Guest

Cisco Prime Network Analysis Module Software

Release Notes for Cisco Network Analysis Module Software, 3.6

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

Release Notes for Cisco Network Analysis Module Software, Release 3.6(1b)

Contents

New Features in NAM 3.6

New Features in NAM 3.6(1b)

New Devices Supported

Voice Monitoring Feature Licensing for NME-NAM-120S

New Features in NAM 3.6(1a)

Conversation Table Enhancement

TopN Conversation Report

TCP/UDP Port Table

TopN TCP/UDP Port Report

Support for Catalyst 6500 Virtual Switching System Feature

New Features in NAM 3.6.1

System Requirements

Hardware Requirements

Using NME-NAMs with Cisco Integrated Services Routers

Software Requirements

NME-NAM Software Requirements

NM-NAM Software Requirements

Browser Requirements

Upgrading NAM Software

Supported Upgrades

Upgrading NAM Software

Upgrading Software Using NAM CLI

Product Documentation

Related Product Documentation

Limitations and Restrictions

Configure Local Time Zone

Changing the NAM IP Address

Cisco 7600 With Redundant Supervisor Cards Running IOS Image 12.2(33)SRC2

Running IOS Image Newer Than 12.2(18)SXF5

Using NetFlow As a Data Source

NAM Shows Incorrect Protocol Usage for Hosts

Restrictions for NM-NAM and NME-NAMs

NBAR-PD Feature in NME-NAM

Caveats

Known Anomalies in NAM 3.6(1b)

Anomalies Resolved in NAM 3.6(1b)

Anomalies Resolved in NAM 3.6(1a)

Anomalies Resolved in NAM 3.6


Release Notes for Cisco Network Analysis Module Software, Release 3.6(1b)

Revised: October 29, 2009, OL-11516-07
Original Cisco.com date: September 2008

These release notes provide general information about Cisco Network Analysis Module (NAM) software release 3.6 including system requirements, limitations and restrictions, new features, product documentation, and known and resolved anomalies.

Software Product Numbers

SC-SVC-NAM-3.6
(Cisco Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module Software 3.6)

NME-NAM-SW-3.6
(Cisco Branch Routers Series Network Analysis Module Software 3.6)

NAM 3.6(1b) is a complete software release, not a patch. To upgrade to NAM 3.6(1b) from previous versions of NAM, enter the NAM CLI command upgrade while in maintenance mode. For information about the upgrade command, see the Network Analysis Module 3.6 Command Reference Release at the following URL:

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_command_reference_
chapter09186a00807ee6c2.html#wp1048351

Note For detailed installation and configuration procedures for the NAM, see the list of documentation available in the Product Documentation section.

NAM 3.6(1b) is available as part of new hardware orders or by download from Cisco.com for the following NAM models:

WS-SVC-NAM-1

WS-SVC-NAM-1-250S

WS-SVC-NAM-2

WS-SVC-NAM-2-250S

NME-NAM-80S

NME-NAM-120S

NAM 3.6(1b) is available for NM-NAM devices only by download from Cisco.com.

Throughout this document the following general references apply:

A reference to a NAM-1 or NAM-2 device indicates any of the following modules:

WS-SVC-NAM-1

WS-SVC-NAM-1-250S

WS-SVC-NAM-2

WS-SVC-NAM-2-250S

A reference to an NME-NAM device indicates any of the following modules:

NME-NAM

NME-NAM-80S

NME-NAM-120S

A reference to an NM-NAM device means only an NM-NAM module.

Contents

This document includes the following sections:

New Features in NAM 3.6

System Requirements

Hardware Requirements

Software Requirements

Browser Requirements

Upgrading NAM Software

Product Documentation

Limitations and Restrictions

Caveats

Anomalies Resolved in NAM 3.6(1b)

Anomalies Resolved in NAM 3.6(1a)

Anomalies Resolved in NAM 3.6

New Features in NAM 3.6

New Features in NAM 3.6(1b)

New Features in NAM 3.6(1a)

New Features in NAM 3.6.1

New Features in NAM 3.6(1b)

NAM 3.6(1b) is a complete software release that includes all features available in earlier releases of NAM 3.6 and new feature-based licensing for voice monitoring with the NME-NAM-120S.

NAM 3.6(1b) also provides software improvements to resolve anomalies found in earlier releases of NAM software. See Anomalies Resolved in NAM 3.6(1b) for a list of resolved anomalies.

New Devices Supported

NAM 3.6(1b) adds support for the following:

NME-NAM-120S

The new NME-NAM-120S offers superior WAN traffic monitoring throughput, a 120 GB capacity hard disk drive to store more capture data on-board, 1 GB memory, and a Gigabit Ethernet external interface to support high-throughput LAN traffic monitoring in the Empowered Branch. It includes the embedded, web-based Traffic Analyzer GUI, providing anytime, anywhere visibility into network traffic.

WS-SVC-NAM-1-250S

The new WS-SVC-NAM-1-250S has 2 GB memory to improve software performance and a 250 GB hard disk drive to increase storage capacity for reports and data captures.

WS-SVC-NAM-2-250S

The new WS-SVC-NAM-2-250S has 2 GB memory to improve software performance and a 250 GB hard disk drive to increase storage capacity for reports and data captures.

Voice Monitoring Feature Licensing for NME-NAM-120S

NAM 3.6(1b) adds feature-based licensing for voice monitoring using the new NME-NAM-120S. You can purchase feature licenses for NME-NAM-120S voice monitoring of 50 or 100 RTP streams. See Table 1, NME-NAM-120S Voice Monitoring Feature Licenses, for SKU information.

Table 1 NME-NAM-120S Voice Monitoring Feature Licenses

Feature
SKU

Voice Monitoring (50 RTP Streams)

SNAM-50VOICE

Voice Monitoring (100 RTP Streams)

SNAM-100VOICE


NAM 3.6(1b) uses trust-based licensing. There is no user interaction required to enable the voice monitoring licensing in the NME-NAM-120S.

No license is required to use the voice monitoring features of NAM 3.6(1b) with the NAM-1, NAM-2, NM-NAM, and NME-NAM-80S modules.

New Features in NAM 3.6(1a)

The following sections describe the new features in NAM 3.6(1a):

Conversation Table Enhancement

TopN Conversation Report

TCP/UDP Port Table

TopN TCP/UDP Port Report

Support for Catalyst 6500 Virtual Switching System Feature

Conversation Table Enhancement

NAM 3.6(1a) provides a new Application Hosts window under Monitor > Conversations that enables you to collect information about TCP and UDP port usage. This window displays information about conversations between pairs of hosts, including the server, TCP/UDP port in use, and the application protocol as classified by the NAM. This table can grow very large, so the GUI shows only the cumulative counter values for packets and bytes, and you cannot sort it by any arbitrary column header. Entries of interest can be located using the display filtering to show only entries related to a particular host or part of a host address or name.

Use the control buttons to navigate to the starting, next, or previous page, and use Export to export the table in CSV file format to an external host.

Highlights of Conversation Table Enhancements

Table entries contain source address, destination address, protocol name, and port number

Collection configurable per data source

Monitor screen shows pages of data in native sorted order

Monitor screen shows cumulative packet and byte statistics

Current rates and topN monitor screens are not available

Supports export of all data or just a screenful of data to external host in CSV format

Note In some cases multiple port numbers can be used for the same protocol. In these cases, the NAM will display only one conversation entry for that protocol, and it might not be possible to tell all of the server ports that are being used on the network for that application. You can view information about all server ports in use on the new TCP/UDP Port Table window.

TopN Conversation Report

The existing NAM topN Conversation reporting feature has been enhanced to include an optional Application field. If specified, the Application field is used to further refine which conversations you are interested in reporting. The maximum value of N is 200, meaning that the NAM supports reporting on up to the top 200 conversations per interval. You can store up to 100 days of report data onboard the NAM.

