical health information about the hosted device. To duplicate this experience with the NAM 2200 Series Appliances, the concept of a managed device has been introduced. The managed device concept permits the creation of a communications channel between one of the devices being monitored and the NAM appliance. When a device is specified as the managed device, various configuration and monitoring tasks, such as configuring SPAN using the NAM GUI, can be more readily implemented, thus improving the user experience.
Q.   What interface modules are supported for each NAM Appliances platform?
A.    The interface modules supported for each NAM Appliance platform are indicated in Table 6.

Table 6.       Supported Interface Modules

NAM Model

Monitoring Ports

Interface Modules Part Number


NAM 2220

Up to two


10 GE XFP 850 nm SR


10 GE XFP 1310 nm LR

NAM 2204-SFP

Up to four




GE SFP SX Transceiver


GE FP LX/LH Transceiver


Up to four


RJ45 10/100/1000

Q.   Can these interface modules be mixed?
A.    The interface modules can be mixed, but per platform only. For example, if a NAM2204-SFP is purchased, two GLC-Ts and two GLC-SX-MMs can also be purchased and will work with the NAM2204-SFP. However, if the same model is purchased and if two XFP-10GBASE-SRs are also purchased, these particular interface adapters will not work with this appliance model, although they’ll work with the NAM 2220 model.
Q.   Must I purchase the XFPs from Cisco or can I purchase them elsewhere?
A.    They can be purchased elsewhere, if desired. The qualified manufacturers of the XFPs are included in Appendix B of the Installation and Configuration Guide for the Cisco NAM 2220 Appliance at It should be noted that if the XFPs are purchased from any other source but Cisco, no Cisco SMARTnet support will be provided for maintenance on these items.
Q.   Can you provide more information on the use of a tap as a data source?
A.    Yes. A tap device can be used to obtain a copy of traffic flows between two network devices. Passive taps, such as optical tap devices, help ensure that the flowing traffic is not altered regardless of its connection to the NAM Appliance and provide a very low point of failure. Traffic flows will be interrupted while you connect a tap, but doing so should take less than a minute and can be done during a network maintenance window. NAM Appliances are designed to receive tapped network traffic from both directions and from multiple links simultaneously, and accurately merge received traffic into a single stream for high precision analysis.
Q.   What taps does Cisco recommend that I use with my NAM Appliances?
A.    Cisco has tested several taps that can be used with the NAM 2204 and NAM 2220 Appliances. These taps are identified in Appendix B of the Installation and Configuration Guide for the Cisco NAM 2204 Appliance and Appendix B of the Installation and Configuration Guide for the Cisco NAM 2220 Appliance. These documents can be found at and, respectively. Additional taps from the same vendors or taps from other vendors may also support the NAM Appliances, but they have not specifically been tested by Cisco.
Q.   Does the Cisco NAM require a separate NetFlow data collector for monitoring?
A.    No. The NAM collects and consumes NetFlow data for performance monitoring purposes.
Q.   How is the Cisco NAM Traffic Analyzer secured?
A.    The Cisco NAM Traffic Analyzer can be secured with up to 256-bit encryption. The NAM also supports role-based user authorization and authentication locally or using TACACS+.
Q.   Can multiple VLANs be spanned to the Cisco NAM?
A.    Yes. The NAM is fully compatible with the switch monitoring (SMON) MIB and supports the monitoring of multiple VLANs.
Q.   Does the NAM support Virtual Switch System (VSS) on the Catalyst 6500?
A.    Yes, all Catalyst 6500 NAMs and NAM Appliances support VSS.
Q.   Which NAM and Cisco IOS Software releases provide VSS support?
A.    On the Catalyst 6500 NAM-1 and NAM-2, VSS is supported in NAM 3.6.1a or later with Cisco IOS Software Release 12.2(33)SXH(1) or later. On the Catalyst 6500 NAM-1-250S and NAM-2-250S, VSS is supported in NAM 3.6.1b or later with Cisco IOS Software Release 12.2(33)SXH(1) or later. On the NAM Appliances, VSS is supported in NAM 4.0 or later with Cisco IOS Software Release 12.2(33)SXH(1) or later.
Q.   Are there specific capabilities that NAM provides in a VSS environment that are distinct from the capabilities provided in a non-VSS environment?
A.    Yes, there are three key differentiators:

   Monitoring port statistics on both switches using one NAM. The NAM can provide mini-RMON statistics on both switches and identifies these statistics by chassis, slot, and port. In this way, a complete view of Layer 2 traffic utilization can be obtained to assist in quickly identifying potential bottlenecks.

