Guest

Cisco Prime Network Analysis Module (NAM) for ISR G2 SRE

SM-SRE Installation and Configuration Guide

  • Viewing Options

  • PDF (500.2 KB)
  • Feedback
Cisco SRE NAM 5.1 Installation and Configuration Note

Table Of Contents

Cisco SRE NAM 5.1 Installation and Configuration Note

Contents

Cisco SRE NAM Specifications

Supported External Software Interfaces

Supported Branch Routers

Supported Cisco SRE Service Modules

Before You Begin

NAM Software

Hardware Interfaces

Configuring the Cisco SRE Module Interface

Configuring the SRE Interface on the Router

Examples

Opening a Session

Closing a Session

Installing NAM Software

NAM Software Images

Types of NAM Software Upgrades

Installing Cisco SRE NAM Using IOS Commands

Before You Begin

Upgrading Cisco SRE NAM Using NAM CLI Commands

Using Helper to Install Cisco SRE NAM

Configuring the Cisco SRE NAM for Management

Configuring the Internal Interface for Management—IP Unnumbered

Configuring the Internal Interface for Management—Routable Subnet

Configuring the External Interface for Management

Disabling AAA Login Authentication on the NAM Console Line

Configuring Cisco SRE NAM For Network Connectivity

Prerequisites

Examples

What to Do Next

Configuring the NAM System Time with an NTP Server

Enabling NAM Packet Monitoring

Examples

What to Do Next

Enabling and Accessing the NAM Traffic Analyzer

Prerequisites

Examples

What to Do Next

Changing the NAM Root Password

Prerequisites

Examples

Troubleshooting Tips

Resetting the NAM Root Password to the Default Value

Troubleshooting Tips

What to Do Next

Opening and Closing a Telnet or SSH Session to the NAM

Prerequisites

Examples

Managing the Cisco SRE NAM

Shutting Down and Starting Up SRE NAM

Verifying System Status

Configuring Logging Options and Generating Diagnostics

Additional References

RFCs

Feature Information for Network Analysis Module

Glossary

Obtaining Documentation and Submitting a Service Request


Cisco SRE NAM 5.1 Installation and Configuration Note


Revised: March, 2011 OL-24407-01

The Cisco Prime Network Analysis Module (NAM) is an integrated software module that enables network managers to understand, manage, and improve how applications and services are delivered to end-users. The Cisco NAM offers flow-based traffic analysis of applications, hosts, and conversations, performance-based measurements on application, server, and network latency, quality of experience metrics for network-based services such as voice over IP (VoIP) and video, and problem analysis using deep, insightful packet captures. The Cisco NAM includes an embedded, web-based Traffic Analyzer GUI that provides quick access to the configuration menus and presents easy-to-read performance reports on Web, voice, and video traffic.

The Cisco Services Ready Engine (Cisco SRE) service module (SM) installed in one of the SM slots in a Cisco 2900 Series or Cisco 3900 Series Integrated Services Router Generation 2 (Cisco ISR G2) enables the router to host Cisco, third-party, and custom applications including Cisco IOS software.

This document contains information for installing and configuring Cisco NAM 5.1 on a Cisco SRE service module.

Contents

Cisco SRE NAM Specifications

Before You Begin

Configuring the Cisco SRE Module Interface

Installing NAM Software

Configuring the Cisco SRE NAM for Management

Configuring Cisco SRE NAM For Network Connectivity

Configuring the NAM System Time with an NTP Server

Enabling NAM Packet Monitoring

Enabling and Accessing the NAM Traffic Analyzer

Changing the NAM Root Password

Resetting the NAM Root Password to the Default Value

Opening and Closing a Telnet or SSH Session to the NAM

Managing the Cisco SRE NAM

Additional References

Glossary

Obtaining Documentation and Submitting a Service Request

Cisco SRE NAM Specifications

The following sections contain information on Cisco SRE NAM 5.1 specifications.

Supported External Software Interfaces

Cisco SRE NAM supports the following external software interfaces:

CLI over Telnet, SSH and sessions for the router/IOS

SNMP

HTTP/HTTPs

Netflow Data Export

Supported Branch Routers

Cisco SRE NAM can be deployed in any network module slot in the Cisco router platforms listed in Table 1. Only one Cisco NAM can be installed in a Cisco branch router.

Table 1 Cisco SRE NAM Supported Router Platforms

Router Platform
IOS Version (Minimum)

Cisco 3945E ISR

Cisco IOS 15.1(1T)

Cisco 3925E ISR

Cisco IOS 15.1(1T)

Cisco 3945 ISR

Cisco IOS 15.0(1)M

Cisco 3925 ISR

Cisco IOS 15.0(1)M

Cisco 2951 ISR

Cisco IOS 15.0(1)M

Cisco 2921 ISR

Cisco IOS 15.0(1)M

Cisco 2911 ISR

Cisco IOS 15.0(1)M


To determine which IOS release your router is currently running, examine the output of the show version command.

Supported Cisco SRE Service Modules

Cisco SRE NAM 5.1 supports SM-SRE 700 Series and SM-SRE 900 Series service modules. The Cisco SM-SRE must be installed in one of the SM slots in the Cisco 2911, Cisco 2921, Cisco 2951, or Cisco 3900 Series router.

All Cisco SM-SRE models ship from the factory with the hardware preinstalled as listed in Table 2.

Table 2 Cisco SM-SRE Hardware

Model
Processor
Hard Disk
Memory
eUSB Flash

SM-SRE-700-K9

1.86 GHz single core

500 GB (SATA)

4 GB

2 GB

SM-SRE-900-K9

1.86 GHz
dual core

2 x 500 GB (SATA)

4 GB

2 GB


If you need to install the SM-SRE network module, see the following:

Connecting Cisco NAM Enhanced Network Modules to the Network

http://www.cisco.com/en/US/docs/routers/access/interfaces/nm/hardware/installation/guide/
namnme.htmll

Cisco Network Modules and Interface Cards Regulatory Compliance and Safety Information

http://www.cisco.com/en/US/docs/routers/access/interfaces/rcsi/IOHrcsi.html

Cisco SRE Service Module Configuration and Installation Guide

http://www.cisco.com/en/US/docs/routers/access/interfaces/software/feature/guide/ism-sm-sre.html

Before You Begin

Before you begin installing NAM software, do the following:

Make a note of the network module location in the host router:

slot—Number of the router chassis slot for the module. After you install the module, you can get this information from the router's show running-config command output and look for interface SM.

port—Port number of the module interface. This value is always 0.


Note You need this information for the "Configuring the SRE Interface on the Router" section and the "Closing a Session" section.


Verify that your download FTP or TFTP file server is accessible:

FTP file server—Use for installations, backups, and restores.

TFTP file server—Use (on the FTP-file-server machine) for boothelper operations to recover from a failed installation.

NAM Software

The NAM software application resides on a network module that plugs into a host Cisco router running Cisco IOS software.

The network module is a standalone service engine with its own startup and run-time configurations that are independent of the Cisco IOS configuration on the router. The module does not have an external console port. Instead, you launch and configure the module through the router, by means of a configuration session on the module. After the session, you return to the router CLI and clear the session.

This arrangement—host router plus network module (the latter is also sometimes called an appliance or blade or, with installed software, a service or services engine)—provides a router-integrated application platform for accelerating data-intensive applications including the following and more:

Application-oriented networking

Contact centers and interactive-voice-response applications

Content caching and delivery

Data and video storage

Network analysis

Voice mail and auto-attendant applications

Hardware Interfaces

The host router and network module use several interfaces for internal and external communication (see Figure 1). Each interface is configurable both from the router by using the Cisco IOS CLI and from the module by using the module's CLI.

The Cisco SRE NAM can monitor traffic on both the external and the internal interface at the same time. However, only one can be used for management traffic.

Figure 1 Router and Network Module Interfaces

 
On This Hardware Interface...
Configure These Settings...
Using This Configuration Method
1

Router interface
(for example, Gig0/0)

Standard router settings

Router's Cisco IOS CLI

2

Router side interface to SM-SRE.

This is the sm interface on the router.

Module's IP address and default gateway router

3

INTERNAL interface of the SM-SRE.

