Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.3 Special and Early Deployments

Network Analysis Module (NM-NAM)

Downloads

Table Of Contents

Network Analysis Module (NM-NAM)

Contents

Prerequisites for the Network Analysis Module (NM-NAM)

Restrictions for the Network Analysis Module (NM-NAM)

Information About the Network Analysis Module (NM-NAM)

NM-NAM Hardware

NAM User Interfaces

NAM Network Interfaces

Analysis-Module Interface

Internal NAM Interface

External NAM Interface

NM-NAM Operating Topologies and IP Address Assignments

Management Traffic—Choose One of the NM-NAM Interfaces

Monitored Traffic—Use One or Both of the NM-NAM Interfaces

Sample Operating Topologies

NAM CLI

NAM CLI Access

NAM CLI Prompt

Basic NAM CLI Commands

NAM CLI Context-Sensitive Help

How to Configure and Manage the Network Analysis Module (NM-NAM)

Configuring the Analysis-Module Interface on the Router

Examples

What to Do Next

Disabling AAA Login Authentication on the NAM Console Line

What to Do Next

Opening and Closing a NAM Console Session from the Router

Examples

Troubleshooting Tips

What to Do Next

Configuring the NM-NAM

Prerequisites

Examples

What to Do Next

Configuring a Static Route to the NAM Through the Analysis-Module Interface

Examples

What to Do Next

Enabling NAM Packet Monitoring

Example

What to Do Next

Enabling and Accessing the NAM Traffic Analyzer

Prerequisites

Restrictions

Examples

What to Do Next

Changing the NAM Root Password

Prerequisites

Examples

Troubleshooting Tips

Resetting the NAM Root Password to the Default Value

Example

Troubleshooting Tips

What to Do Next

Opening and Closing a Telnet or SSH Session to the NAM

Prerequisites

Examples

Upgrading the NAM Software

NAM Software Images

Types of NAM Software Upgrades

Prerequisites

Upgrading the NAM Software—Patch

Upgrading the NAM Software—Full Image

Examples

Troubleshooting Tips

Configuration Examples for the Network Analysis Module (NM-NAM)

NAM Management Interface Is Internal and Analysis-Module Interface Is Assigned an IP Address: Example

NAM Management Interface Is Internal and Analysis-Module Interface Is IP Unnumbered: Example

NAM Management Interface Is External and Analysis-Module Interface Is IP Unnumbered: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

analysis-module monitoring

interface analysis-module

service-module analysis-module reload

service-module analysis-module reset

service-module analysis-module session

service-module analysis-module shutdown

service-module analysis-module status

show controllers analysis-module

show interfaces analysis-module

Glossary


Network Analysis Module (NM-NAM)

The Network Analysis Module (NM-NAM) feature is a network module that monitors and analyzes network traffic for a system using extended Remote Monitoring (RMON) standards, RMON2, and other Management Information Bases (MIBs).

Note The Network Analysis Module (NAM) is available in multiple hardware forms for some Cisco routers and Catalyst switches. This document applies only to the NAM for branch routers, also known as modular access, multiservice, or integrated services routers.

NAM provides Layer 2 to Layer 7 visibility into network traffic for remote troubleshooting, real-time traffic analysis, application performance monitoring, capacity planning, and managing network-based services, including quality of service (QoS) and Voice over IP (VoIP). The NAM Traffic Analyzer is software that is embedded in the NM-NAM that gives you browser-based access to the RMON1, RMON2, DSMON, and voice monitoring features of the NAM.

Feature History for NM-NAM

Release
Modification

12.3(4)XD

This feature was introduced on the following platforms: Cisco 2600XM series, Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745.

12.3(7)T

This feature was integrated into Cisco IOS Release 12.3(7)T.

12.3(8)T4

This feature was implemented on the following platforms: Cisco 2811, Cisco 2821, and Cisco 2851.

12.3(11)T

This feature was implemented on the Cisco 3800 series.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for the Network Analysis Module (NM-NAM)

Restrictions for the Network Analysis Module (NM-NAM)

Information About the Network Analysis Module (NM-NAM)

How to Configure and Manage the Network Analysis Module (NM-NAM)

Configuration Examples for the Network Analysis Module (NM-NAM)

Additional References

Command Reference

Glossary

Prerequisites for the Network Analysis Module (NM-NAM)

Install Cisco IOS Release 12.3(4)XD, Cisco IOS Release 12.3(7)T, or a later release.