Highlights of the TopN Conversation Report Enhancement:

Interval-based report displayed in a fashion consistent with other NAM reports.

Export of all report data to an external host in CSV format will be supported.

TCP/UDP Port Table

A new collection feature maintains a list of all the server ports observed on a particular data source. You enable this feature on the Setup > Monitor > Core Monitoring window. The NAM displays the results on the Monitor > Applications > TCP/UDP Port Table window. You can export the results in CSV file format.

Highlights of the TCP/UDP Port Table Enhancement:

Table entries capture number of packets and bytes observed

Collection configurable per data source

Export of all data or just screenful of data to external host in CSV format is supported.

Current Rates and TopN monitor screens are available as well as Cumulative.

TopN TCP/UDP Port Report

A TopN style report provides up to the Top 200 ports observed on a data source within a reporting interval. You can store up to 100 days of report data onboard the NAM. The report looks similar to the application TopN report supported in earlier releases.

Highlights of the TCP/UDP Port Report Enhancement:

Interval-based report displayed in a fashion consistent with other NAM reports.

Export of all report data to an external host in CSV format will be supported.

Support for Catalyst 6500 Virtual Switching System Feature

NAM 3.6(1a) provides support for the Catalyst 6500 Virtual Switching System (VSS) feature which allows the clustering of two physical chassis into a single logically-managed entity. This enables you to to insert the NAM service module into either chassis of the VSS cluster without having to perform any special configuration.

The NAM blade in a VSS cluster behaves very much like the NAM blade in a standalone mode. All NAM features are supported in a VSS cluster and additional GUI information is provided with the switch ID added to the physical address of the NAM GUI windows in a VSS cluster. For example the port location in a VSS cluster is displayed as Switch/Slot/Port compared with Slot/Port in a standalone NAM. This information is required for SPAN session setup and NAM monitoring windows. Also, the NAM health monitor window contains information for slots in both chassis. The chassis operating mode (active vs standby) is transparent to the NAM blade.

Table 2 lists the NAM and IOS software requirements for NAM blades used in a Cisco Virtual Switch System (VSS) environment.

Table 2 NAM and IOS Software Requirements for VSS

NAM
NAM Software
IOS Software

WS-SVC-NAM-1

NAM 3.6.1a or later

IOS 12.2(33) SXH(1) or later

WS-SVC-NAM-2

WS-SVC-NAM-1-250S

NAM 3.6.1b or later

WS-SVC-NAM-2-250S


New Features in NAM 3.6.1

This section lists the new features added to the NAM 3.6.1 release.

Note All features apply to all NAM modules unless otherwise indicated.

Support for the new NME-NAM-80S

The NME-NAM-80S offers superior WAN traffic monitoring throughput, an 80GB capacity hard disk drive to store capture data on-board, 512 MB memory, and a Gigabit Ethernet external interface to support high-throughput LAN traffic monitoring in the Empowered Branch. It includes the embedded, web-based Traffic Analyzer GUI, providing anytime, anywhere visibility into network traffic.

Transaction-Aware Application Response Time (ART) Monitoring

The transaction-aware application response time monitoring feature provides visibility into application response time and network latency. The ART feature provides the following metrics: Application Delay, Network Delay, Client Network Delay, Server Network Delay, Total Delay, and the number of network connections. All of the delay metrics are available in Average, Minimum, and Maximum values and can be measured by a single NAM. You can also measure Application Transaction Time, defined as the elapsed time from the first packet of the client request until the last packet of the server response.

Live Reporting

NAM 3.6 includes an updated historical reporting capability that provides highly granular visibility into network traffic, including individual applications and end-users. Enabling operations staff to identify anomalies in network traffic that can disrupt business operations, the Cisco NAM live reporting capability exposes potential problems that would otherwise be masked if critical report updates occurred less frequently than one minute. This feature applies to all reports, except TopN reports.

Voice Quality Monitoring Enhancement with Support for CallManager 5.0 with SCCP

This enhancement enables you to view metrics for the following:

Audio, video (when available), and data channels quality (packet loss and jitter)

Active calls

Drill-down to obtain information on such fields as call reference value, media (audio/video/data) receiving address and port, and line instance.

Top (up to 20) worst quality calls

Known phones and the details of the five last-ended calls per known phone

Increased GUI configuration support for up to 1500 VLANs (NAM-1 and NAM-2 modules only)

This usability enhancement permits the configuration of up to 1500 VLANs using the NAM GUI.

Data Source Persistence

This usability enhancement permits you to view the last selected data source when browsing multiple Monitor windows that include a drop-down data source list. This feature is especially useful when large numbers of data sources have been configured, yet monitoring is focused on a particular data source. It saves time locating the same data source of interest to monitor when navigating among Monitor windows. The data source persists until you select another data source from the drop-down data source list.

Support for new protocols

This enhancement enables you to monitor, capture, and decode the following protocols:

tivconnect

ulp

componentstatusprotocol

oicq

ipfix

esp-null including esp.tcp, esp.udp. and esp.unknown

Diameter including diameter-common, nasreq, diameter-mip, diameter-baseacct, diameter-cc, diameter-eap, diameter-sip, and diameter-unknown

SMPP

SSMPP

GUI Enhancements

A Refresh button is added to the Setup > Data Source > SPAN window when you create and edit SPAN data sources. Use the Refresh button to update switch configuration information in case there has been a configuration change on the switch.

System Requirements

This section describes the hardware, software, and browser requirements for NAM 3.6 software.

Hardware Requirements

Table 3 identifies the hardware modules and platforms required to use NAM 3.6(1).

Table 3 NAM Hardware Compatibility

Module
Platform or Devices

WS-SVC-NAM-1
WS-SVC-NAM-1-250S
WS-SVC-NAM-2
WS-SVC-NAM-2-250S

Catalyst 6500 Series Switches

Cisco 7600 Series Routers

NM-NAM

Cisco 262xXM Routers

Cisco 265xXM Routers

Cisco 2691 Multiservice Platform

Cisco 2800 Integrated Services Routers
(except Cisco 2801)

Cisco 3660 Multiservice Platform

Cisco 3700 Series Multiservice Access Routers

Cisco 3800 Series Integrated Services Routers

NME-NAM-80S
NME-NAM-120S

Cisco 2800 Integrated Services Routers
(except Cisco 2801)

Cisco 2900 Series Integrated Services Routers (except Cisco 2901)

Cisco 3700 Series Multiservice Access Routers

Cisco 3800 Series Integrated Services Routers

Cisco 3900 Series Integrated Services Routers


WS-SVC-NAM-1 and WS-SVC-NAM-2 Modules Require Memory Upgrade

WS-SVC-NAM-1 and WS-SVC-NAM-2 modules require a memory upgrade to use the NAM 3.6(1b) release. You can find information about how to upgrade your memory in the document NAM Memory Upgrade Install Note at the following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/
78_18630.html

Using NME-NAMs with Cisco Integrated Services Routers

This section describes the requirements to use NME-NAMs with Cisco Integrated Services Router (ISR) and ISR Generation Two (G2) Platforms.

You can deploy the NME-NAM-120S and NME-NAM-80S in any network module slot in the Cisco router platforms indicated in Table 4. A Network Module (NM) Adapter Card, SM-NM-ADPTR, is required to successfully integrate the NME-NAM into supported ISR G2 platforms. The NME-NAM supports the router platforms using NAM 3.6 or later. See Table 4, Supported Routers, for the minimum IOS software requirements to support NME-NAM. Only one Cisco NAM can be installed in a Cisco branch router.

Table 4 Supported Routers

Router Platform
Network Module Adapter
Card Required?