This is a Gigabit Ethernet (GE) interface.

All other module and SM-SRE application settings

Module's SM-SRE CLI, GUI, telnet, SSH interface, or SNMP

4

EXTERNAL interface of the SM-SRE. This is a Gigabit Ethernet interface.

Support for data requests and transfers from outside sources


Configuring the Cisco SRE Module Interface

This section describes how to configure basic network parameters for the SRE service module using the Cisco IOS CLI. This section contains information on the following tasks:

Configuring the SRE Interface on the Router

Opening a Session

Closing a Session


NoteIf you lose power or connection during any of the following procedures, the system usually detects the interruption and tries to recover. If it fails to do so, fully reinstall the system using IOS commands. See the "Installing Cisco SRE NAM Using IOS Commands" section.

You can configure the network module by means of either the CLI or the GUI. This document presents CLI configuration instructions. For GUI configuration instructions, see the GUI's online help.


Configuring the SRE Interface on the Router

Your first configuration task is to set up network module interfaces to the host router and to its external links. This configuration enables you to access the module to install and configure the SRE service module.


Note The first few steps open the host-router CLI and access the router's interface to the module. The subsequent steps configure the interface.


SUMMARY STEPS

From the Host-Router CLI

1. enable

2. configure terminal

3. interface sm <slot>/0

4. ip address router-side-ip-address subnet-mask

or

ip unnumbered type number

5. [Optional, but if done, do not do Step 6] service-module ip address module-side-ip-address subnet-mask

6. [Optional, but if done, do not do Step 5] service-module external ip address external-ip-address subnet-mask


Note Either Step 5 or Step 6 must be performed. If neither is done, the installation will not succeed.


7. [Optional] service-module ip default-gateway gateway-ip-address

8. end

9. copy running-config startup-config

10. show running-config

DETAILED STEPS

 
Command or Action
Purpose
 
From the Host-Router CLI

Step 1 

enable

Example:

Router> enable

Enters privileged EXEC mode on the host router. Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode on the host router.

Step 3 

interface sm slot/0

Example:

Router(config)#
interface sm 1/0

Enters interface configuration mode for the slot and port where the network module resides.

Step 4 

ip address router-side-ip-address subnet-mask


or

ip unnumbered type number

Example:

Router(config-if)#
ip address 10.0.0.20 255.255.255.0


or

Router(config-if)# ip unnumbered ethernet 0/0

Specifies the router interface to the module. Arguments are as follows:

router-side-ip-address subnet-mask—IP address and subnet mask for the interface.

type number—Type and number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. Serial interfaces using High Level Data Link Control (HDLC), Point-to-Point Protocol (PPP), Link Access Procedure, Balanced (LAPB), Frame Relay encapsulations, Serial Line Internet Protocol (SLIP), and tunnel interfaces can be unnumbered.

Step 5 

service-module ip address module-side-ip-address subnet-mask

Example:

Router(config-if)# service-module
ip address 172.0.0.20 255.255.255.0

Specifies the IP address for the module interface to the router. Arguments are as follows:

module-side-ip-address—IP address for the interface

subnet-mask—Subnet mask to append to the IP address; must be in the same subnet as the host router

This command selects and configures the internal interface for management traffic. This command is equivalent to using the commands ip interface internal and ip address <address> <mask> on the SRE service module CLI.

Note If you want to use the external interface for management traffic, use the Step 6 instead. Either Step 5 or Step 6 must be performed. If neither is done, the installation will not succeed.

Step 6 

service-module external ip address external-ip-address subnet-mask

Example:

Router(config-if)# service-module external ip address 172.0.0.30 255.255.255.0

Specifies the IP address for the external LAN interface on the module. Arguments are as follows:

external-ip-address—IP address for the interface

subnet-mask—Subnet mask to append to the IP address

This command selects and configures the external interface for management traffic. This command is equivalent to using the commands ip interface external and ip address <address> <mask> on the SRE service module CLI.

Note If you want to use the internal interface for management traffic, use the Step 5 instead. Either Step 5 or Step 6 must be performed. If neither is done, the installation will not succeed.

Step 7 

service-module ip default-gateway gateway-ip-address

Example:

Router(config-if)# service-module ip default-gateway 10.0.0.40

Specifies the IP address for the default gateway router for the module. The argument is as follows:

gateway-ip-address—IP address for the gateway router

Note Use this step only if you used Step 5 or Step 6.

Step 8 

end

Example:

Router(config-if)# exit

Returns to global configuration mode on the host router.

Step 9 

copy running-config startup-config

Example:

Router# copy running-config startup-config

Saves the router's new running configuration.

Step 10 

show running-config

Example:

Router# show running-config

Displays the router's running configuration, so that you can verify address configurations.

Examples

The following partial output from the show running-config command shows how the interfaces are configured.

interface sm 1/0
ip address 10.0.0.20 255.255.255.0
service-module ip address 10.0.0.21  255.255.255.0
service-module ip default-gateway 10.0.0.20

Opening a Session

This section describes how to open a session on the SRE service module.


NoteBefore you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application.

You can conduct only one session at a time.


SUMMARY STEPS

From the Router CLI

1. enable

2. service-module sm slot/0 session clear

3. service-module sm slot/0 session

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enters privileged EXEC mode on the host router. Enter your password if prompted.

Step 2 

service-module sm slot/0 session clear

Example:

Router# service-module sm 1/0 session clear

[confirm]

[OK]

Router#


Make sure there is not an existing session which will prevent this session to login successfully.

Step 3 

service-module sm slot/0 session

Example:

Router# service-module sm 1/0 session

Trying 172.20.98.151, 2066 ... Open


Cisco Network Analysis Module (SM-SRE)


NAM.domain.name login:


Begins a session on the specified module.

Closing a Session

This section describes how to close a session on the SRE service module.


NoteBefore you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application.

You can conduct only one session at a time.

In NAM 5.1, the CLI command exit automatically closes a session.


SUMMARY STEPS

Use the following steps to close a session:

From the NAM CLI, NAM login, NAM helper, or NAM bootloader prompts

1. Control-Shift-6 x

From the Router prompt

2. disconnect       <or>
service-module sm
slot/0 session clear

DETAILED STEPS

 
Command or Action
Purpose
 
From the NAM CLI, NAM login, NAM helper, or NAM bootloader prompts

Step 1 

Press Control-Shift-6 x.

Note This key sequence returns you to the router prompt.

Closes the service-module session and returns to the router CLI.

Note The service-module session stays up until you clear it in the next step. While it remains up, you can return to it from the router CLI by pressing Enter.

 
From the Router CLI

Step 2 

disconnect
or
service-module sm slot/0 session clear

Example:

Router# service-module sm 1/0 session clear

[confirm]

[OK]

Router#

Disconnects the session connection or clears the service module session for the specified module.

When prompted to confirm this command, press Enter.

Installing NAM Software

During software installations, you use the Bootloader, a small set of system software that runs when the system first powers up. The Bootloader loads and runs the NAM application. The bootloader might optionally load and run the helper image on flash memory.

Reinstalling software involves installing, configuring, and starting a helper image. The helper, in turn, starts the NAM installation wizard, which installs the software.


Note Plan software upgrades or downgrades for times when you can take all applications that run on the host router out of service or offline.


NAM Software Images

The Cisco SRE NAM contains three NAM software images:

Bootloader image in flash memory—Use to specify whether to boot the NAM application image or the helper image.

Helper image in flash memory—Use to recover or upgrade NAM software images.

NAM application image on the hard drive—Source of the NAM Traffic Analyzer and NAM CLI.

Types of NAM Software Upgrades

NAM software upgrades are available in two forms:

Images—Full image releases that are installed from the helper image. Full image upgrades are typically used to update the NAM application image, and if necessary and recommended by technical support, you can also use the helper image to upgrade the bootloader image or helper image.

Patches—Incremental updates to software versions that are installed with the patch NAM CLI command. Patches are available only for the NAM application image.

Perform one of the following procedures in this section, depending on whether you are adding a patch to your NAM application or are performing a full software image upgrade:

Installing Cisco SRE NAM Using IOS Commands— Use this procedure if you are installing Cisco SRE NAM for the first time.