Install the NM-NAM network module. Make sure that the network module is properly seated and that the EN (enable) and PWR (power) LEDs come on. Refer to the Cisco Network Modules Hardware Installation Guide.

For Cisco 2691, Cisco 3725, and Cisco 3745 routers only, make sure that the router runs ROM Monitor (ROMMON) Version 12.2(8r)T2 or a later version. This ROMMON version contains a fix that prevents the router from resetting all the network modules when it is reloaded. Refer to the ROM Monitor Download Procedures for Cisco 2691, Cisco, 3631, Cisco 3725, and Cisco 3745 Routers.

Restrictions for the Network Analysis Module (NM-NAM)

General Restrictions

Cisco IOS Release 12.3(4)XD, Cisco IOS Release 12.3(7)T, or a later release is required.

Network Analysis Module Release 3.2 or a later release is required.

Only one NM-NAM can be installed in the router at any time.

SNMPv3 is not supported.

Online insertion and removal (OIR), or hot swapping network modules, is supported on some platforms. To find out if your router supports hot swapping, refer to the Network Modules Quick Start Guide.

Traffic Monitoring Restrictions for the Internal NAM Interface

The following restrictions apply only to traffic that is monitored through the internal NAM interface:

Only IP traffic can be monitored.

The NAM Traffic Analyzer (web GUI) provides Layer 3 and higher layer information about the original packets. The Layer 2 header is modified by the router when it forwards the packets to the NAM, so the Layer 2 information that the NAM records is not applicable to the original packets.

When Network Address Translation (NAT) is used, the router forwards packets containing the NAT "inside" network addresses to the NAM.

When access control lists are used:

Packets dropped by an inbound access list are not forwarded to the NAM.

Packets dropped by an outbound access list are forwarded to the NAM for analysis.

The NAM does not monitor the following:

Packets that are dropped by the Cisco IOS because of errors

Outbound IP multicast, IP broadcast, and User Datagram Protocol (UDP) flooding packets

Packets in generic routing encapsulation (GRE) tunnels

Note The previous restrictions (in the "Traffic Monitoring Restrictions for the Internal NAM Interface" section) do not apply to traffic monitored through the external NAM interface.

Information About the Network Analysis Module (NM-NAM)

To configure and manage the NM-NAM, you should understand the following concepts:

NM-NAM Hardware

NAM User Interfaces

NAM Network Interfaces

NM-NAM Operating Topologies and IP Address Assignments

NAM CLI

Note For NM-NAM features and benefits, supported hardware and software, and other product information, refer to the Cisco Branch Router Network Analysis Module Data Sheet.

NM-NAM Hardware

For information on hardware installation and cable connections, refer to the Cisco Network Modules Hardware Installation Guide.

Specifications

Table 1 NM-NAM Specifications 

Specification
Description

Processor

500 Mhz Intel Mobile Pentium III

SDRAM

256 MB

Internal disk storage

NM-NAM 20 GB IDE

Dimensions (H x W x D)

1.55 x 7.10 x 7.2 in. (3.9 x 18.0 x 19.3 cm)

Weight

1.5 lb (0.7 kg) (maximum)

Operating temperature

3° to 104°F (0° to 40°C)

Nonoperating temperature

-40° to 185°F (-40° to 85°C)

Humidity

5 to 95% noncondensing

Operating altitude

0 to 10,000 ft (0 to 3,000 m)


Faceplate and LEDs

Figure 1 NM-NAM Faceplate and LEDs

Figure 1
Callout
LED
Indicates
1

DISK

There is activity on the hard drive.

2

LINK

The Fast Ethernet connection is available to the network module.

3

ACT

There is activity on the Fast Ethernet connection.

4

PWR

Power is available to the network module.

5

EN

The module has passed self-test and is available to the router.


NAM User Interfaces

The NAM has three user interfaces:

Web GUI—The NAM Traffic Analyzer provides a browser-based GUI to configure and monitor the NAM.