Cisco 3845 ISR

No

Cisco 3825 ISR

No

Cisco 2851 ISR

No

Cisco 2821 ISR

No

Cisco 2811 ISR

No

Cisco 3745 MSR

No

Cisco 3725 MSR

No


To install an NME-NAM-120S network module in supported ISR G2 platforms using the NM Adapter Card, see Installing Cisco Network Modules and Service Modules, section "Using Network Modules in Service Module Slots on Cisco 2900 Series and Cisco 3900 Series Routers":

http://www.cisco.com/en/US/docs/routers/access/interfaces/nm/hardware/installation/guide/InstNetM.html

Software Requirements

This section describes the switch or router (system) software required to use NAM 3.6. Table 5 lists the minimum system software versions required to use NAM 3.6.

Table 5 Software Requirements for Minimum OS Versions

Module
Software
Release
Orderable Product Number
Minimum IOS Software Versions Supported
Minimum CatOS Software Versions Supported

WS-SVC-NAM-1
WS-SVC-NAM-1-250S
WS-SVC-NAM-2
WS-SVC-NAM-2-250S

NAM 3.6

SC-SVC-NAM-3.6

Release 12.1(13)E1 or later with a Supervisor Engine 2 with an MSFC2.

Release 12.2(14)SX1 or later with a SUP720.

Release 12.2(18)SXF or later for Catalyst 6500 with SUP32

Release 12.2(33)SXH1 or later with SUP720-10G

Release 12.2(33)SRA or later for Cisco7600 with SUP32 or SUP720

Release 12.2(33)SRC or later for Cisco7600 with RSP720-1G

Release 7.3(1) or later with Supervisor
Engine 2.

Release 8.2(1) or later with a SUP720.

NM-NAM

Not applicable2

Release 12.3(7)T or later or 12.4(1) or later

Not applicable

NME-NAM-80S
NME-NAM-120S

NME-NAM-SW-3.6

Release 12.4(9)T1 or later with supported Cisco 2800, Cisco 3700, and Cisco 3800 Series ISRs

Release 15.0(1)M or later with supported Cisco 2900 and Cisco 3900 Series ISRs

Not applicable

1 If you are running a 12.1(13)E-based release, Cisco recommends a later 13E release such as 12.1(13)E11 over 12.1(13)E3.

2 NAM 3.6 is available for NM-NAM users only by download from Cisco.com.


Table 6 lists the Cisco IOS and CatOS versions used on the Catalyst 6500 Series and Cisco 7600 Series (except as noted) when testing and developing NAM 3.6.

Table 6 Latest Supported IOS and CatOS Versions

Modules
Cisco IOS
Versions
Catalyst OS
Versions

WS-SVC-NAM-1
WS-SVC-NAM-1-250S
WS-SVC-NAM-2
WS-SVC-NAM-2-250S

12.2(18)SXD4

12.2(18)SXD7

12.2(18)SXE4

12.2(18)SXF3

12.2(18)SXF4 (Modular IOS)

12.2(18)SXF5

12.2(18)SXF7 (ION)

12.2(18)SXF9

12.2(18)SXF9 (ION)

12.2(18)SXF10

12.2(18)SXF11

12.2(18)SXF13

12.2(18)SXH2a

12.2(33)SXH1

12.2(33)SRA for Cisco 7600

12.2(33)SRB for Cisco 7600

12.2(33)SRC for Cisco 7600

CatOS 8.5

CatOS 8.6(1)


The software versions in Table 6 are the specific versions used in testing NAM 3.6. All system software releases from the minimum to the latest version tested are officially supported. Note the following conditions and exceptions:

Cisco IP Phone firmware 6.0 and above is required for SIP voice packet quality monitoring.

IOS 12.2(18)SXE4, at minimum, is required to support the ERSPAN feature. Dependencies and limitations for ERSPAN can be found in Configuring Local SPAN, RSPAN, and ERSPAN, Guidelines and Restrictions, at the following URL:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/
guide/span.html

Either IOS 12.2(18)SXD or CatOS 8.5 is required to support the Virtual SPAN feature.

IOS 12.2(33) SXH1 or later is required with VS-S720-10G and WS-X6708-GE line card to support the Cisco Catalyst 6500 Virtual Switching System (VSS).

NME-NAM Software Requirements

The minimum software version required to use NME-NAM-80S and NME-NAM-120S modules with NAM 3.6 is Cisco IOS Version 12.4(9)T or later.

Note For NAM3.6(1b) the NME-NAM-120S was tested with IOS 12.4(15)T, and the NME-NAM-80S was tested with IOS 12.4(10)T.

NM-NAM Software Requirements

The minimum software version required to use an NM-NAM module with NAM 3.6 is Cisco IOS Version 12.3(7)T or later or 12.4(1) or later.

Note The NM-NAM has been tested with IOS 12.4(9)T and 12.4(11)T.

Browser Requirements

Table 7 describes the browser requirements for all platforms. Cisco recommends you use the Internet Explorer browser, but Mozilla and Firefox are also supported.

Table 7 Browser Requirements 

Browser
Versions
Platform

Internet Explorer (recommended)

6.0, 7.0

Windows

Windows XP Professional

Mozilla

1.7

Windows

Windows XP Professional

Solaris

Firefox

1.5, 2.0

Windows

Windows XP Professional

Solaris

Redhat Enterprise Linux


Note Although Traffic Analyzer does not require a Java plug-in, you might be required to use the Java Virtual Machine (JVM). The Java plug-in versions listed have been tested for browsers that require a plug-in for the JVM. Cisco recommends JRE Version 5.0 Update 6.

Upgrading NAM Software

This section provides the following topics:

Supported Upgrades

Upgrading NAM Software

Upgrading Software Using NAM CLI

Supported Upgrades

NAM 3.6 supports the following upgrades:

You can upgrade all NAM-1 and NAM-2 modules to NAM 3.6 from the NAM 3.4 and NAM 3.5 software releases (with any patches).

Note New WS-SVC-NAM-1-250S and WS-SVC-NAM-2-250S modules ship from the factory with NAM 3.6(1b) already installed.

You can upgrade NM-NAM modules to NAM 3.6 from NAM 3.4 and NAM 3.5 software releases (with any patches).

Note NAM 3.6 does not support upgrades from NAM 3.3 or below.

Upgrading NAM Software

If you are upgrading a NAM-1 or a NAM-2 module, follow the software upgrade procedures described in the chapter Administering the Network Analysis Module in the following documents:

For NAM-1 and a NAM-2 modules installed in IOS switch:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_
chapter09186a00805e34fd.html#wp1035516

For NAM-1 and a NAM-2 modules installed in CatOS switch:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_
chapter09186a00805e34fd.html#wp1036152

If you are upgrading an NME-NAM, follow the software upgrade procedures described in the section Upgrading the NAM Software-Full Image of the Cisco Branch Router Series (NME-NAM) Installation and Configuration Note.

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/branch_
router/configuration/guide/BR_incfg.html#wp1149443

If you are upgrading an NM-NAM, follow the software upgrade procedures described in the section Upgrading the NAM Software-Full Image of the NM-NAM Feature Guide.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/products_feature_
guide09186a00801d6096.html#wp1088954

Upgrading Software Using NAM CLI

To upgrade software using the NAM CLI, go to maintenance mode and enter the NAM CLI command upgrade. For information about the upgrade command see the Network Analysis Module Command Reference, Release 3.6 at the following URL:

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_command_reference_
chapter09186a00807ee6c2.html#wp1048351

You can apply the NAM 3.6.1 Crypto K9 patch, nam-app.3-6.cryptoK9.patch.1-0.bin, on top of
NAM 3.6.1 using NAM CLI command patch.

Product Documentation

We sometimes update the product documentation after original publication. Therefore, you should also review the documentation on Cisco.com for any updates. You can find product documentation for all NAM software releases at the following URL:

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/tsd_products_support_series_home.html

Your product shipped with a Documentation CD-ROM. The Documentation CD-ROM contains product documentation that you can access and print.