Upgrading Cisco SRE NAM Using NAM CLI Commands—Use this procedure if you are upgrading an existing NAM with Cisco SRE NAM.

Using Helper to Install Cisco SRE NAM— Use this procedure to activate Helper during an upgrade.


Note Using this method is discouraged. Installing using IOS commands or CLI commands is preferred.


Installing Cisco SRE NAM Using IOS Commands

If you are installing Cisco SRE NAM for the first time, you must perform the installation using the IOS command method described below.


Warning This installation method reformats the Cisco SM-SRE hard disk.


Before You Begin

Do the following before you begin installing Cisco SRE NAM:

Download the NAM 5.1 software image from Cisco.com

Copy the image to an FTP server.

(Optional) Have available the IP address of your TFTP file server.

To install Cisco NAM on a SM-SRE, the following set of files must be accessible in the same directory:

application(bin.gz)

helper

install.sre

install.sre.header

tcl signature

smbootloader

The naming of these files is important. All these files with the correct naming will be made available as a zip file. The stem of the name is the application image name. Other files have additional extensions.

The SRE install process first loads the tcl file and the helper from IOS. The tcl file is executed in IOS. Then the bootloader is instructed to load the helper image from the router. The install URL is passed to the helper image, which loads the bootloader and the application image and installs them.


Note The helper does not perform name resolution, so URLs need to use numeric IP addresses. The URLs need their passwords embedded.


Refer to the Cisco SRE Service Module Configuration and Installation Guide for general instructions:

http://www.cisco.com/en/US/docs/routers/access/interfaces/software/feature/guide/ism-sm-sre.html

Procedure

The SRE installation is a common installation procedure for all SRE applications. It is controlled from the IOS prompt.


Note It takes some time to initialize the hard drive and install the Cisco NAM software.


Perform the following:


Step 1 Telnet to NAM.

Step 2 From NAM, start the bootloader. Enter reboot from the NAM CLI and select Confirm=Yes.

While the system reboots, it displays the following prompt:

Enter *** to change boot configuration:

Step 3 Enter ***.

You must enter *** within one minute, or you will lose the chance to break to bootloader.

Step 4 Navigate to the image directory and expand the ZIP file.

For example:

namlab-pc7.cisco.com% unzip nam-app-x86_64.5-1-0-7.bin.gz.zip
Archive:  nam-app-x86_64.5-1-0-7.bin.gz.zip
replace nam-app-x86_64.5-1-0-7.bin.gz? [y]es, [n]o, [A]ll, [N]one, [r]ename: y
  inflating: nam-app-x86_64.5-1-0-7.bin.gz.helper  
  inflating: nam-app-x86_64.5-1-0-7.bin.gz.install.sre  
  inflating: nam-app-x86_64.5-1-0-7.bin.gz.install.sre.header  
  inflating: nam-app-x86_64.5-1-0-7.bin.gz.key  
  inflating: nam-app-x86_64.5-1-0-7.bin.gz.smbootloader  

Step 5 From the IOS CLI issue the command service-module sm3/0 install url ftp://<file-location>. In this example the SM-SRE is in slot 3.

For example:

MACE-3945-CORE-28#service-module sm3/0 install url ftp://ftp@172.20.98.174 
pub/nam/interim/5-1/nam-app-x86_64.5-1-0-7.bin.gz
Delete the installed Network Analysis Module (NAM) and proceed with new installation? 
[no]: yes
Loading pub/nam/interim/5-1/nam-app-x86_64.5-1-0-7.bin.gz.install.sre !
[OK - 2853/4096 bytes]
Resource requirements check completed successfully. Proceeding to Install....
MACE-3945-CORE-28#term mon
MACE-3945-CORE-28#
*Dec  6 19:44:42.219: %SM_INSTALL-6-INST_RESET: SM3/0 is reset for software 
installation.
*Dec  6 19:45:50.323: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP Registration 
Request
*Dec  6 19:45:50.327: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP File Request
*Dec  6 19:45:51.955: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP File Request
*Dec  6 19:46:01.759: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP File Request
*Dec  6 19:46:01.875: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP File Request
*Dec  6 19:46:22.199: %SRE_SM-6-STATE_CHANGE: SM3/0 changing state from 
SERVICE_MODULE_STATE_ERRQ to SERVICE_MODULE_STATE_STDY
*Dec  6 19:46:39.755: %SM_INSTALL-6-INST_PROG: SM3/0 PROGRESSING: updated bootloader.
*Dec  6 19:46:39.755: %SM_INSTALL-6-INST_PROG: SM3/0 PROGRESSING: starting download of 
ftp://ftp@172.20.98.174/pub/nam/interim/5-1/nam-app-x86_64.5-1-0-7.bin.gz.
*Dec  6 19:55:42.155: %SM_INSTALL-6-INST_SUCC: SM3/0 SUCCESS: Application image
upgrade complete..
*Dec  6 19:57:00.299: %SM_INSTALL-6-INST_RBIP: SM3/0 received msg: RBIP Registration 
Request


When the message Application image upgrade complete. displays, your Cisco SRE NAM installation is complete.


Upgrading Cisco SRE NAM Using NAM CLI Commands


Note This installation method is for Cisco SRE NAM upgrades only. It does not reformat the hard drive.


Procedure

Perform the following:


Step 1 Telnet to an Cisco 2900 Series or Cisco 3900 Series ISR router.

Step 2 Enter the following to begin a session on the Cisco SRE NA. Replace slot with the number of the slot containing the SM-SRE.:

service-module sm slot/0 session

Step 3 Log into the NAM CLI as root.

Step 4 Enter the command:

Upgrade ftp://ftp@FileServer//FilePath

Step 5 When the message Do you want to proceed with installation displays, enter Yes.

The system automatically reboots when the upgrade is complete.


Using Helper to Install Cisco SRE NAM

This method can be used for an upgrade.


Note Using this method is discouraged. Using IOS commands as described in the "Installing Cisco SRE NAM Using IOS Commands" sectionor CLI commands as described in the "Upgrading Cisco SRE NAM Using NAM CLI Commands" section is preferred.



Step 1 Telnet to an Cisco 2900 Series or Cisco 3900 Series ISR router.

Step 2 Enter the following to begin a session on the Cisco SRE NAM. Replace slot with the number of the slot containing the SM-SRE.:

service-module sm slot/0 session

Step 3 Log into the NAM CLI as root.

Step 4 Enter the command:

reboot -helper

The NAM system will reboot and then boot to helper.

Step 5 After the helper's menu displays, you will have the choice of fresh install (reformat the disk) or upgrade (the disk will not be reformatted) along with other functions.

Select 1 if you are performing an upgrade. The system automatically reboots when the upgrade is complete.

Select 2 if you are performing a new installation. When the message Application image upgrade complete. displays, your Cisco SRE NAM installation is complete.


Configuring the Cisco SRE NAM for Management

Cisco SRE NAM has an internal Gigabit Ethernet interface and an external interface. You can use either interface for NAM management traffic such as the NAM web GUI, telnet or ssh, but not both. You can configure the NAM internal interface to use either IP unnumbered or a routable subnet.

See the following sections for information about how to configure the Cisco SRE NAM internal interfaces for management:

Configuring the Internal Interface for Management—IP Unnumbered

Configuring the Internal Interface for Management—Routable Subnet

Configuring the External Interface for Management

Disabling AAA Login Authentication on the NAM Console Line

Configuring the Internal Interface for Management—IP Unnumbered

This section describes how to configure the Cisco SRE NAM internal interface for IP unnumbered.


Note The addresses used for the interface address (Step 4), the NAM-Address (Steps 6 and 9), and the NAM-Default-Gateway-Address (Step 7) must all be in the same subnet.


SUMMARY STEPS

From the Router Prompt

1. enable

2. configure terminal

3. interface sm slot/0

4. ip unnumbered <interface> <number>

5. no shutdown

6. service-module ip address <NAM-Address> <subnetmask>

7. service-module ip default-gateway <NAM-Default-Gateway-Address>

8. exit

9. ip route <NAM-Address> 255.255.255.255 sm slot/0

10. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Enter IOS exec mode.

Step 2 

configure terminal

Enter IOS configuration from terminal mode.

Step 3 

interface sm slot/0

Enter IOS interface configuration mode for the service module interface.