CLI—A NAM-specific command-line interface is used to configure NAM. It can be accessed through a NAM console session from the router or through Telnet or Secure Shell Protocol (SSH) over the network.

SNMP—The NAM supports SNMPv1 and SNMPv2c access to the RMON MIBs. Note that the NAM Simple Network Management Protocol (SNMP) agent is separate from the SNMP agent in the router; the agents use different IP addresses and have independent communities.

NAM Network Interfaces

The NAM uses three interfaces for communication (see Figure 2):

Analysis-Module Interface

Internal NAM Interface

External NAM Interface

Note The NM-NAM does not have an external console port. To access the NAM console, open a NAM console session from the router or use Telnet or SSH over the network. The lack of an external console port on the NM-NAM means that the initial boot configuration is possible only through the router.

Figure 2 NAM Network Interfaces

Figure 2
Callout
Interface
Location
Configure and Manage From
1

Internal NAM interface

NM-NAM internal

NAM CLI

2

Analysis-Module interface

Router internal

Cisco IOS CLI

3

External NAM interface

NM-NAM faceplate

NAM CLI


Analysis-Module Interface

The Analysis-Module interface is used to access the NAM console for the initial configuration. After configuring the NAM IP parameters, the Analysis-Module interface is typically used only during NAM software upgrades and while troubleshooting if the NAM Traffic Analyzer is inaccessible.

Visible only to the Cisco IOS software on the router, the Analysis-Module interface is an internal Fast Ethernet interface on the router that connects to the internal NAM interface. The Analysis-Module interface is connected to the router's Peripheral Component Interconnect (PCI) backplane, and all configuration and management of the Analysis-Module interface must be performed from the Cisco IOS CLI.

Internal NAM Interface

The internal NAM interface is used for monitoring traffic that passes through router interfaces. You can also select the internal NAM interface as the management interface for the NAM.

Visible only to the NAM software on the NM-NAM, the internal NAM interface is the Fast Ethernet interface on the NM-NAM that connects to the Analysis-Module interface on the router. The internal NAM interface is connected to the PCI bus on the NM-NAM, and all configuration and management of the internal NAM interface must be performed from the NAM software.

External NAM Interface

The external NAM interface can be used to monitor LAN traffic. You can also select the external NAM interface as the management interface for the NAM.

Visible only to the NAM software on the NM-NAM, the external NAM interface is the Fast Ethernet interface on the NM-NAM faceplate (see Figure 1). The external NAM interface supports data requests and data transfers from outside sources, and it provides direct connectivity to the LAN through an RJ-45 connector. All configuration and management of the external NAM interface must be performed from the NAM software.

NM-NAM Operating Topologies and IP Address Assignments

This section includes the following topics:

Management Traffic—Choose One of the NM-NAM Interfaces

Monitored Traffic—Use One or Both of the NM-NAM Interfaces

Sample Operating Topologies

Management Traffic—Choose One of the NM-NAM Interfaces

Select either the internal or external NAM interface to handle management traffic such as IP, HTTP, SNMP, Telnet, and SSH. You cannot send management traffic through both NAM interfaces at the same time.

How you assign IP addresses on the NAM network interfaces depends on which NAM interface, internal or external, you use for management traffic. See the following sections:

Internal NAM Interface for Management Traffic—How to Assign IP Addresses

External NAM Interface for Management Traffic—How to Assign IP Addresses

Internal NAM Interface for Management Traffic—How to Assign IP Addresses

If you select the internal NAM interface to handle management traffic:

For the Analysis-Module interface (in Cisco IOS CLI), assign an IP address from a routable subnet. To conserve IP address space, you can configure the Analysis-Module as an IP unnumbered interface and borrow the IP address of another router interface, such as a Fast Ethernet or loopback interface. The borrowed IP address must come from a routable subnet.

For the NAM system (in NAM CLI), assign an IP address from the same subnet that is assigned to the Analysis-Module interface.

External NAM Interface for Management Traffic—How to Assign IP Addresses

If you select the external NAM interface to handle management traffic:

For the Analysis-Module interface (in Cisco IOS CLI), we recommend that you use the IP unnumbered interface configuration to borrow the IP address of another router interface. The subnet does not need to be routable.