The following is a list of the documentation for Cisco Network Analysis Module, Release 3.6. You can access the URLs listed for each document on the Documentation CD-ROM and at www.cisco.com at the following URLs:

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/tsd_products_support_series_home.html

We recommend you refer to the documentation in the following order:

Documentation Guide for the Cisco Network Analysis Module, Release 3.6 (78-17882-01)

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/roadmap/
docguide.html

Release Notes for the Cisco Network Analysis Module, Release 3.6 (OL-11516-02), this document

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/prod_release_
note09186a00807ed386.html

Quick Start Guide for the Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module, Release 3.6 (OL-11517-01)

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_quick_
start09186a00807ee748.html

User Guide for the Catalyst 6500 Series Switch and Cisco 7600 Series Router Network Analysis Module, Release 3.6 (OL-11519-01)

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_user_guide_
book09186a00807ed53e.html

Catalyst 6500 Series Switch and Cisco 7600 Series Router Network Analysis Module Command Reference, Release 3.6 (OL-11521-01)

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_command_reference_
book09186a00807ee642.html

Cisco Branch Router Series (NME-NAM) Installation and Configuration Note (OL-11624-01)

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_installation_and_
configuration_guide09186a00807ee90a.html

Catalyst 6500 Series Switch and Cisco 7600 Series Router Network Analysis Module Installation and Configuration Note, Release 3.6 (OL-12753-01)

http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_installation_and_
configuration_guide_book09186a00807ed3c6.html

Copyright Notices for the Cisco Network Analysis Module, Release 3.6 (78-17782-01)

http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.6/copyright/
notice/copyrite.html

Related Product Documentation

The following is a list of related documentation.

Catalyst 6500 Series Switch Software Configuration Guide

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/
span.html

Catalyst 6500 Series Switch Software Configuration Guide.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/
nde.html

NAM Memory Upgrade Install Note

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/hardware/Config_Notes/
78_18630.html

Connecting Cisco NAM Enhanced Network Modules to the Network

http://www.cisco.com/en/US/docs/routers/access/interfaces/nm/hardware/installation/guide/
namnme_ps2797_TSD_Products_Module_Installation_Guide.html

Cisco Network Modules and Interface Cards Regulatory Compliance and Safety Information

http://www.cisco.com/en/US/docs/routers/access/interfaces/rcsi/IOHrcsi.html

Limitations and Restrictions

Before using NAM-1 or NAM-2 devices, read the Quick Start Guide for the Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module and Installation and Configuration Note for the Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module Release 3.6.

Before using the NME-NAM or NM-NAM, please read the Cisco Network Modules Quick Start Guide, NM-NAM Feature Module, and the Quick Start Guide for the Cisco Branch Router Series Network Analysis Module.

The following are limitations and restrictions of NAM software release 3.6:

Configure Local Time Zone

Changing the NAM IP Address

Cisco 7600 With Redundant Supervisor Cards Running IOS Image 12.2(33)SRC2

Running IOS Image Newer Than 12.2(18)SXF5

Using NetFlow As a Data Source

NAM Shows Incorrect Protocol Usage for Hosts

Restrictions for NM-NAM and NME-NAMs

NBAR-PD Feature in NME-NAM

Configure Local Time Zone

You must now configure the local time zone for the NAM regardless of the time synchronization source (switch or NTP). For more information on configuring the local time zone using the NAM Traffic Analyzer, see the User Guide for the Network Analysis Module Traffic Analyzer Release 3.6.

Changing the NAM IP Address

If you change the NAM IP address, the default gateway resets to 0.0.0.0. Change the new default gateway IP address to an address other than one on the current subnet.

Cisco 7600 With Redundant Supervisor Cards Running IOS Image 12.2(33)SRC2

You might experience an error condition with a Cisco 7600 chassis that has redundant supervisor cards running the 12.2(33)SRC2 IOS image and a NAM service blade. The error occurs when you perform a sequential boot of the two supervisor cards because the secondary (standby) supervisor does not go into proper standby mode.

You can find more information about this issue in Field Notice #63179.

This problem does not occur:

When you boot the two supervisor cards in parallel

When you boot the standby supervisor card after the primary supervisor is up

When the Cisco 7600 router runs the 12.2SRC1 image

When only one supervisor card is installed in the Cisco 7600 chassis

Problem Symptom

When the primary supervisor functions as a standalone with the secondary supervisor card in RPR mode, the Cisco 7600 chassis functions normally (as if it has a standalone supervisor card). A switchover causes the system to be unavailable for up to three minutes because the secondary supervisor card is not in proper standby mode.

Note When both supervisors are booted simultaneously, the system will go to Hot Standby status. The primary supervisor will reboot when you issue the redun force-switchover command which causes the redundant supervisor to boot up to be the primary and the primary to be the redundant.

Solution

This problem requires you to downgrade the IOS image from 12.2SRC2 to 12.2SRC1. Account teams will help you do this if needed.

This problem should be fixed in 12.2SRC3, targeted for mid-January, 2009. When IOS image 12.2SRC3 is available, upgrade the image from 12.2SRC1 to 12.2SRC3 at your earliest opportunity.

Running IOS Image Newer Than 12.2(18)SXF5

If you upgrade your IOS to an image newer than 12.2(18)SXF5, you remain vulnerable to a security issue where IOS switches the SNMP communication between the NAM and the SUP from inband to EOBC.

Due to this issue, you should not apply the NAM CLI command supervisor address <sup-address>. To remove this configuration from the NAM, use the negating form of the command,
no supervisor address.

Using NetFlow As a Data Source

An anomaly exists (described in CSCsd75273) where using NetFlow as a Data Source does not receive NetFlow data from the switch. The default NetFlow Device chosen has the EOBC address of the form 127.0.0.xxx. It appears that the switch does not forward the NetFlow data using this EOBC address.

To work around this problem, use the NetFlow Listening Mode to view the additional IP addresses of the devices able to send the NDE packets to the NAM. When such interface is learned, add that interface to the NetFlow Listening Mode table. Use the learned device as a Data Source for the NetFlow data.

NAM Shows Incorrect Protocol Usage for Hosts

In some cases on the Host detail popup window, the Application Protocol Usage pie chart might not look consistent with the data in the table for Conversations from known protocols. This occurs because the pie chart and the tabular listing take their contents from different internal tables within the NAM storage.

If one or both of these tables becomes full, the entries might not correlate with complete accuracy. One solution is to increase the Max Entries values for Hosts and Conversations on the Setup > Monitor window to avoid the tables becoming full. Doing so, however, causes the NAM to store a large amount of data in these tables. A large number of table entries can have an adverse effect on the GUI responsiveness for the Monitor > Hosts and Monitor > Conversations windows, causing slow display of these tables and occasional timeouts.

Note This limitation has been eliminated in NAM 4.0.

Restrictions for NM-NAM and NME-NAMs

Note This restriction applies only to traffic that is monitored through the internal NAM interface.

The NAM Traffic Analyzer (web GUI) provides Layer 3 and higher layer information about the original packets. The Layer 2 header is modified by the router when it forwards the packets to the NAM, so the Layer 2 information that the NAM records is not applicable to the original packets.

NBAR-PD Feature in NME-NAM

The NBAR-PD feature in the NME-NAM requires IOS 12.4(9)T or later. The NM-NAM requires IOS version 12.3(7)T or later.

Caveats

This section provides information about active and resolved anomalies in the NAM 3.6 software. To obtain more information about known problems, access and log in to the Cisco Software Bug Toolkit at the following URL:

http://www.cisco.com/pcgi-bin/Support/Bugtool/home.pl.

This section provides the following:

Known Anomalies in NAM 3.6(1b)

Anomalies Resolved in NAM 3.6(1b)

Anomalies Resolved in NAM 3.6(1a)

Anomalies Resolved in NAM 3.6

Known Anomalies in NAM 3.6(1b)

Table 8 describes anomalies known to exist in NAM 3.6(1b) software. Each anomaly listed includes symptoms, conditions, and any workaround available.