Step 4 

ip unnumbered <interface> <number>

Example:

Router (config-if)# ip unnumbered gigabitethernet 0/1

Borrow the address that was set at <interface>. In the example, interface sm 1/0 borrows the address set in gigabitethernet0/1 interface.

Step 5 

no shutdown

Enable the sm interface.

Step 6 

service-module ip address <NAM-Address> <subnetmask>


Router (config-if)# service-module ip address 209.165.200.226 255.255.255.224

Set <NAM-Address> to the NAM Internal interface.

Step 7 

service-module ip default-gateway <NAM-Default-Gateway-Address>


Example:

Router (config-if)# service-module ip default-gateway 209.165.200.225


Setup the NAM default gateway address.

Step 8 

exit

Exit from the router interface configuration mode to the router global configuration mode.

Step 9 

ip route <NAM-Address> 255.255.255.255 sm slot/0

Example:

Router(config)# ip route 209.165.200.226 255.255.255.255 sm 1/0


Setup a full 32-bit static route for the NAM management address.

Step 10 

end

Exit the router configuration mode.

Configuration Example

In this configuration example:

The internal NAM interface is used for management traffic.

IP addresses from the same routable subnet are assigned to the service module interface and the NAM system

To conserve IP address space, the service module interface is configured as IP unnumbered to borrow the IP address of the Gigabit Ethernet interface.

A static route to the NAM through the service module interface is configured.

The internal NAM interface is used to monitor WAN traffic on interface Serial 0/0, and the external NAM interface is used to monitor LAN traffic on interface Gigabit Ethernet 0/0.

The SM-SRE is installed in router slot 2.

Router Configuration (Cisco IOS Software)

!
interface GigabitEthernet0/0
 ip address 209.165.200.225 255.255.255.224
 duplex auto
 speed auto
 analysis-module monitoring
!
interface Integrated-Service-Engine2/0
 ip unnumbered GigabitEthernet0/0
 ip nbar protocol-discovery
 no keepalive
!
!
ip route 209.165.200.226  255.255.255.255  Integrated-Service-Engine2/0
!
!

NAM Configuration (NAM Software)

root@myNAM.company.com# show ip
IP address:                  209.165.200.226
Subnet mask:                 255.255.255.224
IP Broadcast:                209.165.200.255
IP Interface:                Internal
DNS Name:                    myNAM.company.com
Default Gateway:             209.165.200.225
Nameserver(s):               171.69.2.133
HTTP server:                 Enabled
HTTP secure server:          Disabled
HTTP port:                   80
HTTP secure port:            443
TACACS+ configured:          No
Telnet:                      Enabled
SSH:                         Disabled

Configuring the Internal Interface for Management—Routable Subnet

This section describes how to configure the SM-SRE internal interface for management using a routable subnet method.

SUMMARY STEPS

From the Router Prompt

1. enable

2. configure terminal

3. interface sm slot/0

4. ip address <router-side-address> <subnetmask>

5. no shutdown

6. service-module ip address <NAM-Address> <subnetmask>

7. service-module ip default-gateway <router-side-address>

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Enter IOS exec mode.

Step 2 

configure terminal

Enter IOS configuration from terminal mode.

Step 3 

interface sm slot/0

Enter the IOS interface configuration mode for the integrated-service-engine interface.

Step 4 

ip address <router-side-address> <subnetmask>

Example:

Router (config-if)# ip address 209.165.200.225 255.255.255.224

Set a routable address to the integrated-service-engine interface.

Step 5 

no shutdown

Bring up the integrated-service-engine interface.

Step 6 

service-module ip address <NAM-Address> <subnetmask>

Example:

Router (config-if)# service-module ip address 209.165.200.226 255.255.255.224


Set NAM-Address to the NAM Internal interface.

Note The NAM-Address must be in the same subnet as router-side-address.

Step 7 

service-module ip default-gateway <router-side-address>

Example:

Router (config-if)# service-module ip default-gateway 209.165.200.225


Setup NAM default gateway address to be the integrated-service-engine interface address, which is router-side-address.

Step 8 

end

Exit the router configuration mode.

Configuration Example

In this configuration example:

The internal NAM interface is used for management traffic.

IP addresses from the same routable subnet are assigned to the Integrated-Service-Engine interface and the NAM system.

A static route to the NAM through the Integrated-Service-Engine interface is configured.

The internal NAM interface is used to monitor WAN traffic on interface Serial 0/0, and the external NAM interface is used to monitor LAN traffic on interface Fast Ethernet 0/0.

The SM-SRE is installed in router slot 2.

Router Configuration (Cisco IOS Software)

!
interface sm2/0
 ip address 209.165.200.225  255.255.255.224


ip route 209.165.200.226  255.255.255.255  Integrated-Service-Engine1/0


NAM Configuration (NAM Software)

root@myNAM.company.com# show ip
IP address:                  209.165.200.226
Subnet mask:                 255.255.255.224
IP Broadcast:                209.165.200.255
IP Interface:                Internal
DNS Name:                    myNAM.company.com
Default Gateway:             209.165.200.225
Nameserver(s):               171.69.2.133
HTTP server:                 Enabled
HTTP secure server:          Disabled
HTTP port:                   80
HTTP secure port:            443
TACACS+ configured:          No
Telnet:                      Enabled
SSH:                         Disabled

Configuring the External Interface for Management

This section describes how to configure the SM-SRE to use its external interface for NAM management traffic.

SUMMARY STEPS

From the Router Prompt

1. enable

2. configure terminal

3. interface loopback <loopback-number>

4. ip address <bogus-address> <subnetmask>

5. no shutdown

6. exit

7. interface sm slot/0

8. ip unnumbered loopback <loopback-number>

9. no shutdown

10. service-module external ip address <NAM-Address> <subnetmask>

11. service-module ip default-gateway <NAM-Default-Gateway-Address>

12. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable


Enter IOS exec mode.

Step 2 

configure terminal

Enter IOS configuration from terminal mode.

Step 3 

interface loopback <loopback-number>


Router (config)# interface loopback 0

Router (config-if)#

Create a loopback interface 0 on the router.

Step 4 

ip address <bogus-address> <subnetmask>

Example:

Router(config-if)# ip address 10.1.1.1 255.255.255.0


Set a bogus address on the loopback interface. In the example, interface loopback0 is assigned with an address 10.1.1.1/24.

Step 5 

no shutdown


Enable the loopback interface.

Step 6 

exit

Example:

Router(config-if)# exit

Router(config)#


Exit from interface configuration mode to the global configuration mode.

Step 7 

interface sm slot/0


Enter the IOS interface configuration mode for the integrated-service-engine interface.

Step 8 

ip unnumbered loopback <number>

Example:

Router (config-if)# ip unnumbered loopback 0


Borrow the address that was set to the loopback interface in Step 4.

Step 9 

no shutdown

Bring up the integrated-service-engine interface.

Step 10 

service-module external ip address <NAM-Address> <subnetmask>

Example:

Router (config-if)# service-module external ip address 209.165.201.2 255.255.255.224


Set <NAM-Address> to the NAM External interface.

Step 11 

service-module ip default-gateway <NAM-Default-Gateway-Address>


Router (config-if)# service-module ip default-gateway 209.165.201.222


Setup the NAM default gateway address.

Step 12 

end

Exit the router configuration mode.

Configuration Example

In this configuration example:

The external NAM interface is used for management traffic.

The Integrated-Service-Engine interface is configured as IP unnumbered to borrow the IP address of the loopback interface.

The borrowed loopback interface IP address is not routable.

The NAM system is configured with an IP address from the LAN subnet that is connected to the external NAM interface.

The internal NAM interface is used to monitor WAN traffic on interface Serial 0/0, and the external NAM interface is used to monitor LAN traffic on interface Fast Ethernet 0/0.

The SM-SRE is installed in router slot 3.

Router Configuration (Cisco IOS Software)

!
interface loopback 0
 ip address 10.1.1.1 255.255.255.0
!
!
interface sm3/0
 ip unnumbered loopback 0
 no shutdown
!