For the NAM system (in NAM CLI), assign an IP address from the subnet that is connected to the external NAM interface.

Monitored Traffic—Use One or Both of the NM-NAM Interfaces

You can use either or both the internal and external NAM interfaces for monitoring traffic:

Internal NAM Interface—Monitor LAN and WAN Traffic

External NAM Interface—Monitor LAN Traffic

The same interface can be used for both management traffic and monitored traffic simultaneously.

Internal NAM Interface—Monitor LAN and WAN Traffic

When you monitor traffic through the internal NAM interface, you must enable NAM packet monitoring on each router interface that you want to monitor. NAM packet monitoring uses Cisco Express Forwarding (CEF) to send a copy of each packet that is received or sent out of the router interface to the NAM.

Note Some restrictions apply when monitoring traffic through the internal NAM interface. See the "Traffic Monitoring Restrictions for the Internal NAM Interface" section.

Monitoring traffic through the internal NAM interface enables the NAM to see any encrypted traffic after it has already been decrypted by the router.

Note Traffic sent through the internal NAM interface—and the router's Analysis-Module interface—uses router resources such as CPU, SDRAM bandwidth, and backplane PCI bandwidth. Therefore, we recommend that you use the internal NAM interface to monitor WAN interfaces, and use the external NAM interface to monitor LAN interfaces.

External NAM Interface—Monitor LAN Traffic

Monitoring traffic through the external NAM interface does not impact router resources. Therefore, we recommend that you use the external NAM interface to monitor LAN traffic.

To monitor ports on Ethernet switching cards or modules (NM-16ESW-x, NMD-36ESW-x, HWIC-4ESW, or HWIC-D-9ESW), configure a Switched Port Analyzer (SPAN) session whose destination is the Ethernet switch port that connects to the external NAM interface. For more information about configuring SPAN for these cards and modules, refer to the following documents:

16- and 36-Port Ethernet Switch Module for Cisco 2600 Series, Cisco 3600 Series, and Cisco 3700 Series, Cisco IOS feature module

Cisco HWIC-4ESW and HWIC-D-9ESW EtherSwitch Interface Cards, Cisco IOS feature module

Sample Operating Topologies

In each of the following topologies, the router's LAN interface is monitored through the external NAM interface, and the router's WAN interface is monitored through the internal NAM interface:

NAM Management Interface Is Internal and Analysis-Module Interface Is Assigned an IP Address

NAM Management Interface Is Internal and Analysis-Module Interface Is IP Unnumbered

NAM Management Interface Is External and Analysis-Module Interface Is IP Unnumbered

To see sample configurations for the following topologies, see the "Configuration Examples for the Network Analysis Module (NM-NAM)" section.

NAM Management Interface Is Internal and Analysis-Module Interface Is Assigned an IP Address

Figure 3 shows a sample topology, in which:

The internal NAM interface is used for management traffic.

IP addresses from the same routable subnet are assigned to the Analysis-Module interface and the NAM system.

Figure 3 Sample Topology: NAM Management Interface Is Internal and Analysis-Module Interface Is Assigned an IP Address

Figure 3
Callout
Interface
Location
1

Analysis-Module interface

Router internal

2

Internal NAM interface (management)

NM-NAM internal

3

External NAM interface

NM-NAM faceplate

4

Serial interface

WAN interface card (WIC)

5

Fast Ethernet interface

Router rear panel


NAM Management Interface Is Internal and Analysis-Module Interface Is IP Unnumbered

Figure 4 shows a sample topology, in which:

The internal NAM interface is used for management traffic.

IP addresses from the same routable subnet are assigned to the Analysis-Module interface and the NAM system.

To conserve IP address space, the Analysis-Module interface is configured as IP unnumbered to borrow the IP address of the Fast Ethernet interface.

Figure 4 Sample Topology: NAM Management Interface Is Internal and Analysis-Module Interface Is IP Unnumbered

Figure 4
Callout
Interface
Location
1

Analysis-Module interface

Router internal

2

Internal NAM interface (management)

NM-NAM internal

3

External NAM interface

NM-NAM faceplate

4

Serial interface

WAN interface card (WIC)

5

Fast Ethernet interface

Router rear panel


NAM Management Interface Is External and Analysis-Module Interface Is IP Unnumbered

Figure 5 shows a sample topology where:

The external NAM interface is used for management traffic.