Table 8 Known Anomalies in NAM 3.6(1b) 

Bug ID
Description

CSCsd91293

The NETFLOW as a Data Source does not receive NetfFow data from the switch.

Symptom: The default NetFlow Device chosen has the EOBC address of the form 127.0.0.xxx. It appears that the switch does not forward the netflow data using this EOBC address.

Conditions: It appears that the default NetFlow device has the local EOBC address after the commit of CSCsd75273. Since the 127.0.0.xxx address is not the routable address, the netflow data are not sent to the NAM where NETFLOW is configured as a Data Source. Prior to the commit of CSCsd75273, the default NetFlow device had a routable IP address which was forwarding the netflow data to the NAM NETFLOW Data Source.

Workaround: Use the NetFlow Listening Mode to view the addtional IP addresses of the devices able to send the NDE packets to NAM. When such interface is learned, add that interface to the NetFlow Listening Mode table. Use the learned device as a Data Source for the netflow data.

CSCsh44373

UserDefinedProtocol: Defined protocol always has port range equal to 1

Symptom: The Setup > Protocol Directory > Autolearned Applications window has Enable Autolearned Protocol enabled. Go to the Setup > Protocol Directory > Individual Protocol window, click Create, and try to create a TCP or UDP protocol with Port Range greater than 1. The protocol created always has a Port Range equal to 1.

Conditions: This occurs when you try to create a protocol that has already been learned by the NAM. This occurs using either the CLI or the GUI.

Workaround:

1. Go to the Setup > Protocol Directory > Autolearned Applications window.

2. Uncheck the Enable Autolearned Protocol check box, and confirm.

3. Create the protocol from the Setup > Protocol Directory > Individual Applications window.

4. Return to the Setup > Protocol Directory > Autolearned Applications window and re-enable Autolearned Applications.

The cause of this issue is that the protocol you are trying to define or create has already been learned by the NAM autolearn feature. Due to the autolearn, there is already a protocol entry in the NAM protocol directory matching the protocol you are trying to define. The NAM does not allow you to modify the Port Range of parameter of an existing protocol entry.

CSCsh76977

Mozilla and Firefox: TopN conversation report does not show data

Symptoms: In the Firefox (Mozilla) browser, the TopN Conversation reports do not show the bar graphs if the values are too small.

Conditions: This occurs when the values to be plotted are too small.

Workaround: Read the numeric values showed in the left side of the TopN report.

CSCsj75220

The Setup > Switch Parameters > NBAR window occasionally shows a digit for interface type

Symptom: On the Setup > Switch Parameters > NBAR window, the port type is occasionally shown as a number instead of a string representation.

Conditions: This occurs under normal operating conditions.

Workaround: Refresh the screen a few times.

CSCsj87440

Need to verify the Read/Write Community String on the Router Information window.

Symptom: On Setup > Router Parameters window, you must enter the read/write community string. If you enter the read string only, there is no indication that the write string is not there. That particular screen reads data from the router and displays it on the screen. So it will not show that you actually entered the read only string.

The problem occurs when you try to change configuration on the router using the Setup > Router > NBAR window. The Submit function does not work because you cannot change the router configuration if no write string has been entered.

There is no error message to indicate that the write string is missing. The only way the NAM can detect this is by changing an object on the router and testing to see if the change took place. This is invasive to the router.

Conditions: This occurs under normal operating conditions.

Workaround: Enter the correct read/write community string.

CSCsj87458

No active SPAN session is seen after upgrading NAM image.

Symptom: When upgrading the NAM image and immediately going to the web GUI, the switch information is occasionally not yet available.

Conditions: This might occur after you upgrade the NAM image. This occurs on any window that requires switch information. It is a timing situation where the synchronization between the switch and the NAM has not yet completed.

Workaround: Wait a few minutes and then refresh the window.

CSCsk08953

The CSV export function does not work on the Monitor > Applications > TCP/UDP Port Table window.

Symptom: When you click the CSV Export icon on the Monitor > Applications > TCP/UDP Port Table window (upper-right corner), the export does not begin and an error message displays in the Tech Support window.

Conditions: This occurs when you select the default data sources for the display, such as ALL SPAN on NAM-1 and NAM-2 devices.

Workaround: Click on any column header to sort by that column. After doing so, the CSV export function will work normally.

CSCsk71253

Extra characters are displayed when you create an RSPAN session using the NAM GUI

Symptom: Extra characters (Rx) are displayed on the Setup > SPAN window when you add a second port to an existing RSPAN session or create a second RSPAN session with two VLANs.

Conditions: This occurs under normal operating conditions on all NAM platforms.

Workaround: None

CSCsk99499

NAM displays unwanted messages under apache error_log.

Symptom: The NAM show tech file occasionally contains many harmless debug messages under the tag of Apache error log. This does not impact NAM operation.

Conditions: Depending on the your interaction with the NAM GUI, software debug messages are shown in the show tech file.

Workaround: None.

CSCsl90999

Incorrect setting of the template file of Monitor > DiffServ window

Symptom: An incorrect setting exists on a Cisco voice template file (CiscoVoice_1) of the
Monitor > DiffServ window. The aggregation groups of CiscoVoice_1 template should be DSCP 26 and 46, but show as DSCP 0 instead.

Conditions: This occurs with NAM software release 3.6(1a) on the of Monitor > DiffServ window and affects all NAM platforms.

Workaround: None

CSCsq16020

LACP Portchannel in a virtual switch system (VSS) does not show up in Create Data Sources list

Symptom: When you attempt to configure a monitor session in a VSS, the Setup > Data Sources > Create window takes you to the Create SPAN Session window. Select SPAN-type EtherChannel, and the available data sources does not include LCAP portchannel configured on the switch.

Conditions: This occurs in VSS switch systems when you attempt to configure the LACP portchannel as a data source.

Workaround: Use the CLI to configure the LACP portchannel as a data source.

CSCsr05322

NAM fails to preserve enabled monitoring of TCP/UDP port

Symptom: The NAM upgrade process does not preserve the enabling of the TCP/UCP port monitoring feature.

Conditions: This occurs when you upgrade NAM software from NAM 3.5 or NAM 3.6(1) to NAM 3.6(1a) without using the install option and affects only the TCP/UDP port monitoring function. This occurs on all NAM platforms.

Workaround: After the software upgrade is completed and you boot up NAM 3.6(1a), manually enable TCP/UDP port monitoring located using the Setup > Monitor > TCP/UDP Port window. You can click on any column header to sort by that column. After manually enabling TCP/UDP port monitoring, the CSV export will function correctly.

CSCsr22826

An error occurs when you set up the NAM to synchronize NAM system time with Network Time Protocol (NTP) Server

Symptom: You receive the following error message when you attempt to synchronize NAM System Time with NTP server. 

"Hostname(s) x.x.x.x are not resolvable with current DNS settings and may be invalid. 
Please enter a valid NTP server."

Workaround: Use CLI commands.

CSCsr27717

Some NAM switchport reports might show incorrect values.

Symptom: The NAM switchport reports might show incorrect bytes and packets values.

Conditions: This problem affects only NAM-1 and NAM-2 modules and only some target switchport reports.

Workaround: Go to the Report > Basic Report window, and view the TopN report.

CSCsr57890

The NAM-2 GUI occasionally shows CPU Utilization to be 100%.

Symptom: The System Overview (Admin > System > System Resources) occasionally shows the CPU Utilization to be 100%.

Conditions: This occurs under normal operating conditions on the NAM-2 when running NAM 3.5, 3.6(1a), or 3.6(1b) software.

Workaround: Restart the NAM

CSCsu22357

The NAM CLI command show version shows the wrong amount of memory

Symptom: The NAM CLI command show version shows 2 GB of memory when it should show 1 GB.

Conditions: This occurs on the NME-NAM-120S under normal operating conditions.

Workaround: Use the NAM CLI command show memory on the NME-NAM-120S instead.