   Using SPAN on one NAM to obtain visibility into traffic on both virtual switches. Typically, RSPAN or NetFlow would need to be used to obtain visibility into the traffic running on an adjacent switch.

   Monitoring the health of both switches using a single NAM.

Q.   How is the NAM appliance connected to the switch/switches in a VSS environment?
A.    The NAM 2204 has four monitoring interfaces. One or more of these interfaces can be connected to one or more ports on each switch to provide full visibility. The NAM 2220 has two 10 Gigabit Ethernet monitoring interfaces. One of the two interfaces can be connected to a 10 Gigabit Ethernet port on each switch to analyze traffic from multiple VLANs/1 Gigabit Ethernet ports (spanned to the 10 Gigabit Ethernet port) in a VSS environment.
Q.   What device do the Cisco NAM 2200 Appliances monitor in the virtualized data center?
A.    The Cisco NAM Appliances can extend their visibility into the Cisco Nexus 1000V switch in the virtualized data center. The Cisco Nexus 1000V switch is a software switch on a server that delivers Cisco Virtual Network Link (VN-Link) services to VMs hosted on the server. This distributed switch has two major components: the Virtual Ethernet Module (VEM) and the Virtual Supervisor Module (VSM), which manages the VEMs. The Cisco Nexus 1000V can be configured to direct NetFlow Data Export from virtual or physical interfaces on the Nexus VEM to the Cisco NAM Appliances. Also, ERSPAN can be configured to enable the Cisco NAM Appliances to remotely monitor the traffic in the VM network.
Q.   What NAM data sources can be used to monitor traffic in the Cisco Nexus 1000V switch environment?
A.    As previewed in the answer above, the Cisco NAM Appliances can monitor the Cisco Nexus 1000V using ERSPAN and NetFlow data sources (for more information about these NAM data sources, please refer to Table 5 of this Q&A). ERSPAN can be configured on the Cisco Nexus 1000V to allow the Cisco NAM to obtain visibility into specific ports or VLANs. The data made available by ERSPAN permits the NAM to provide core traffic usage metrics (on applications, hosts, and conversations), IAP analytics, and QoS and VLAN monitoring statistics. NetFlow Data Export can be configured on select virtual and physical interfaces of the Cisco Nexus 1000V. The data made available by NetFlow permits the NAM to provide core traffic analytics and QoS monitoring statistics.
Q.   When would I purchase a Cisco NAM Appliance vs. a Cisco Nexus 1000V NAM Virtual Service Blade (VSB)?
A.    The Cisco NAM Appliance is a self-contained hardware device that provides visibility into both physical and virtual networks. It comes with a feature set and level of performance commensurate with providing high-performance monitoring and troubleshooting in the campus or data center. The Cisco Nexus 1000V NAM VSB is a software module integrated in the Cisco Nexus 1010 Virtual Service Appliance. The Cisco Nexus 1000V NAM VSB comes with a feature set and level of performance that is specifically targeted for monitoring and troubleshooting the Cisco Nexus 1000V environment. The Cisco NAM VSB is a perfect fit for customers who are deploying the Cisco Nexus 1010, offering both ease of deployment and investment value. Those customers who may want to monitor more than the Cisco Nexus 1000V environment, who require higher overall performance, and/or who perform extensive captures and decodes will want to consider a Cisco NAM Appliance.