The Analysis-Module interface is configured as IP unnumbered to borrow an IP address from the loopback interface.

The borrowed loopback interface IP address is not routable.

The NAM system is configured with an IP address from the LAN subnet that is connected to the external NAM interface.

Figure 5 Sample Topology: NAM Management Interface Is External and Analysis-Module Interface Is IP Unnumbered

Figure 5
Callout
Interface
Location
1

Analysis-Module interface

Router internal

2

Internal NAM interface

NM-NAM internal

3

External NAM interface (management)

NM-NAM faceplate

4

Loopback interface

Router internal

5

Serial interface

WAN interface card (WIC)

6

Fast Ethernet interface

Router rear panel


NAM CLI

This section includes the following topics:

NAM CLI Access

NAM CLI Prompt

Basic NAM CLI Commands

NAM CLI Context-Sensitive Help

NAM CLI Access

There are three ways to access the NAM CLI:

Open a NAM console session from the router in which the NM-NAM is installed—See the "Opening and Closing a NAM Console Session from the Router" section.

Telnet—See the "Opening and Closing a Telnet or SSH Session to the NAM" section.

SSH—See the "Opening and Closing a Telnet or SSH Session to the NAM" section.

Until you properly configure the NAM IP parameters, the only way to access the NAM CLI is by opening a NAM console session from the router.

NAM CLI Prompt

The NAM CLI prompt is root@nam-system-hostname#. For example, if the NAM system hostname is configured as "nam1," then the NAM CLI prompt appears as root@nam1#.

If the NAM system hostname has not yet been configured, the NAM CLI prompt is root@localhost#.

Basic NAM CLI Commands

Table 2 briefly describes the basic NAM CLI commands that are used for initial configuration and maintenance of the NM-NAM. For a complete description of all NAM CLI commands, refer to the Network Analysis Module Command Reference for your NAM software release.

Note Although NAM CLI commands appear similar to Cisco IOS commands, the commands described in Table 2 operate in the NAM CLI only.

Table 2 Basic NAM CLI Commands 

NAM CLI Command
Purpose

exsession on

Enables outside logins (Telnet).

exsession on ssh

Enables outside logins (SSH).

ip address

Sets the system IP address.

ip broadcast

Sets the system broadcast address.

ip domain

Sets the system domain name.

ip gateway

Sets the system default gateway address.

ip host

Sets the system hostname.

ip http secure server enable

Enables the secure HTTP server.

ip http server enable

Enables the HTTP server.

ip interface external

Selects the external NAM interface for management traffic.

ip interface internal

Selects the internal NAM interface for management traffic.

ip nameserver

Sets the system name server address.

password root

Sets a new password to access the root (read/write) level of NAM.

patch

Downloads and installs a software patch.

ping

Checks connectivity to a network device.

show ip

Displays the NAM IP parameters.


NAM CLI Context-Sensitive Help

Table 3 shows how to use the NAM CLI context-sensitive help.

Table 3 NAM CLI Context-Sensitive Help Commands

NAM CLI Command
Purpose

(prompt)# ?


or

(prompt)# help

Displays a list of commands available for the command mode.

(prompt)# abbreviated-command-entry<Tab>

Lists commands in the current mode that begin with a particular character string.

(prompt)# command ?

Lists the available syntax options (arguments and keywords) for the command.

(prompt)# command keyword ?

Lists the next available syntax option for the command.


How to Configure and Manage the Network Analysis Module (NM-NAM)

This section contains the following procedures:

Configuring the Analysis-Module Interface on the Router (required)

Disabling AAA Login Authentication on the NAM Console Line (optional)

Opening and Closing a NAM Console Session from the Router (required for initial configuration)

Configuring the NM-NAM (required for initial configuration)

Configuring a Static Route to the NAM Through the Analysis-Module Interface (required for using the internal NAM interface for management traffic)

Enabling NAM Packet Monitoring (required for monitoring traffic through the internal NAM interface)

Enabling and Accessing the NAM Traffic Analyzer (required)

Changing the NAM Root Password (optional)

Resetting the NAM Root Password to the Default Value (optional)

Opening and Closing a Telnet or SSH Session to the NAM (optional)

Upgrading the NAM Software (optional)

Configuring the Analysis-Module Interface on the Router

This section describes how to configure the Analysis-Module interface on the router. For general information on the Analysis-Module interface, see the "Analysis-Module Interface" section.