CSCsy08606

NAM might show incorrect Protocol Usage for hosts

Symptom: From the NAM GUI window at Monitor > Hosts, click any host.

Check the Application Protocol Usage and compare that value with the protocol usage on the left-hand side (From/To column). Some of the the values might not match up correctly.

Conditions: This occurs on NAMs running NAM 3.6(1a) and NAM 3.6(1b).

Note This issue has been eliminated in NAM 4.0.

Workaround: Try to increase maximum entries for host and conversation by clicking Setup > Monitor on the NAM GUI, or set to Max Possible. Doing so might not help and can cause NAM performance issues. See NAM Shows Incorrect Protocol Usage for Hosts for more detailed information.


Anomalies Resolved in NAM 3.6(1b)

Table 9 describes anomalies that existed in earlier releases of NAM software that have been resolved in the NAM 3.6(1b) software release. Each anomaly listed includes symptoms, conditions, and any workaround available.

Table 9 Anomalies Resolved in NAM 3.6(1b) 

Bug ID
Description

CSCse04668

The NAM is unable to identify span ports for SIP-600/SPA-10X1GE and similar hardware.

Symptom: NAM uses SNMP object moduleNumPorts to locate span interfaces and moduleNumPorts is not available on the 7600-SIP-600/SPA-10X1GE and similar hardware (such as ES20). Newer versions of Cisco IOS use ENTITY-MIB, and the NAM should also query for these values to locate interfaces that can be spanned.

The Setup > Data Sources > Switch Modules window does not list SPA-10X1GE as an available module with available sources.

Conditions: This occurs during normal operating conditions.

Workaround: Create the span using CLI monitor session commands like the following: 

config term

monitor session 1 source GigabitEthernet 1/0/1

monitor session 1 destination 7/7

CSCsj64804

NAM does not display ports with double quotes when you create a data source.

Symptom: NAM does not seem to understand the double quote character correctly in data source creation.

Conditions: This is seen on NAM 3.6(1), other versions may also be affected.

Workaround: None.

CSCsj72118

NAM Application Response Time shows wrong transaction time counters

NAM 3.6(1) may show different average and maximum transaction times in the Monitor >
Response Time > Server > Client Application window compared to the average and maximum transaction times in the Response Time Server / Client Application details window. Both the main Server / Client Application and the Details window should show the same information.

Symptom: NAM 3.6(1a) might show different average and maximum transaction times in the Monitor >
Response Time > Server > Client Application window compared to the average and maximum transaction times in the Response Time Server / Client Application details window.

Both the main Server / Client Application and the Details window should show the same information.

Conditions: Viewing display of Average and Maximum Transaction Times.

Workaround: None.

CSCsj83682

Cannot capture ERSPAN packets when attempting to capture from Monitor > Conversations window.

Symptom: Cannot capture ERSPAN packets from Monitor > Conversations window.

Conditions: This occurs during normal operations.

Workaround: Set up captures through the Capture tab.

CSCsl71489

When displaying the VSS power information, the chassis information is reversed.

Symptom: When displaying the redundant power on a VSS system, chassis 1 and chassis 2 information is reversed.

Conditions: This occurs when you attempt to display power information on the Switch Information window under Monitor > Switch > Health on a VSS system using NAM 3.6(1a) Patch 2.

Workaround: None

CSCsl73571

NAM cannot communicate with RMON after attempting to enable a URL collection after several repeated failures

Symptom: The NAM does not communicate with RMON.

Conditions: This occurs with NAM 3.6(1a) when you attempt to enable a URL collection after several repeated failures from the Setup > Monitor > URL Collection window. The following error messages might also display: 

Error Communicating with RMON deamon

or

Lost communication with RMON

Workaround: None, but after a few minutes, RMON will come up automatically, and the system will function normally again.

CSCsm69310

A known IOS issue might cause you to lose connectivity to the NAM.

Typical symptoms are:

CLI login attempts to the NAM fail.

You cannot launch the NAM GUI.

Pings to the NAM IP address fail.

You are able to create a NAM session from the supervisor CLI

Packet forwarding from Sup720-10GE uplink ports to Fabric-enabled (65xx) linecards can fail when all of the following conditions are met:

Conditions for 12.2(33)SXH:

1. Sup720-10GE is running 12.2(33)SXH release.

2. There is at least one Legacy-based linecard (61xx/62xx/63xx), and the number of fabric enabled (65xx) linecards in the system is less than the truncated mode threshold (default threshold is 2).

3. There is no dCEF720 (DFC-based) linecard in the system.

Conditions for 12.2(33)SXH1:

1. Sup720-10GE is running 12.2(33)SXH1 release.

2. There is at least one Legacy-based linecard (61xx/62xx/63xx), and the number of fabric enabled (65xx) linecards in the system is less than the truncated mode threshold (default threshold is 2).

3. There is no dCEF720 (DFC-based) linecard in the system.

4. With 12.2(33)SXH1 release, if you have changed the default threshold configuration using a value greater than 2 with a global command like the following:

fabric switching-mode allow truncated threshold <value>

and the number of fabric enabled (65xx) linecards in the system is less than the configured threshold, you will experience the packet forwarding problems described above.

With 12.2(33)SXH1, if the default threshold configuration has not been changed (remains set to 2), you will not experience the packet forwarding problems.

Workaround for 12.2(33)SXH:

Use the following configuration CLI:

Router(config)# fabric switching-mode allow truncated threshold 1


Workaround for 12.2(33)SXH1

No workaround is needed if you use the default configuration (threshold set to 2).

If you do change the default configuration is issued, set the threshold to 1.

CSCso70237

WS-SVC-NAM-1 and WS-SVC-NAM-2 modules experience timeouts and reboots when capturing to local disk.

Note Although this problem was found during NAM 3.6(1b) development, you might experience this problem if you upgrade your NAM-1 or NAM-2 memory to 2 GB, but do not upgrade your software to NAM 3.6(1b).

Symptom: After enabling continuous capture to local disk, WS-SVC-NAM-1 and WS-SVC-NAM-2 modules start thrashing memory after a while and becomes unresponsive to the user and the supervisor. The supervisor module might even reset the NAM because of missing keep-alive timeouts.

Conditions: This occurs with WS-SVC-NAM-1 and WS-SVC-NAM-2 devices that have upgraded memory to 2 GB and are running continuous captures with NAM 3.6(1a) (or earlier) software.

Workaround: None


Anomalies Resolved in NAM 3.6(1a)

Table 10 describes anomalies resolved in NAM 3.6(1a) software. Each anomaly listed includes symptoms, conditions, and any workaround available.

Table 10 Anomalies Resolved in NAM 3.6(1a) 

Bug ID
Description

CSCsj08353

NAM-1 and NAM-2 modules should provide a way to save the gateway and host name information

Symptom: The file named network on the /nvram/config partition on the hard disk is occasionally corrupted, causing loss of network configuration.

Conditions: This occurs under normal operating conditions.

Workaround: Reinstall the NAM image.

Note You will lose previously-existing data when you reinstall the NAM image.

CSCsj42259

When monitoring MPLS traffic, some GUI screens show no data.

Symptom: When monitoring traffic on an MPLS-enabled network, some of the Monitor screens in the NAM web interface do not show any data, such as the Hosts and Conversations screens.

Conditions: This occurs while viewing Monitor data after selecting anything other than an appropriate MPLS data source, such as All Span, Data Port 1, or Data Port 2. It only occurs if the traffic being monitored is tagged with MPLS labels.

Workaround: You might create one or more MPLS data sources, representing VRFs, VCs, or raw label values. The data will then be properly displayed when selecting those data sources on the affected Monitor windows.

Additional Information: MPLS is often used in service provider environments where the same IP addresses might actually be in use by different hosts on different subscriber networks. The traffic differs only in the MPLS labels. In this scenario, it would not make sense to group together all the counters for these different hosts and conversations simply because they are using the same IP addresses. Therefore, the counters are only available on the appropriate MPLS data sources. In the future, an option might be added to aggregate the counters and show Hosts and Conversations data even if the MPLS tags differ.