Software Features

Q.   What is the REST/XML API and how does it help me?
A.    The NAM API provides a mechanism for provisioning and retrieving data from the NAM servers using an XML interface. The API utilizes Representational State Transfer (REST) methodology to execute requests (web services) over HTTP or HTTPS by sending the XML data to the API server. The REST XML interface is capable of configuring a subset of the software features through create, read, update, and delete operations mapped to a particular HTTP or HTTPS method. APIs are provided for sites, data sources, applications, application groups, actions, thresholds, packet captures, WAAS-monitored servers, system info, and NetFlow Data Export. The interface also allows you to create an outgoing stream of exported performance data from NAM as NetFlow records.
Q.   Is Simple Network Management Protocol Version 3 (SNMPv3) supported in NAM Software 5.0?
A.    With NAM Software 5.0, you have the ability to manage devices with SNMPv3. Note that for the WS-SVC-NAM-1 and WS-SVC-NAM-2 platforms, SNMPv3 is not required. SNMP requests and responses are communicated over an internal interface within the chassis, and SNMPv3 is not used.
Q.   How can I recognize and configure applications reported as unknown by NAM?
A.    NAM recognizes application on the basis of port number, port number range, or standardized application identifiers exported by Cisco platforms with NDE. If NAM is not able to recognize an application using any of these mechanisms, the application type of the traffic is reported as unknown. You can configure the application reported as unknown using the Application configuration table on the Traffic Analysis dashboard ( Analyze -> Traffic-Application). When selecting an “unknown” application, the table will list all protocol/port combinations that were not recognized by NAM and allow you to configure them as custom applications.
Q.   Can I define my own application or application groups?
A.    NAM identifies applications/protocols based on the TCP/UDP port number, thus if there are any applications using custom ports, the NAM can be configured to identify those applications by name instead of by port number(s). Custom applications can be defined combining a select protocol with port or port-range definitions. Custom application groups can be defined as a set of existing applications that can be monitored together. Please refer to the NAM Software 5.0 User Guide (Chapter 2) for instructions on how to create a custom application or application group.
Q.   How can I understand various response time metrics and how do they help me in troubleshooting application performance issues?
A.    Please refer to NAM software 5.0 User Guide (Chapter 3).
Q.   Why do I need custom filters for the interactive reports?
A.    Interactive reports use advanced filters to allow you to focus on information of interest and create a context for further analysis. For example, when analyzing application performance, you can create a filter to focus on a select site, application, time range, client, server or a combination of the foregoing, offering a powerful mechanism to isolate performance issues. In addition, the custom filters allow you to save a specific context for on-going analysis. Typically, this is valuable when watching a recurring performance issue. In such cases, you would create a custom filter having the appropriate filter attributes. When you select the custom filter, the interactive report will load the data as per the context defined in the custom filter.
Q.   When would I define a site using data sources or VLANs?
A.    NAM Software 5.0 introduces the concept of logical sites as collections of network endpoints. A site can be defined as a set of subnets specified by an address prefix and mask. In addition, sites can be defined using a remote device data source (such as a remote WAAS device, NDE from a remote network device) or VLANs. As examples, a site can be defined as a remote WAAS device representing the collection of endpoints for which an application is being optimized, or in case of managed service delivery, a site could be defined as a VLAN representing a customer’s premises. A combination of these mechanisms offers a granular way to define a site.
Q.   Can more than one user concurrently use NAM?
A.    Cisco NAM allows multiple users to access NAM concurrently. However, depending on what information the users are accessing, an increase in the number of concurrent users can result in a sub-optimal user experience in terms of interface response times.
Q.   Can packet captures be saved and, if so, where?
A.    Yes. The Cisco NAM offers two options to save capture data. Captures that have been stored in the NAM’s buffer can be saved to the NAM’s local hard drive for real-time analysis or analysis at a later date. In addition, captures can be saved directly to a remote network file server (NFS) or Small Computer System Interface over IP (iSCSI) - supported device. Saving captures on a remote storage device allows the user to capture very large amounts of raw data, which can then be analyzed remotely by NAM.
Q.   Can I trigger packet capture when a threshold is violated?
A.    Yes, Cisco NAM allows you to define “Trigger Capture” as one of the alarm actions to start or stop a predefined capture session.
Q.   How can I replicate my site definitions and application definitions across all my NAMs?
A.    The REST/XML API introduced with NAM Software 5.0 allows you to create, update and delete site definitions. It also allows you to retrieve all the site definitions from a given NAM. The functions allow you to replicate the site definitions programmatically across all the NAMs deployed in the network. Similar APIs exist for the definitions of applications and application groups.
Q.   Does the Cisco NAM perform historical traffic analysis?
A.    Yes, NAM Software 5.0 takes you back to the past to understand what happened when an event that affected network performance occurred. It supports historical data analysis to accelerate problem resolution, advance optimization and capacity planning decisions.
Q.   Does Cisco NAM support voice monitoring for Cisco VoIP deployments only?
A.    No. Cisco NAM monitors Real-Time Monitoring Protocol and thus, by extension, can provide reporting on any VoIP protocol that runs on top of RTP, a Layer 4 protocol.
Q.   Which VoIP signaling protocols does the Cisco NAM support?
A.    Cisco NAM supports a breadth of standards-based VoIP signaling protocols, namely, Skinny Client Control Protocol (SCCP), Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP), and H.323.
Q.   What are the key performance indicators for monitoring voice?
A.    Cisco NAM offers real-time voice quality monitoring using standards-based Mean Opinion Score (MOS) and key performance indicators such as jitter and packet loss. It calculates MOS based on ITU-T G.107 recommendations.
Q.   Can I identify the phones affected by voice quality degradation?
A.    Yes. Cisco NAM allows the administrator to pinpoint the individual RTP stream experiencing voice quality degradation. By correlating the RTP and signaling streams, Cisco NAM can report the phone numbers and alias for each endpoint.
Q.   What Cisco Unified Communications Management Solutions support NAM?
A.    The solutions are Cisco Unified Service Monitor and Cisco Unified Operations Manager.
Q.   How do Cisco Unified Service Monitor and Cisco Unified Operations Manager support NAM?
A.    Cisco Unified Service Monitor collects voice metrics from multiple NAMs to provide enterprisewide visibility into voice quality. Cisco Unified Service Monitor generates alerts on the voice quality degradation that is reported by Cisco Unified Operations Manager. Based on these alerts, Cisco Unified Operations Manager allows the user to navigate into NAM to glean near real-time views of both voice and network performance to perform rapid troubleshooting.
Q.   How does Cisco NAM support Cisco WAAS?
A.    Cisco NAM uses the built-in instrumentation of the Cisco Wide Area Application Engine devices as a data source to gather information on the optimized traffic to provide end-to-end application performance visibility in a Cisco WAAS environment. It measures application response time, transaction time, bandwidth usage, LAN/WAN data, and so on to provide end-to-end application performance metrics, accurately quantifying the impact of WAAS optimization and helping to validate ongoing optimization improvements. NAM is also able to identify the applications that would benefit the most from deploying Cisco WAAS. Analyzing response time data over a period of time, the administrator can identify the applications where optimization can result in a material increase in available bandwidth.