NAM Configuration (NAM software)

root@myNAM.company.com# show ip
IP address:                 209.165.201.2
Subnet mask:                255.255.255.224
IP Broadcast:               209.165.201.223
IP Interface:               External
DNS Name:                   myNAM.company.com
Default Gateway:            209.165.201.222
Nameserver(s):              171.69.2.133
HTTP server:                Enabled
HTTP secure server:         Disabled
HTTP port:                  80
HTTP secure port:           443
TACACS+ configured:         No
Telnet:                     Enabled
SSH:                        Disabled

Disabling AAA Login Authentication on the NAM Console Line

If you configured authentication, authorization, and accounting (AAA) on your router, then you might have to log in twice to open a NAM console session from the router: first with your AAA username and password, and second with the NAM login and password.

If you do not want to log in twice to open a NAM console session from the router, then disable AAA login authentication on the router's NAM console line by performing this procedure.

Note, however, that if your router contains both the SM-SRE and the NM-CIDS, the Cisco intrusion detection system network module, then AAA can be a useful tool for centrally controlling access to both network modules. For information about AAA, see the Cisco IOS Security Configuration Guide for your Cisco IOS release.

SUMMARY STEPS

1. enable

2. configure terminal

3. aaa authentication login list-name none

4. line number

5. login authentication list-name

6. end

7. show running-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

aaa authentication login list-name none

Example:

Router(config)# aaa authentication login name none

Creates a local authentication list.

The none keyword specifies no authentication for this list.

Step 4 

line number

Example:

Router(config)# line 33

Enters line configuration mode for the line to which you want to apply the authentication list.

The number value is determined by the slot number in which the SM-SRE is installed:

number = (32 x slot) + 1  (for Cisco 3700 series)

number = ( (32 x slot) + 1) x 2  (for Cisco 2800 and Cisco 3800 series)

Step 5 

login authentication list-name

Example:

Router(config-line)# login authentication name

Applies the authentication list to the line.

Specify the authentication list name that you configured in Step 3.

Step 6 

end

Example:

Router(config-line)# end

Returns to privileged EXEC mode.

Step 7 

show running-config

Example:

Router# show running-config

Displays the contents of the currently running configuration file.

Verify that you configured the local authentication list and applied it to the line associated with the SM-SRE.

Configuring Cisco SRE NAM For Network Connectivity

This section describes how to configure the Cisco SRE NAM to establish network connectivity and configure IP parameters. This task must be performed from the NAM CLI. For more advanced NAM configuration, use the NAM Traffic Analyzer (web GUI) or see the Network Analysis Module Command Reference for your NAM software release.

Prerequisites

Before doing this procedure, access the NAM console. See "Opening a Session" section.

SUMMARY STEPS


Note You might have already done Steps 1 and 2 if you have configured the SM-SRE for management using either Configuring the Internal Interface for Management—IP Unnumbered or Configuring the External Interface for Management.


1. ip interface {internal | external}

2. ip address ip-address subnet-mask

3. [Optional] ip broadcast broadcast-address

4. ip gateway ip-address

5. exsession on
or
exsession on ssh

6. ip domain name

7. ip host name

8. ip nameserver ip-address [ip-address][ip-address]

9. ping {host | ip-address}

10. show ip

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

ip interface {internal | external}

Example:

root@localhost# ip interface internal

Example:

root@localhost# ip interface external

Specifies which NAM interface will handle management traffic.

Step 2 

ip address ip-address subnet-mask

Example:

root@localhost# ip address 172.20.104.126 255.255.255.248

Configures the NAM system IP address.

Step 3 

ip broadcast broadcast-address

Example:

root@localhost# ip broadcast 10.255.255.255

(Optional) Configures the NAM system broadcast address.

Step 4 

ip gateway ip-address

Example:

root@localhost# ip gateway 172.20.104.125

Configures the NAM system default gateway address.

Step 5 

exsession on


or

exsession on ssh

Example:

root@localhost# exsession on

Example:

root@localhost# exsession on ssh

(Optional) Enables outside logins.

exsession on enables Telnet access.

exsession on ssh enables SSH access.

Note The NAM software K9 cryptographic patch is required to configure the ssh option. See http://www.cisco.com/en/US/products/products_security_advisory09186a00801c110e.shtml for details.

Step 6 

ip domain name

Example:

root@localhost# ip domain company.com

(Optional) Sets the NAM system domain name.

Step 7 

ip host name

Example:

root@localhost# ip host nam1

(Optional) Sets the NAM system hostname.

Step 8 

ip nameserver ip-address [ip-address][ip-address]

Example:

root@nam1# ip nameserver 209.165.201.1

(Optional) Sets one or more NAM system name servers.

We recommend that you configure a name server for the NAM system to resolve Domain Name System (DNS) requests.

Step 9 

ping {host | ip-address}

Example:

root@nam1# ping 10.20.30.40

Checks connectivity to a network device.

Verify connectivity to the router or another known host.

Step 10 

show ip

Example:

root@nam1# show ip

Displays the NAM IP parameters.

Verify that you properly configured SRE NAM.

Examples

This section provides the following examples:

Configuring the SM-SRE

Checking Network Connectivity with Ping

Sample Output for the show ip NAM CLI Command

Configuring the SM-SRE

In the following example, the external NAM interface is used for management traffic. The HTTP server and Telnet access are enabled. The resulting NAM CLI prompt is root@nam1.company.com#.

root@nam.domain.name# ip interface external

root@nam.domain.name# ip address 172.20.105.215 255.255.255.192
root@nam.domain.name# ip domain company.com
root@nam.company.com# ip host myNAM
root@myNAM.company.com# ip nameserver 209.165.201.29
root@myNAM.company.com# ip gateway 172.20.105.210
root@myNAM.company.com# exsession on
root@myNAM.company.com# ip http server enable
Enabling HTTP server...

No web users are configured.
Please enter a web administrator user name [admin]:
New password:
Confirm password:

User admin added.
Successfully enabled HTTP server.

Checking Network Connectivity with Ping

root@myNAM.company.com# ping 172.20.98.129
PING 172.20.98.129 (172.20.98.129) 56(84) bytes of data.
64 bytes from 172.20.98.129: icmp_seq=1 ttl=254 time=1.27 ms
64 bytes from 172.20.98.129: icmp_seq=2 ttl=254 time=1.13 ms
64 bytes from 172.20.98.129: icmp_seq=3 ttl=254 time=1.04 ms
64 bytes from 172.20.98.129: icmp_seq=4 ttl=254 time=1.08 ms
64 bytes from 172.20.98.129: icmp_seq=5 ttl=254 time=1.11 ms

--- 172.20.98.129 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 1.043/1.129/1.278/0.090 ms
root@myNAM.company.com#

Sample Output for the show ip NAM CLI Command

root@nam1.company.com# show ip 

IP address:             172.20.105.215
Subnet mask:            255.255.255.192
IP Broadcast:           10.255.255.255
IP Interface:           External
DNS Name:               nam1.company.com
Default Gateway:        172.20.105.210
Nameserver(s):          209.165.201.29
HTTP server:            Enabled
HTTP secure server:     Disabled
HTTP port:              80
HTTP secure port:       443
TACACS+ configured:     No
Telnet:                 Enabled
SSH:                    Disabled
root@nam1.company.com#

What to Do Next

If you plan to monitor traffic through the internal NAM interface, then proceed to the "Enabling NAM Packet Monitoring" section.

If you do not plan to monitor traffic through the internal NAM interface, then proceed to the "Enabling and Accessing the NAM Traffic Analyzer" section.

Configuring the NAM System Time with an NTP Server

The Cisco SRE NAM gets the UTC (GMT) time from an external NTP server. After the NAM acquires the time, you can set the local time zone using the NAM System Time configuration screen.


Caution Both the client computer and the NAM server must have the time set accurately for their respective time zones. If either the client or the server time is wrong, then the data shown in the GUI will be wrong.

To configure the NAM system time with an NTP server:


Step 1 On the NAM appliance GUI, choose Administration > System > System Time.

Step 2 Click the NTP Server radio button.

Step 3 Enter one or two NTP server names or IP address in the NTP server name/IP Address text boxes.

Step 4 Select the Region and local time zone from the lists.

Step 5 Do one of the following:

To save the changes, click Submit.

To leave the configuration unchanged, click Reset.