For information on assigning the IP address of the Analysis-Module interface, see the "NM-NAM Operating Topologies and IP Address Assignments" section.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ip address ip-address mask

5. interface analysis-module slot/0

6. ip unnumbered interface number
or
ip address ip-address mask

7. no shutdown

8. end

9. show ip interface brief
or
show running-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface loopback 0

(Optional) Configures an interface, and enters interface configuration mode.

Perform this step if you plan to configure the Analysis-Module interface as an IP unnumbered interface.

This step configures the router interface (such as a loopback or Fast Ethernet interface) whose IP address you plan to borrow for the IP unnumbered Analysis-Module interface.

Step 4 

ip address ip-address mask

Example:

Router(config-if)# ip address 10.20.30.40 255.255.255.0

(Optional) Sets an IP address and mask for the interface.

Perform this step if you plan to configure the Analysis-Module interface as an IP unnumbered interface.

If you plan to use the internal NAM interface for management traffic, this IP address must come from a routable subnet.

Step 5 

interface analysis-module slot/0

Example:

Router(config)# interface analysis-module 1/0

Configures the Analysis-Module interface.

This is the Fast Ethernet interface on the router that is connected to the internal NM-NAM interface.

Step 6 

ip unnumbered interface number


or

ip address ip-address mask

Example:

Router(config-if)# ip unnumbered loopback 0

Example:

Router(config-if)# ip address 10.20.30.40 255.255.255.0

Configures the Analysis-Module interface as IP unnumbered and specifies the interface whose IP address is borrowed by the Analysis-Module interface.

or

Sets an IP address and mask on the Analysis-Module interface.

Use the ip unnumbered command if you performed Step 3 and Step 4.

Step 7 

no shutdown

Example:

Router(config-if)# no shutdown

Activates the Analysis-Module interface.

Step 8 

end

Example:

Router(config-if)# end

Router#

Returns to privileged EXEC mode.

Step 9 

show ip interface brief


or

show running-config

Example:

Router# show ip interface brief

Example:

Router# show running-config

Displays the IP addresses and summary status of the interfaces.

or

Displays the contents of the currently running configuration file.

Verify that you properly configured the Analysis-Module interface.

If you configured the Analysis-Module interface as IP unnumbered, then use the show running-config command to verify proper configuration of both the Analysis-Module interface and the interface whose IP address you borrowed for the Analysis-Module interface.

Tip To avoid losing your configuration at the next system reload or power cycle, save the running configuration to the startup configuration by entering the copy run start command in privileged EXEC mode.

Examples

This section provides the following examples:

Configuring the Analysis-Module Interface—Routable Subnet: Example

Configuring the Analysis-Module Interface—IP Unnumbered with Routable Subnet: Example

Configuring the Analysis-Module Interface—IP Unnumbered with Subnet That Is Not Routable: Example

Sample Output for the show ip interface brief Command

Configuring the Analysis-Module Interface—Routable Subnet: Example

In the following example, the Analysis-Module interface is configured with a routable IP address. The NM-NAM is installed in router slot 2. 

!

interface Analysis-Module 2/0

 ip address 209.165.200.230 255.255.255.224 

 no shutdown

Configuring the Analysis-Module Interface—IP Unnumbered with Routable Subnet: Example

In the following example, the Analysis-Module interface is IP unnumbered and borrows the IP address of the Fast Ethernet interface. The IP address is from a routable subnet, and the NM-NAM is installed in router slot 1. 

!

interface FastEthernet 0/0

 ip address 209.165.202.129 255.255.255.224

 no shutdown

!

interface Analysis-Module 1/0

 ip unnumbered FastEthernet 0/0

 no shutdown

!

Configuring the Analysis-Module Interface—IP Unnumbered with Subnet That Is Not Routable: Example

In the following example, the Analysis-Module interface is IP unnumbered and borrows a loopback interface IP address that is not routable. The NM-NAM is installed in router slot 3. 