Third-Party Reporting

Q.   Does Cisco NAM include an API to allow third-party reporting applications to use NAM as a source of data?
A.    Yes, the Cisco NAM includes multiple mechanisms, such as NetFlow Version 9, SNMP, and comma-separated value (CSV)/HTTP to enable third-party reporting applications to collect data for networkwide reporting, trending, baselining, and capacity planning. The API allows you to use computed NAM data to feed in-house or third-party reporting applications that you already own, building up additional value and building out existing investments. NAM Software 5.0 introduces an XML/REST-based API for NAM configuration and NetFlow Version 9 as a flexible and standard mechanism for data export.
Q.   How can a third party apply for approval to use the Cisco NAM API for integration?
A.    A third party can enroll in the Cisco Developer Network Program at During the enrollment process, the third party must select Network and Service Management as the solution technology and Cisco NAM as the network management product for integration. Once approved and the nondisclosure agreement (NDA) and NAM developer license agreement signed, the third party will receive the API for integration.
Q.   Are there currently third parties who have joined this program? How can a list of these vendors be obtained?
A.    Yes. Today, reporting applications from third parties such as NetQoS, Compuware, Infovista, and others offer support for NAM. These reporting applications complement the NAM by using its rich metrics to build end-to-end views of application usage and performance and also to streamline the number of collection points in the network. A list of third parties supporting NAM can be found at, under Find a Partner, Network and Services Management, and Network Management Services Modules.