CSCsj42301

When viewing application statistics for MPLS under the ALL SPAN data source, the values for the MPLS protocol counters are twice what they should be.

Conditions: This anomaly occurs with all MPLS-tagged traffic.

Workaround: None

CSCsj42593

The counters on the Monitor > Applications > TCP/UDP Port Table > Current Rates window are all zeroes.

Symptom: The Monitor TCP/UDP port table had entries with zeroes in the counters, although the Monitor > Applications window showed the same entries increasing.

Conditions: This occurs under normal operation.

Workaround: Disable the TCP/UDP port table from the Setup > Monitor window.

CSCsj42889

NAM should prevent you from adding a second instance of a port already configured in the Selected Sources.

Symptom: On the Create and Edit windows of Setup > Datasource, you can enter the same datasource with different directions (Transmit and Both). However, only the first datasource added to the selection list is accepted. There were no error messages to indicate that you could not add the same datasource with different directions when you add instances of a datasource you have already configured.

Conditions: In the case of direction (Receiving), the code worked correctly and you would not be able to add the same datasource twice.

Workaround: None.

CSCsj44197

Filter selection is incorrectly labeled on the Monitor > Conversations > Application Hosts window. The selection should be Source, Destination, and Source and Destination.

Symptom: Filter selections on the Monitor > Conversations > Application Hosts window are labeled Client, Server, and Client and Server. However, the headers show Source and Destination so the selection box should be labeled Source, Destination, and Source and Destination

Conditions: This occurs under normal operating conditions.

Workaround: None.

CSCsj49921

An empty Basic Conversation TopN report is seen with the default Period

Symptom: Report with 8-hour polling interval cannot be seen with the default report period and granularity settings.

Conditions: This happens when the reports are configured with a polling interval greater than the default granularity (1 hour).

Workaround: Select different report periods (weekly, monthly) that have granularity higher than 8 hours.

CSCsj51193

Modify some time displays of from 00:00 to 24:00 on the topN report window

Symptom: The TopN report should display 24:00 instead of 00:00 as the last hour of the day in TopN report.

Conditions: This occurs when working with TopN reports.

Workaround: None.

CSCsj59453

The Add Dest. Port 2 function is not working with a large number of VLANs configured on the
Setup > Data Sources > SPAN window.

Instead of the SPAN being created, an Invalid syntax error displays.

Symptom: Add Dest Port 2 does not work when a lot of VLANs are configured on Dest Port 1.

Conditions: This only happens when there are an excessive number of VLANs with browsers handling large strings.

Workaround: None.

CSCsj69018

Ports to be added to the Selected Sources list are blocked on the Edit window.

Symptom: When editing datasources, if the direction was Transmit or Both, nothing would happen when you tried to add more datasources to the selection list. The Receive worked fine.

Conditions: This occurs under normal operating conditions.

Workaround: Delete the previously added datasource, and use create to add a block of datasources.

CSCsj69260

Operation status and Administrator status are not in text.

On the On the setup > Switch Parameters > NBAR window, when selecting an interface and going to the detail screen, sometimes the operational status, administrator status and interface type show as integers rather than strings.

Conditions: This occurs under normal operating conditions.

Workaround: Repeatedly click on the interface a few times. Eventually the correct information will be displayed.

CSCsj69329

The Application Protocol Usage chart is missing from the Network Hosts window.

Symptom: On the Monitor > Conversations > Network hosts window, when selecting a host and bringing up the pop-up details, there was no pie chart showing application usage.

Conditions: This occurs under normal operations.

Workaround: None.

CSCsj71015

Refresh button on the Setup > Switch Parameters > Mini-RMON window causes an error

Symptoms: On the Setup > Switch Parameters > Mini-RMON window, the Refresh button causes an error and unknown or invalid url to display on the screen.

Conditions: This occurs under normal operations.

Workaround: None.

CSCsj72118

NAM Automate Response Time shows wrong transaction time counters

NAM 3.6(1) may show different average and maximum transaction times in the Monitor >
Response Time > Server > Client Application window compared to the average and maximum transaction times in the Response Time Server / Client Application details window. Both the main Server / Client Application and the Details window should show the same information.

Symptom: NAM 3.6(1a) might show different average and maximum transaction times in the Monitor >
Response Time > Server > Client Application window compared to the average and maximum transaction times in the Response Time Server / Client Application details window.

Both the main Server / Client Application and the Details window should show the same information.

Conditions: Viewing display of Average and Maximum Transaction Times.

Workaround: None.

CSCsi07827

The Create SPAN data source window should still display after clicking the Refresh button.

Symptoms: Create SPAN data source window does not retain values.

Conditions: This problem occurs on the Setup > Data Sources > Create SPAN window after you click Create and select SPAN Type of VLAN and click Refresh. The window returns with SPAN type Switch Port and SPAN Destination Interface DATA PORT 1 when the window should remain on the previous setting.

Workaround: None. We suggest that you hit Refresh before saving your selections.

CSCsi09392

The NAM GUI does not allow more than one Transmit monitoring session.

Symptoms: The GUI only allows you to add one Transmit session. This restriction applied to older versions of the switch. Currently, the switch does not have this restriction.

Conditions: This occurs under normal operations.

Workaround: Use the CLI to configure more than one Transmit session.

CSCsi74356

NAM exception occurs for fragmented GRE-encapsulated packets

NAM sometimes has exception events when fragmented GRE-encapsulated packets are span/VACL/RSPAN/ERSPAN to the NAM.

Symptom: In some cases, if fragmented tunneled packets (such as GRE) are received, one of the NAM processes might crash and be restarted later by a watchdog.

Conditions: This defect might occur when a fragmented IP datagram is received for monitoring or when a capture taken inside a tunnel such as GRE.

Workaround: None.

CSCsi97446

A device's physical address is not readable.

Symptom: On the Monitor > Switch > Mini-Rmon detail window, the physical address was being shown as garbage.

Conditions: This occurs under normal operating conditions.

Workaround: The problem occasionally goes away after you bring up a new Details window.


Anomalies Resolved in NAM 3.6

Table 11 describes anomalies found in earlier releases of NAM that were resolved in NAM 3.6.

Table 11 Anomalies Resolved in NAM 3.6 

Bug ID
Description

CSCse90874

Several PHP errors occur when monitor collection is not configured.

Symptoms: The Show Tech window displays PHP errors for several monitor windows when the particular monitor table is not enabled or there is no data for that table.

Conditions: This only happens when there is no monitor data for a particular window.

Workaround: A workaround is not necessary. These errors do not affect data being displayed properly when it is available. It is a matter of the code trying to read the array of data when there is no array of data. Therefore, a PHP error is generated.

CSCse90896

Setup > Preferences window has PHP errors if values in file are 0.

Symptoms: PHP errors occur if you modify the Setup > Preferences information.

Conditions: This only happens when the database is being updated with a false value and the value is already false.

Workaround: No workaround is necessary. A minor change in the file calls will correct the error messages. But the correct values of false are still being saved in the database file.

CSCse97810

NAM 3.5(1) remote-storage CLI throws errors on exit when nothing is done.

Symptoms: If you use the CLI command remote-storage then exit without doing anything, the following errors occur: 

root@myname(sub-rs-nfs)# exit

ERROR: NFS description is not set.

To provide NFS description, use 'descr' subcommand.

Invalid parameter!

Conditions: This is only an issue for NAM 3.5(1). Older versions do not support remote-storage functions and are not affected.

Workaround: Ignore the errors.

CSCse97829

NAM 3.5(1) GUI throws errors when adding an NFS drive directory with a dash character (-) in its name.

Symptoms: NAM remote-storage CLI allows a directory name is allowed to have a dash character (-).

However, if you try to use the NAM GUI interface and create an NFS drive using a directory name of something like nam-dir, you will see the errors.