Enabling NAM Packet Monitoring

This section describes how to enable NAM packet monitoring on router interfaces that you want to monitor through the internal NAM interface.

When you enable NAM packet monitoring on an interface, Cisco Express Forwarding sends an extra copy of each IP packet that is received from or sent out on that interface to the NAM through the Integrated-Service-Engine interface on the router and the internal NAM interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip cef

4. interface type slot/port
or
interface type slot/wic-slot/port

5. analysis-module monitoring

6. Repeat Step 4 and Step 5 for each interface that you want the NAM to monitor.

7. end

8. show running-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip cef

Example:

Router(config)# ip cef

Enables the Cisco Express Forwarding switching path.

Step 4 

interface type slot/port

or

interface type slot/wic-slot/port

Example:

Router(config)# interface serial 0/0

Selects an interface for configuration.

Step 5 

analysis-module monitoring

Example:

Router(config-if)# analysis-module monitoring

Enables NAM packet monitoring on the interface.

Step 6 

Repeat Step 4 and Step 5 for each interface that you want the NAM to monitor through the internal NAM interface.

Step 7 

end

Example:

Router(config-if)# end

Router#


Returns to privileged EXEC mode.

Step 8 

show running-config

Example:

Router# show running-config

Displays the contents of the currently running configuration file.

Verify that you enabled the Cisco Express Forwarding switching path and enabled packet monitoring on the correct interfaces.

Examples

This section provides the following example:

Enabling NAM Packet Monitoring

Enabling NAM Packet Monitoring

In the following example, NAM packet monitoring is enabled on the serial interfaces:

interface Serial 0/0
 ip address 172.20.105.213 255.255.255.240
 ip route-cache flow
 speed auto
 full-duplex
 analysis-module monitoring
 no mop enabled
!
interface Serial 0/1
 ip address 172.20.105.53 255.255.255.252
 ip route-cache flow
 duplex auto
 speed auto
analysis-module monitoring
!
interface Integrated-Service-Engine 2/0
 ip address 10.1.1.1 255.255.255.0
 hold-queue 60 out
!

What to Do Next

Proceed to the "Enabling and Accessing the NAM Traffic Analyzer" section.

Enabling and Accessing the NAM Traffic Analyzer

This section describes how to enable and access the NAM Traffic Analyzer (web GUI).

Prerequisites

Ensure that your web browser supports your NAM software release. For a list of supported browsers, see the Release Notes for the Network Analysis Module Software, Release 5.1 at the following location:

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/5.1/release/
notes/nam50note.html

SUMMARY STEPS

1. Open a NAM console session from the router. See the "Opening a Session" section.
or
Open a Telnet or SSH session to the NAM. See the "Opening and Closing a Telnet or SSH Session to the NAM" section.

2. ip http server enable
or
ip http secure server enable

3. Enter a web username.
or
Press Return to enter the default web username "admin".

4. Enter a password.

5. Enter the password again.

6. On your PC, open a web browser.

7. In the web browser, enter the NAM system IP address or hostname as the URL.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

Open a NAM console session from the router. See the "Closing a Session" section.

or

Open a Telnet or SSH session to the NAM. See the "Opening and Closing a Telnet or SSH Session to the NAM" section.

Accesses the NAM CLI.

Step 2 

ip http server enable


or

ip http secure server enable

Example:

root@localhost# ip http server enable

Example:

root@localhost# ip http secure server enable

Enables the HTTP server.

or

Enables the HTTP secure server (HTTPs).

Step 3 

Enter a web username.

or

Press Return to enter the default web username admin

Example:

Please enter a web administrator user name [admin]: joeadmin

Example:

Please enter a web administrator user name [admin]: <CR>

Configures a web username.

The NAM requires at least one web username and password configuration.

If NAM does not prompt you for a web username and password, then at least one web username and password combination was previously configured.

Step 4 

Enter a password.

Example:
New password: <adminpswd>

Configures a password for the web username.

Step 5 

Enter the password again.

Example:
Confirm password: <adminpswd>

Confirms the password for the web username.

Step 6 

On your PC, open a web browser.

Step 7 

In the web browser, enter the NAM system IP address or hostname as the URL.

Example:

http://172.20.105.215/

Example:

https://172.20.105.215/

Example:

http://nam1/

Opens the NAM Traffic Analyzer in your web browser.

You are automatically redirected to the NAM Traffic Analyzer login page.

Examples

This section provides the following examples:

Enabling the NAM Traffic Analyzer

Accessing the NAM Traffic Analyzer

Enabling the NAM Traffic Analyzer

root@nam1# ip http server enable 
Enabling HTTP server...

No web users are configured.
Please enter a web administrator user name [admin]: <CR> 
New password: <pswd> 
Confirm password: <pswd> 

User admin added.
Successfully enabled HTTP server.
root@nam1#

Accessing the NAM Traffic Analyzer

When you enter the NAM system IP address or hostname as the URL in a web browser, the NAM Traffic Analyzer login window appears. You must enter the username and password, and click the login button to enter into the system.

What to Do Next

For information on the NAM Traffic Analyzer, see the User Guide for your NAM software release. This document is available as online help within the NAM Traffic Analyzer application and on Cisco.com at the following URL:

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/5.1/user/guide/nam50_ug.html

Changing the NAM Root Password

This procedure sets a new password to access the root (read/write) level of NAM, where you can enter NAM CLI commands. The factory-set default root password is root.

Prerequisites

Before performing this task, access the NAM console by performing the steps described in the "Closing a Session" section.

SUMMARY STEPS

1. password root

2. Enter the new password.

3. Enter the new password again.

4. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

password root

Example:

root@localhost.company.com# password root

Starts the process of changing the NAM root (read/write) level password.

Step 2 

Enter the new password.

Example:

New UNIX password: <password>

Enters the new password.

Step 3 

Enter the new password again.

Example:

Retype new UNIX password: <password>

Confirms the new password.

Step 4 

exit

Example:

root@localhost# exit

Logs out of the NAM system.

Examples

This section provides the following examples:

Changing the NAM Root Password

Verifying the NAM Root Password

Changing the NAM Root Password

root@nam1.company.com# password root 
Changing password for user root 
New UNIX password: <rtpswd> 
Retype new UNIX password: <rtpswd> 
passwd:all authentication tokens updated successfully 
root@nam1.company.com# 
root@nam1.company.com# exit 

Verifying the NAM Root Password

nam1.company.com login: root 
Password: <rtpswd> 
Terminal type: vt100

Cisco Network Analysis Module (SM-SRE) Console, 5.1
Copyright (c) 2007-2010 by Cisco Systems, Inc.

root@nam1.company.com#
root@nam1.company.com# exit 

Troubleshooting Tips

If you forget the NAM root password, see the "Resetting the NAM Root Password to the Default Value" section.

Resetting the NAM Root Password to the Default Value

This procedure resets the NAM root password to the default value of root. Use this procedure when you cannot remember the NAM root password and need to access the NAM CLI.

SUMMARY STEPS

1. enable

2. service-module sm slot/0 password-reset

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

service-module sm slot/0 password-reset


Example:

Router# service-module sm 1/0 password-reset

Reloads the software on the SM-SRE.

Troubleshooting Tips

If you have trouble opening a NAM console session from the router, ensure that the NAM console line is clear by entering the service-module analysis-module slot/0 session clear command in privileged EXEC mode.

What to Do Next

Verify that the default root password of root is accepted by performing the steps described in the "Closing a Session" section.

To change the NAM root password, see the "Changing the NAM Root Password" section.

Opening and Closing a Telnet or SSH Session to the NAM

This procedure opens and closes a Telnet or SSH session to the NAM. This procedure is not commonly performed, because you would typically use the NAM Traffic Analyzer (web GUI) to monitor and maintain the NAM. If, however, you cannot access the NAM Traffic Analyzer, then you might want to use Telnet or SSH to troubleshoot from the NAM CLI.

If your SM-SRE is not properly configured for Telnet or SSH access (see the following Prerequisites section), then you can open a Telnet session to the router in which the SM-SRE is installed, and then open a NAM console session from the router. See the "Opening a Session" section.