Q.   What are the part numbers for the Cisco NAM Appliances?
A.    Table 7 lists the part numbers for the NAM Appliances.

Table 7.       Cisco NAM 2200 Series NAM Appliances Part Numbers

Part Number

Cisco NAM 2204-RJ45 Appliance


Cisco NAM 2204 Appliance, four 1 Gigabit Ethernet, RJ-45


Cisco NAM Software 5.0 with Recovery CD


Rail Kit Four Post Spare


Rail Kit Two Post Spare

Part Number

Cisco NAM 2204-SFP Appliance


Cisco NAM 2204 Appliance, four 1 Gigabit Ethernet, SFP


1000BASE-T SFP (Spare)


GE SFP, LC Connector SX Transceiver (Spare)


GE SFP, LC Connector LX/LH Transceiver (Spare)


Cisco NAM Software 5.0 with Recovery CD


Rail Kit Four Post Spare


Rail Kit Two Post Spare

Part Number

Cisco NAM 2220 Appliance


Cisco NAM 2220 Appliance, two 10 Gigabit Ethernet


Hard Disk Drive, six 146 GB




AC Power Supply (Spare)


XFP, 10 Gigabit Ethernet, Short Range (Spare)


XFP, 10 Gigabit Ethernet, Long Range (Spare)


Cisco NAM Software 5.0 with Recovery CD


Rail Kit Four Post Spare


Rail Kit Two Post Spare

Q.   How can the Cisco NAM Traffic Analyzer software be obtained?
A.    The NAM software can be obtained in one of two ways. To obtain the latest NAM software with your new hardware order, order NAM-APPL-SW-5.0 when ordering the NAM Appliance. The software will then be delivered preloaded on the hardware. If you already own the hardware, download the latest software from the Software Center using your SMARTnet access privileges.
Q.   Must Cisco NAM software be downloaded from the Software Center when first deploying a Cisco NAM 2200 Series Appliance?
A.    No. Cisco NAM comes with the latest NAM Software release. There is no need to download the software when first deploying the Cisco NAM 2200 Series Appliance.
Q.   How do I obtain access to a new Cisco NAM software release?
A.    Customers who have purchased SMARTnet for their NAM are entitled to download new software releases from the Software Center.
Q.   Do the Cisco NAM Appliances have their own software image? Where can I find it?
A.    The Cisco NAM Appliances share a common software image that is loaded on the Cisco NAM during its manufacture. The images are also available in the Software Center on When new releases are available, the NAM can be upgraded using FTP. For details regarding compatibility, download location, and so on, visit
Q.   How is the Cisco NAM Traffic Analyzer application obtained? Is it included in the price of the NAM?
A.    The Cisco NAM Traffic Analyzer application is embedded in the NAM, and is included in the NAM’s price.
Q.   What is required to deploy the Cisco NAM Appliance solution?
A.    The following are required to deploy the NAM Appliance solution including the NAM Traffic Analyzer:

   A Cisco NAM 2220 or Cisco NAM 2204 Appliance

   NAM Software 4.2 or later

   Web browser running English Firefox 3.6+ or Microsoft Internet Explorer 8+ or later (Microsoft Internet Explorer 7 is not supported)

Additional Information

Q.   Are any components of the NAM Appliances field replaceable?
A.    The answer depends on the appliance model. For the NAM 2204 Appliances, the answer is no. If a NAM 2204 Appliance fails, the whole box must be replaced. Interface modules though are field replaceable. For the NAM 2220 Appliance, both the hard disk drive and the power supplies are field replaceable. For example, if a power supply fails, a new one will be shipped from the services depot for replacement assuming a valid SMARTnet services contract is in place. Interface modules supporting the NAM 2220 are also field replaceable.
Q.   Where is additional information about the Cisco NAM 2200 Series Appliance found?
A.    For more information about the NAM, visit or contact either your local account representative or the NAM product marketing group at