!

interface loopback 0

 ip address 10.20.30.40 255.255.255.0

!

interface Analysis-Module 3/0

 ip unnumbered loopback 0 

 no shutdown

!

Sample Output for the show ip interface brief Command 

Router# show ip interface brief 


Interface                  IP-Address      OK?   Method       Status         Protocol

FastEthernet0/0            172.20.105.213  YES   NVRAM        up             up

FastEthernet0/1            172.20.105.53   YES   NVRAM        up             up

Analysis-Module2/0         10.1.1.1        YES   manual       up             up

Router#

What to Do Next

If you configured authentication, authorization, and accounting (AAA) on your router, then proceed to the "Disabling AAA Login Authentication on the NAM Console Line" section.

Otherwise, proceed to the "Opening and Closing a NAM Console Session from the Router" section.

Disabling AAA Login Authentication on the NAM Console Line

If you configured authentication, authorization, and accounting (AAA) on your router, then you may have to log in twice to open a NAM console session from the router: first with your AAA username and password, and second with the NAM login and password.

If you do not want to log in twice to open a NAM console session from the router, then disable AAA login authentication on the router's NAM console line by performing the steps in this section.

Note, however, that if your router contains both the NM-NAM and the NM-CIDS, the Cisco intrusion detection system network module, then AAA can be a useful tool for centrally controlling access to both network modules. For information about AAA, refer to the Cisco IOS Security Configuration Guide.

SUMMARY STEPS

1. enable

2. configure terminal

3. aaa authentication login list-name none

4. line number

5. login authentication list-name

6. end

7. show running-config

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

aaa authentication login list-name none

Example:

Router(config)# aaa authentication login nam none

Creates a local authentication list.

The none keyword specifies no authentication for this list.

Step 4 

line number

Example:

Router(config)# line 33

Enters line configuration mode for the line to which you want to apply the authentication list.

The number value is determined by the slot number in which the NM-NAM is installed:

number = (32 x slot) + 1  (for Cisco 3700 series)

number = ( (32 x slot) + 1) x 2  (for Cisco 2800 and Cisco 3800 series)

Step 5 

login authentication list-name

Example:

Router(config-line)# login authentication nam

Applies the authentication list to the line.

Specify the list name that you configured in Step 3.

Step 6 

end

Example:

Router(config-line)# end

Router#

Returns to privileged EXEC mode.

Step 7 

show running-config

Example:

Router# show running-config

Displays the contents of the currently running configuration file.

Verify that you configured the local authentication list and applied it to the line associated with the NM-NAM.

What to Do Next

Proceed to the "Opening and Closing a NAM Console Session from the Router" section.

Opening and Closing a NAM Console Session from the Router

This section describes how to open and close a NAM console session from the router.

SUMMARY STEPS

1. enable

2. service-module analysis-module slot/0 session

3. Press Return.
or
If a username prompt appears, then log in with your AAA username and password.

4. At the login prompt, enter root.

5. At the password prompt, enter your password.
or
If you have not changed the password from the factory-set default, enter root as the root password.

6. Perform the tasks that you need to perform in the NAM CLI. When you want to end the NAM console session and return to the Cisco IOS CLI, complete Step 7 through Step 10.

7. exit

8. Hold Ctrl-Shift and press 6. Release all keys, and then press x.

9. disconnect

10. Press Enter.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

service-module analysis-module slot/0 session

Example:

Router# service-module analysis-module 1/0 session

Example: 
Router# service-module analysis-module 1/0 
session clear 

[confirm]

 [OK]

Router# service-module analysis-module 1/0 session

Establishes a console session with the NAM.

If you cannot open a NAM console session, make sure that the NAM console line is clear by first entering the service-module analysis-module slot/0 session clear command in privileged EXEC mode.

Step 3 

Press Return.

or

If a username prompt appears, then log in with your AAA username and password.

Example:

Trying 10.1.1.1, 2065 ... Open

<Press Return>


Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login:

Example:

Trying 10.1.1.1, 2065... Open

User Access Verification


Username: myaaausername

Password: <myaaapassword>

Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login:

Activates the NAM console line.

or

Completes AAA login authentication and activates the NAM console line.