Prerequisites

Configure the NAM system IP address. Optionally, set the NAM system hostname. See the "Configuring Cisco SRE NAM For Network Connectivity" section.

Verify NAM network connectivity by performing one of the following ping tests:

From a host beyond the gateway, ping the NAM system IP address.

From the NAM CLI, ping the NAM system default gateway.

Telnet Prerequisites

Enter the exsession on NAM CLI command. See Step 5 of the "Configuring Cisco SRE NAM For Network Connectivity" section.

SSH Prerequisites

Install the NAM software K9 cryptographic patch, which you can download from Cisco.com.

Enter the exsession on ssh NAM CLI command. See Step 5 of the "Configuring Cisco SRE NAM For Network Connectivity" section.

SUMMARY STEPS

1. telnet {ip-address | hostname}
or
ssh {ip-address | hostname}

2. At the login prompt, enter root.

3. At the password prompt, enter your password.
or
If you have not changed the password from the factory-set default, enter root as the root password.

4. Perform the tasks that you need to perform in the NAM CLI. When you want to end the Telnet or SSH session to the NAM and return to the Cisco IOS CLI, complete Step 5 and Step 6.

5. exit

6. logout

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

telnet {ip-address | hostname}

or

ssh {ip-address | hostname}

Example:

Router# telnet 10.20.30.40

Example:

Router# ssh 10.20.30.40

Logs in to a host that supports Telnet.

or

Starts an encrypted session with a remote networking device.

Use the NAM system IP address or NAM system hostname.

Step 2 

At the login prompt, enter root.

Example:

login: root

Accesses the root (read/write) level of NAM.

Step 3 

At the password prompt, enter your password.

or

If you have not changed the password from the factory-set default, enter root as the root password.

Example:

Password: root

Step 4 

Perform the tasks that you need to perform in the NAM CLI. When you want to end the Telnet or SSH session to the NAM and return to the Cisco IOS CLI, complete Step 5 and Step 6.

For help using NAM CLI commands, see the "Configuring the Cisco SRE NAM for Management" section.

Step 5 

exit

Example:

root@localhost(sub-custom-filter-capture)# exit

root@localhost#

Leaves a subcommand mode.

Return to command mode.

Step 6 

logout

Example:

root@localhost# logout


Connection closed by foreign host.

Logs out of the NAM system.

Examples

This section provides the following examples:

Opening and Closing a Telnet Session to the NAM Using the NAM System IP Address

Opening and Closing an SSH Session to the NAM Using the NAM System Hostname

Opening and Closing a Telnet Session to the NAM Using the NAM System IP Address

Router> telnet 172.20.105.215 
Trying 172.20.105.215 ... Open

Cisco Network Analysis Module (SM-SRE)

login: root 
Password: <password> 
Terminal type: vt100

Cisco Network Analysis Module (SM-SRE) Console, 5.1
Copyright (c) 1999-2010 by cisco Systems, Inc.

WARNING! Default password has not been changed!
root@nam.company.com#
root@nam.company.com# logout 

[Connection to 172.20.105.215 closed by foreign host]
Router>

Opening and Closing an SSH Session to the NAM Using the NAM System Hostname

host [/home/user] ssh -l root nmnam2 
root@nmnam2's password: <password> 
Terminal type: vt100

Cisco Network Analysis Module (SM-SRE) Console, 5.1
Copyright (c) 1999-2010 by Cisco Systems, Inc.

WARNING! Default password has not been changed!
root@nmnam2.company.com# 
root@nmnam2.company.com# logout 

Connection to nmnam2 closed.
host [/home/user]

Managing the Cisco SRE NAM

This section contains the following information:

Shutting Down and Starting Up SRE NAM

Verifying System Status

Configuring Logging Options and Generating Diagnostics


NoteThe tables in these sections show only common router and network module commands.

To view a complete list of available commands, type ? at the prompt
(Example: Router(config-if)# ?).

To view a complete list of command keyword options, type ? at the end of the command
(Example: Router# service-module sm ?).

The tables group commands by the configuration mode in which they are available. If the same command is available in more than one mode, it might act differently in each mode.


Shutting Down and Starting Up SRE NAM

To shut down or start up the network module or the SRE NAM application that runs on the module, use commands as needed from the following list of common router and network module commands (Table 3).


NoteSome shutdown commands can potentially disrupt service. If command output for such a command displays a confirmation prompt, confirm by pressing Enter or cancel by entering n and pressing Enter. Alternatively, prevent the prompt from displaying by using the no-confirm keyword.

Some commands shut the module or application down and then immediately restart it.


Table 3 Common Shutdown and Startup Commands 

Configuration Mode
Command
Purpose
Router#

service-module sm slot/0 reload

Shuts down the network module operating system gracefully, then restarts it from the bootloader.

Router#

service-module sm slot/0 reset

Resets the hardware on a module. Use only to recover from shutdown or a failed state.


Caution Use this command with caution. It does not provide an orderly software shutdown and consequently might impact file operations that are in progress.
Router#

service-module sm slot/0 session

Accesses the specified service engine and begins a network module configuration session.

Router#

service-module sm slot/0 shutdown

Shuts down the network module operating system gracefully. Use when removing or replacing a hot-swappable module during online insertion and removal (OIR).

Router#

service-module sm slot/0 status

Displays configuration and status information for the network module hardware and software.

Router(config
)#

shutdown

Shuts down the entire system (host router plus network module) gracefully.

ServiceEngine 
bootloader>

boot

Starts the helper or application.

ServiceEngine 
bootloader>

reboot

Shuts down SM-SRE without first saving configuration changes, then reboots it from the bootloader.

root@hostname
.domain

reboot

Gracefully reboots SM-SRE from the NAM CLI.

root@hostname
.domain

shutdown

Shuts down the SM-SRE application gracefully, then shuts down the module.


Verifying System Status

To verify the status of an installation, upgrade, or downgrade or to troubleshoot problems, use commands as needed from the following list of common router and network module commands (Table 4).


Note Among keyword options for many show commands is provision to display diagnostic output on your screen or to pipe it to a file or a URL.


Table 4 Common Verification and Troubleshooting Commands 

Configuration Mode
Command
Purpose
Router#

ping

Pings a specified IP address to check network connectivity (does not accept a hostname as destination).

Router#

show arp

Displays the current Address Resolution Protocol (ARP) table.

Router#

show clock

Displays the current date and time.

Router#

show configuration

Displays the current bootloader configuration as entered by means of the configure command.

Router#

show controllers service-engine

Displays interface debug information.

Router#

show diag

Displays standard Cisco IOS diagnostics information, including information about SM-SRE.

Router#

show hardware

Displays information about network module and host-router hardware.

Router#

show hosts

Displays the default domain name, style of name lookup, list of name-server hosts, and cached list of hostnames and addresses

Router#

show interfaces

Displays information about all hardware interfaces, including network and disk.

Router#

show sm

Displays information about the module side of the router-module interface.

Router#

show ntp status

Displays information about Network Time Protocol (NTP).

Router#

show processes

Displays a list of the running application processes.

Router#

show running-config

Displays the configuration commands that are in effect.

Router#

show startup-config

Displays the startup configuration.

Router#

show tech-support

Displays general information about the host router that is useful to Cisco technical support for problem diagnosis.

Router#

show version

Displays information about the loaded router, software or network module bootloader version, and also hardware and device information.

Router#

test scp ping

Pings the network module to check network connectivity.

Router#

verify

Displays version information for installed hardware and software.

SE-Module>

ping

Pings a specified IP address to check network connectivity (does not accept a hostname as destination).


Configuring Logging Options and Generating Diagnostics

To configure logging options for SRE NAM, use commands as needed from the list of common network module commands shown in Table 5 and Table 6.


Note Some keyword options for many of the log and trace commands is provision to display diagnostic output on your screen or to pipe it to a file or a URL.


Table 5 Common Syslog Commands 

Configuration Mode
Command
Purpose
Router#

show log

Displays the contents of the specified log.

show logs

Displays a list of available log files.

copy log

Saves the syslog to a destination of your choice.


