Feedback
Table Of Contents
Viewing the Switch Information
Setting Up NBAR Protocol Discovery
Enabling and Disabling Port Stats (Mini-RMON)
Applying Router System Information
Understanding NetFlow Interfaces
Understanding NetFlow Flow Records
Configuring NetFlow on Devices
Configuring VACL on a WAN Interface
Configuring VACL on a LAN VLAN
Testing the Router Community Strings
Automatic Discovery of MPLS VPN Labels
Setting Up Layer 3 VRF Data Sources
Setting Up Layer 2 Virtual Circuit Data Sources
Setting Up MPLS Label Data Sources
Creating a VRF/VC Configuration File
Importing a VRF/VC Configuration File
Exporting a VRF/VC Configuration File
Creating Response Time Data Collections
Editing Response Time Data Collections
Deleting Response Time Data Collections
Setting Up the DiffServ Profile
Monitoring URL Collection Data
Setting Up the Protocol Directory
Setting Up Autolearned Protocols
Setting Up URL-based Applications
Creating a URL-based Application
Editing a URL-based Application
Deleting a URL-based Application
Setting Up RTP Stream Thresholds
Creating a NAM Trap Destination
Editing a NAM Trap Destination
Deleting a NAM Trap Destination
Setting Up the Application
Use the NAM Setup window, Figure 3-1, to set up and configure the NAM application. Set up the NAM application in the sequence shown.
Figure 3-1 Setup Window
This chapter contains the following sections:
•
Setting Up the Protocol Directory
Switch Parameters
From the Switch Parameter window, you can view the switch system information, enable and disable NBAR, enable and disable port stats (mini-Rmon), and configure switch login configuration.
•
•
•
Viewing the Switch Information
Note
To view the Switch Information, Table 3-1, choose Setup > Switch Parameters.
Setting Up NBAR Protocol Discovery
Note
From the Switch Parameter window, you can view the NBAR Status information and enable or disable NBAR on all interfaces.
To set up NBAR protocol discovery:
Step 1
Note
The NBAR Status window appears with the following options:
•
•
•
•
Note
The NBAR Interfaces window displays. Figure 3-2 shows an example of the NBAR Interfaces window.
Figure 3-2 NBAR Interfaces Window
The NBAR Interfaces window lists known interfaces by name and type. Check its check box to enable an interface.
You must enable the NBAR Interfaces feature for the NAM to provide information about ethernet ports on the Monitor > NBAR window. Select the ports you want to enable, then click Submit to turn on NBAR for those ports.
The All check box affects only the ports displayed on the current screen. Click the All check box to select all ports displayed on the current window. Clear the All check box to deselect all ports displayed on the current window. The Reset button resets the any changes you might have made to the NBAR window and it reverts to its previous settings.
To view details on an individual Port Stat, click on the Port Name. A Port Statistics detail window displays with the following information:
•
•
•
•
•
•
•
•
Tip
Note
Tip
Enabling and Disabling Port Stats (Mini-RMON)
Note
You must enable the Mini-Rmon switch feature for the NAM to provide information about ethernet ports on the Monitor > Port Stats window. Select the ports you want to enable, then click Submit to turn on Mini-Rmon for those ports. Click the All check box to select or deselect the ports displayed on the current screen.
The Reset button resets the any changes you might have made to the Mini-RMON ports window and it reverts to its previous settings.
Note
To enable and disable interfaces or view Port Stats details:
Step 1
The Switch Information (Table 3-1) displays.
Step 2
The Port Stats (Mini-RMON) window displays listing known ports and their type. Figure 3-3 shows an example of the top portion of the Mini-RMON Port Statistics window.
Figure 3-3 Mini-RMON Port Statistics Window
Port Stats (Mini-RMON) Details
Table 3-3 describes the fields of the Port Stats (Mini-RMON)
Step 3
After you make changes to this window, click Submit to apply the changes, then click Save to save the changes to the start-up configuration.
The Refresh button causes the NAM to update the switch configuration information with the current configuration. The All check box affects only the ports listed on this window. The Reset button resets the any changes you might have made to the Mini-RMON ports window and it reverts to its previous settings.
Step 4
A Port Statistics detail window displays with the following information:
•
•
•
•
•
•
•
•
Tip
Configuring Switch Login
The NAM uses switch login information to log in to switches to monitor MPLS. You must provide a user name, password (if required), and login method, either telnet or SSH. Table 3-4 describes the fields and functions of the Switch Login Configuration window.
Note
Router Parameters
From the Router Parameter window you can view the router information and set up NBAR Protocol Discovery.
•
•
Applying Router System Information
This section describes how to set router parameters.