If AAA is configured on your router and you do not want to log in twice to access the NAM console, then complete the steps in the "Disabling AAA Login Authentication on the NAM Console Line" section.

Step 4 

At the login prompt, enter root.

Example:

login: root

Accesses the root (read/write) level of NAM.

Step 5 

At the password prompt, enter your password.

or

If you have not changed the password from the factory-set default, enter root as the root password.

Example:

Password: <root>

Step 6 

Perform the tasks that you need to perform in the NAM CLI. When you want to end the NAM console session and return to the Cisco IOS CLI, complete Step 7 through Step 10.

For initial configuration tasks, see the "Configuring the NM-NAM" section.

For help using NAM CLI commands, see the "NAM CLI Context-Sensitive Help" section.

Step 7 

exit

Example:

root@localhost(sub-custom-filter-capture)# exit

root@localhost# exit


login:

Logs out of the NAM system or leaves a subcommand mode.

If you are in a subcommand mode, continue to enter the exit command until you see the NAM login prompt.

Step 8 

Hold Ctrl-Shift and press 6. Release all keys, and then press x.

Example:

login: <suspend keystroke>

Router#

Suspends and closes the Telnet session.

Step 9 

disconnect

Example:

Router# disconnect

Disconnects a line.

Step 10 

Press Enter.

Example:

Closing connection to 10.20.30.40 [confirm] <Enter>

Confirms that you want to disconnect the line.

Examples

This section provides the following examples:

Opening and Closing a NAM Console Session When AAA Authentication Is Not Configured or Is Disabled on the NAM Console Line: Example

Opening and Closing a NAM Console Session When AAA Authentication Is Configured and Enabled on the NAM Console Line: Example

Opening and Closing a NAM Console Session When AAA Authentication Is Not Configured or Is Disabled on the NAM Console Line: Example

In the following example, a NAM console session is opened and closed from the router. The NM-NAM is installed in router slot 2. 

Router# service-module analysis-module 2/0 session 

Trying 10.1.1.1, 2065 ... Open



Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login: root 

Password: <password> 

Terminal type: vt100


Cisco Network Analysis Module (NM-NAM) Console, 3.2

Copyright (c) 1999-2003 by cisco Systems, Inc.


WARNING! Default password has not been changed!

root@nam1.cisco.com#

root@nam1.cisco.com# exit 


Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login: <suspend keystroke> 

Router# disconnect 

Closing connection to 10.1.1.1 [confirm] <Enter> 

Deleting login session

Opening and Closing a NAM Console Session When AAA Authentication Is Configured and Enabled on the NAM Console Line: Example

In the following example, a NAM console session is opened and closed from the router. The NM-NAM is installed in router slot 2. 

Router# service-module analysis-module 2/0 session 

Trying 10.1.1.1, 2065 ... Open

User Access Verification


Username: myaaausername 

Password: <myaaapassword> 

Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login: root 

Password: <nampassword> 

Terminal type: vt100


Cisco Network Analysis Module (NM-NAM) Console, 3.2

Copyright (c) 1999-2003 by cisco Systems, Inc.


WARNING! Default password has not been changed!

root@nam1.cisco.com#

root@nam1.cisco.com# exit 




Cisco Network Analysis Module (NM-NAM)


nam1.cisco.com login: <suspend keystroke> 

Router# disconnect 

Closing connection to 10.1.1.1 [confirm] <Enter> 

Deleting login session

Troubleshooting Tips

Make sure that the NAM console line is clear by entering the service-module analysis-module slot/0 session clear command in privileged EXEC mode.

What to Do Next

Proceed to the "Configuring the NM-NAM" section.

Configuring the NM-NAM

This section describes how to configure the NM-NAM to establish network connectivity and configure IP parameters. This task must be performed from the NAM CLI. For more advanced NAM configuration, use the NAM Traffic Analyzer (web GUI) or refer to the Network Analysis Module Command Reference for your NAM software release.

For information on assigning IP addresses, see the "NM-NAM Operating Topologies and IP Address Assignments" section.

Prerequisites

Before performing this task, access the NAM console by performing Step 1 through Step 5 in the "Opening and Closing a NAM Console Session from the Router" section.

SUMMARY STEPS

<