Table 6 Common Trace Commands 

Command
Purpose

clear trace

Clears logged trace events for specified modules.

log trace

Logs configured traces to the network module (can be done locally or remotely).

no trace

Disables tracing for specified modules, entities, or activities.

show errors

Displays error statistics by module, entity, or activity.

show trace

Displays trace settings.

show trace buffer

Displays the contents of the trace buffer.

show trace store

Displays the contents of the traced messages that are stored.

trace

Enables tracing (that is, generates error reports) for specified modules, entities, or activities.


Additional References

The following sections provide references related to SRE NAM features.

Table 7 Related Documentation

Related Topic
Document Title

Links to software downloads, product documentation, and technical documentation

Cisco Network Analysis Module (NAM) Software at http://www.cisco.com/en/US/products/sw/cscowork/ps5401/
tsd_products_support_series_home.html

Network modules

Installing Cisco Network Modules in Cisco Access Routers at http://www.cisco.com/en/US/docs/routers/access/interfaces/nm/
hardware/installation/guide/InstNetM.html

Advanced Integration Modules (AIMs)

Installing Advanced Integration Modules in Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series Routers at http://www.cisco.com/en/US/docs/routers/access/2600/hardware/
module/installation/guide/aims_ins.html

Service Modules

Cisco SRE Service Module Configuration and Installation Guide at http://www.cisco.com/en/US/docs/routers/access/interfaces/software/feature/guide/ism-sm-sre.html

Installing Cisco Integrated Services Routers Generation Two.

Cisco 2900 and 3900 Series Hardware Installation at http://www.cisco.com/en/US/partner/docs/routers/access/2900/
hardware/installation/guide/Install_Connect.html

Safety and compliance

Cisco Network Modules and Interface Cards Regulatory Compliance and Safety Information at http://www.cisco.com/en/US/docs/routers/access/interfaces/rcsi/
IOHrcsi.html

Accessing the ROM monitor and issuing commands.

ROM Monitor Download Procedures for Cisco 2691, Cisco, 3631, Cisco 3725, and Cisco 3745 Routers at http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/cis2600/sw_conf/piperrom.htm

Cisco IOS interface commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

Cisco IOS Interface and Hardware Component Command Reference at http://www.cisco.com/en/US/products/ps6441/tsd_products_support_series_home.html

Configure a switch port analyzer (SPAN) session on Cisco series routers.

16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series at

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/
ft1636nm.html

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards at http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/
esw_cfg.html

IP unnumbered interfaces

Understanding and Configuring the ip unnumbered Command at http://www.cisco.com/application/pdf/paws/13786/20.pdf

Authentication, authorization, and accounting (AAA)

Cisco IOS Security Configuration Guide at http://www.cisco.com/en/US/products/ps6441/products_installation_and_configuration_guides_list.html

Cisco IOS software

Cisco IOS Software Releases 12.4 T at http://www.cisco.com/en/US/products/ps6441/tsd_products_support_series_home.html


RFCs

RFCs
Title

RFC 768

User Datagram Protocol

RFC 793

Transmission Control Protocol

RFC 826

Ethernet Address Resolution Protocol

RFC 959

File Transfer Protocol

RFC 1165

Network Time Protocol

RFC 1213

Remote Network Monitoring Management Information Base Version 2 using SMIv2

RFC 1350

The TFTP Protocol

RFC 2074

Remote Network Monitoring MIB Protocol Identifiers

RFC 2613

Remote Network Monitoring MIB Extensions for Switch Networks Version 1.0

RFC 2896

Remote Network Monitoring Management Information Base

RFC 3164

The BSD Syslog Protocol

RFC 3273

Remote Network Monitoring Management Information Base for High Capacity Networks

RFC 3287

Remote Monitoring MIB Extensions for Differentiated Services


Feature Information for Network Analysis Module

For information on a feature in this technology that is not documented here, see the product documentation at the following URL: http://www.cisco.com/en/US/products/sw/cscowork/ps5401/tsd_products_support_series_home.html

For release information about a specific command, see the command reference documentation. Not all commands might be available in your Cisco IOS software release.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Glossary

AAA

Authentication, authorization, and accounting, pronounced triple A.

access list

A list kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).

AIM

Asynchronous interface module. Type of network module.

appliance

Alternate term for network module.

ARP

Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address.

blade

Alternate term for network module.

boothelper

See helper.

bootloader

A small set of system software that runs when the system first powers up. It loads the operating system (from the disk, network, external flash, or external USB flash), which loads and runs the Cisco SRE NAM application. The bootloader might optionally load and run the boothelper.

CEF

Cisco Express Forwarding

Flooding

Traffic passing technique used by switches and bridges in which traffic received on an interface is sent out all the interfaces of that device except the interface on which the information was received originally.

FTP

File Transfer Protocol. Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes.

GRE

Generic routing encapsulation. Tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP internetwork. By connecting multiprotocol subnetworks in a single-protocol backbone environment, IP tunneling using GRE allows network expansion across a single-protocol backbone environment.

GUI

Graphical user interface. A user environment that uses pictorial as well as textual representations of the input and the output of applications and the hierarchical or other data structure in which information is stored. Such conventions as buttons, icons, and windows are typical, and many actions are performed using a pointing device (such as a mouse). Microsoft Windows and the Apple Macintosh are prominent examples of platforms using a GUI.

helper
(previously known as
boothelper)

A small subset of the system software that runs on the module. It boots the module from the network and assists in software installation and upgrades, disaster recovery, and other operations when the module cannot access its software.

IP Multicast

Routing technique that allows IP traffic to be propagated from one source to a number of destinations or from many sources to many destinations. Rather than sending one packet to each destination, one packet is sent to a multicast group identified by a single IP destination group address.

MIB

Management Information Base. Database of network management information that is used and maintained by a network management protocol, such as SNMP or Common Management Information Protocol (CMIP). The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.

NAT

Network Address Translation. Mechanism for reducing the need for globally unique IP addresses. NAT allows an organization with addresses that are not globally unique to connect to the Internet by translating those addresses into globally routable address space. Also known as Network Address Translator.

NetFlow

A feature of some routers that allows them to categorize incoming packets into flows. Because packets in a flow often can be treated in the same way, this classification can be used to bypass some of the work of the router and accelerate its switching operation.

network module

Type of network module.

NTP

Network Time Protocol. Protocol built on top of TCP that ensures accurate local time-keeping with reference to radio and atomic clocks located on the Internet. This protocol is capable of synchronizing distributed clocks within milliseconds over long time periods.

PCI

Peripheral Component Interconnect. An industry local bus standard.

QoS

Quality of Service. Cisco IOS QoS technology lets complex networks control and predictably service a variety of networked applications and traffic types.

Service engine

Content-networking product (hardware plus software) that accelerates content delivery, ensuring maximum scalability and availability of content.

Service (or services) engine

Alternate term for network module with installed application software.

service module

Standalone content engine with its own startup and run-time configurations that are independent of the Cisco IOS configuration on the router.

SNMP

Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. SNMPv2c supports centralized and distributed network management strategies and includes improvements in the Structure of Management Information (SMI), protocol operations, management architecture, and security. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.

SRE

Services Ready Engine.

SSH

Secure Shell Connection protocol is a protocol that provides a secure remote connection to a router through a Transmission Control Protocol (TCP) application.

syslog

Industry-standard protocol for capturing log information for devices on a network.

TCP

Transmission Control Protocol. Connection-oriented transport-layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.

TFTP

Trivial File Transfer Protocol. Simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password).

telnet

Network protocol used to make unsecure internet connections to the application server.

UDP

User Datagram Protocol. Connectionless transport-layer protocol in the TCP/IP protocol stack that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retransmission be handled by other protocols.

VoIP

Voice over IP. The capability to carry normal telephony-style voice over an IP-based Internet with POTS-like functionality, reliability, and voice quality. VoIP enables a router to carry voice traffic (for example, telephone calls and faxes) over an IP network. In VoIP, the digital signal processor (DSP) segments the voice signal into frames, which then are coupled in groups of two and stored in voice packets. These voice packets are transported using IP in compliance with ITU-T specification H.323.



Note For terms not included in this glossary, see a reference like the Cisco IOS Voice Configuration Library Glossary at http://www.cisco.com/en/US/docs/ios/12_3/vvf_c/cisco_ios_voice_configuration_library_glossary/
VCLgloss.html

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.