Conditions: This is only an issue for the NAM 3.5(1). Older versions are not affected.

Workaround: Ignore the errors, or use the CLI command remote-storage instead of the GUI interface.

CSCsf02903

Enhancement request to add support for StationCallInfoV2Message for SCCP.

Symptoms: When using Cisco Unified CallManager 5.0.2 to manager SCCP phones, NAM cannot detect SCCP calls because StationCallInfoMessage (0x8F) is replaced by StationCallInfoV2Message (0x14A). NAM does not currently support StationCallInfoV2Message.

Conditions: This occurs if StationCallInfoV2Message is used by CallManager.

Workaround: None

CSCsf03723

If the control index (etherStatsIndex) of the etherStatsHighCapacityTable is larger than 65535, an SNMP walk on the etherStatsHighCapacityTable will loop (get-next returns index smaller or identical than previous one).

Symptoms: SNMP walk on etherStatsHighCapacityTable loops (get-next returns smaller or equal index).

Conditions: This occurs when etherStatsIndex is larger than 65535.

Workaround: Remove etherStatsEntry rows with etherStatsIndex larger than 65535.

Further Problem Description: The valid values for etherStatsIndex is 1-65535. The NAM fails to check for indices larger than 65535 and fails to handle them well when walking the etherStatsHighCapacityTable.

CSCsg52033

On WS-SVC-NAM-1 the packet length reported in capture through SNMP and the web GUI decode window is wrong for jumbo packets.

Symptoms: Packet length for captured packets on WS-SVC-NAM-1 is wrong for packets larger than 2048 bytes.

Conditions: This only affects the WS-SVC-NAM-1 and only for packets larger than 2048 bytes. The statistics in Monitor and Reports are not affected, only capture (both SNMP and in the web GUI). The capture file is not affected.

Workaround: Capture to file.

CSCsg54607

Creating a new etherStats entry with etherStatsStatus = valid(1) fails.

Symptoms: Creating a new etherStats entry with initial etherStatsStatus = valid(1) fails.

Conditions: This problem affects all NAM platforms under normal operation.

Workaround: Create new entry with etherStatsStatus = createRequest(2) and then change it to valid afterwards.

CSCsg54624

Creating a new channel entry with initial channelStatus = createRequest(2) fails.

Symptoms: Creating a new channel entry with initial channelStatus of createRequest(2) fails.

Conditions: This problem affects NAM platforms that use SNMP to do this configuration.

Workaround: Create a new channel entry with channelStatus of valid(1).

CSCsg62683

TopN data duplication is caused by old data are not properly removed for NAM-2 Reports.

Symptoms: The TopN data are occasionally duplicated from one interval to the next. The duplication is caused by old data not being properly removed.

Conditions: This occurs on TopN data reports of very active data sources.

Workaround: There is no workaround except to restart the NAM to fix the problem temporarily (by flushing out old data). The problem might eventually return.

CSCsg64270

The NAM does not respond to keepalive polling after a switch reload.

Symptoms: NAM-1 or NAM-2 are powered down and the supervisor log reports that NAM was shut down due to missed Keepalive responses:

The NAM-2 module is power cycled because it does not respond to keepalive polling after a switch reload or when using output-intensive commands from a supervisor session.

This problem is more frequent with ION images than the IOS images. The module might power-cycle several times prior to becoming operational. 

%OIR-SP-3-PWRCYCLE: Card in module 7, is being power-cycled off (Module not responding to Keep 
Alive polling)

Conditions: WS-SVC-NAM-1 or WS-SVC-NAM-2 in Catalyst 6500 or 7600 family chassis with Supervisor 720 running IOS. Most often seen when NAM or switch is reloading (starting up) or when using session from supervisor to NAM and running commands with a lot of output (like show tech-support), but could happen at any time there is a lot of traffic on the EOBC.

Further Problem Description: The problem is caused by the EOBC MAC transmit queue getting stuck due to missing configuration. The timeout of the MAC to detect the problem is about the same time (5 seconds) as the Keepalive polling timeout. The Transmit queue seems to get stuck when there is a lot of traffic on the EOBC.

Workaround: Keep reloading or powering up the NAM. Or from the SP CLI (remote login switch) issue the command:

debug oir no-reset-on-crash <NAM module #>

You can also use Telnet or SSH to the NAM CLI for output-intensive commands.

CSCsg97421

Adopt new default daylight savings time (DST) rules from Energy Policy Act of 2005.

Symptoms: The impact of these changes is that the default values, which have been set for U.S. Standards, will be incorrect until the default values are changed in later versions of code. Furthermore, those systems that reside within time zones that are currently congruent with the United States definitions might no longer be so. This means that later versions of code might require the use of the summertime command to properly reflect current local time.

Conditions: For operating systems that have not been updated with the new DST policy changes, product time stamps will exhibit a one-hour time clock delay lasting three weeks beginning at 2 a.m. on the second Sunday in March of 2007 and as a one-hour clock delay lasting one week beginning at 2 a.m. on the first Sunday in November.

Workaround: None

CSCsg99886

HTTP header parsing is looping.

Symptoms: The message HTTP header parsing is looping! displays in the output of show tech-support command.

Conditions: This occurs with certain malformed HTTP request packets.

Further Problem Description: The impact is minimal as the parser detects the loop and aborts further parsing of the packet.

Workaround: None

CSCsg99868

Packet counters wrong for aged-out and relearned entries.

The rate calculated (in polld) is wrong for entries that are aged-out and then relearned later. This might happen when a lot of entries come back to the Monitor windows after some time.

Symptoms: Counters in the NAM web GUI Monitor Current Rate windows are too high.

Conditions: This problem occurs after returning to the current rate window after more than one hour and the collections are full (entries are being aged out). The rate calculated (in polld) is wrong for entries that are aged-out and then relearned later.

Workaround: Wait a few refresh intervals for data to settle.

CSCsh18288

UDP port 139 is misclassified for NDE.

Symptoms: No statistics for UDP ports 139 and TCP port 445 are shown in the monitor application windows for NDE (NetFlow export) data sources.

Conditions: This only affects the NAM web GUI. SNMP will report the counters. NDE classifies UDP port 139 as nbt-session but should use nb-unknown. The same issues affects port TCP port 445. The NAM classifies these applications as nbt-session instead as nb-unknown. An nbt-session is not a leaf protocol in the protocolDir. Only leaf protocols are shown in the NAM web GUI.

Workaround: None.

CSCsh31426

ssh is disabled after a reboot.

Symptoms: you cannot ssh to the NAM card after a reboot.

Conditions: This problem occurs on all NAM hardware platforms using NAM software version 3.5(1A) with nam-app.3-5.cryptoK9.patch.1-0.bin applied and ssh enabled (exsession on ssh).

Workaround: Enable ssh on the card after rebooting by using session from supervisor.

CSCsh49604

Error occurs when connecting to RMON daemon while creating a datasource for MPLS VRF.

Symptoms: When trying to create an MPLS data source from an imported VRF or VC, the following error message displays: 

Error connecting to RMON daemon while creating Datasource.

When this occurs, the GUI will be unresponsive for up to a few minutes and all existing MPLS and VLAN datasources will be lost.

Conditions: This anomaly occurs very rarely.

Workaround: Wait for the GUI to become responsive again, re-import the MPLS information from the router (or a file), then recreate the data sources you want to monitor.

CSCsj69580

Granularity should be set to the same or greater value of the polling interval for the TopN reports

Symptom: Report with 8-hour polling interval cannot be seen with the default report period and granularity settings.

Conditions: This happens when the reports are configured with a polling interval greater than the default granularity (1 hour).

Workaround: Select different report periods (weekly, monthly) that have granularity higher than 8 hours.


This document is to be used in conjunction with the documents listed in the "Product Documentation" and "Related Product Documentation" sections.

CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0910R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2009 Cisco Systems, Inc. All rights reserved.