Note
Step 1
The Router System Information displays as shown in Table 3-5.
Step 2
•
•
•
Setting Up Data Sources
There are four versions of the NAM:
•
•
•
•
The NME-NAM device has two Gigabit Ethernet ports—an internal interface and an external interface. The NM-NAM device has two FastEthernet data ports—an internal interface and an external interface. One of the two interfaces must be selected as the NAM management port for IP traffic (such as HTTP and SNMP). The NAM can monitor traffic for analysis on the internal interface, the external interface, or both simultaneously. A typical configuration is to monitor LAN and WAN traffic on the internal interface. However, the external interface can be used to monitor LAN traffic.
Depending on the IOS running on the Supervisor, port names are displayed differently. Earlier versions of CatOS displayed port names as 2/1 and 3/1 meaning module 2, port 1 and module 3 port 1. Newer versions of IOS software display a port name as Gi2/1 to represent a Gigabit port on module 2 port 1. In the VSS, a port name might be displayed as Gi1/2/1to represent a Gigabit port on switch 1, module2, port 1.
The following information describes how to set up NetFlow and SPAN sessions for the WS-SVC-NAM-1 and WS-SVC-NAM 2 devices.
WS-SVC-NAM-1 devices can have only one active SPAN session. You can select a switch port, VLAN, or EtherChannel as the SPAN source; however, you may select only one SPAN type. WS-SVC-NAM-2 devices and switch software support two SPAN destination ports.
Before you can monitor data, you must direct specific traffic flowing through a switch to the NAM for monitoring purposes. Use the methods described in the Methods of Directing Traffic table (Table 3-6).
SPAN Sessions
Note
The SPAN Sources (Table 3-7) describes the streams of traffic you can use as SPAN sources.
You can also use locally generated NDE records (the NDE source) as a packet stream to populate NAM collections. You can activate only a subset of the NAM collection types defined in the NDE Collection Types Table, Table 3-8, on the NDE source.
Note
Creating a SPAN Session
Note
Creating a SPAN session on a switch running Catalyst OS software and a switch running Cisco IOS software are different. The following procedure applies to switches running both Catalyst OS and Cisco IOS software unless otherwise stated.
Step 1
The Active SPAN Sessions Dialog Box(Table 3-9) displays. The SPAN session directed to the NAM is selected by default, otherwise the first radio button is selected.
Table 3-9 Active SPAN Sessions Dialog Box
Monitor Session
Monitor session of the SPAN.
Note
Type
Type of SPAN source.
Source - Direction
Source of the SPAN session and direction of the SPAN traffic.
For port SPAN types, the source displays the port name and source status after you SPAN it—down, testing, or dormant.
When creating a SPAN session, you can select all ports regardless of their state. See Table 3-10 for a description of the possible SPAN states.
Note
Dest. Port
Destination port of the SPAN session.
Dest. Module
Destination module of the SPAN session.
Status
Status of the SPAN session:
Active—Traffic at the SPAN source is being copied to the SPAN destination
Inactive—Traffic at the SPAN source will not be copied to the SPAN destination
Unknown—A mixture of both active and inactive status
Table 3-10 lists the possible SPAN states. The SPAN state displays in parenthesis in the Source - Direction column
Step 2
The Create SPAN Session Dialog Box (Table 3-11) displays. Switch Port is the default for the SPAN Type.
Step 3
Step 4
The Active SPAN Sessions window displays and the SPAN session is saved for switches running Catalyst OS software only.
Step 5
Note
Editing a SPAN Session
You can only edit SPAN sessions that have been directed to the NAM.
Note
To edit a SPAN session:
Step 1
The Active SPAN Sessions dialog box displays.
Step 2
The Edit SPAN Session Dialog Box, Table 3-12, displays.
Step 3
Deleting a SPAN Session
Note
To delete a SPAN session, select it from the Active SPAN Session dialog box, then click Delete.
Understanding NetFlow Interfaces
To use a remote device as an NDE data source for the NAM, you must configure the remote device itself to export NDE packets to UDP port 3000 on the NAM. You might need to configure the device itself on a per-interface basis. An NDE device is identified by its IP address. By default the switch's local supervisor engine is always available as an NDE device.
You can define additional NDE devices by specifying the IP addresses and (optionally) the community strings. Community strings are used to upload convenient text strings for interfaces on the remote devices that are monitored in NetFlow records.
Distinguishing among different interfaces on the remote NDE devices is a feature in this release that allows you to arbitrarily bundle groups of interfaces on each remote NDE device into a conceptual data source instead of simply grouping all flows into the same collections.
If you try to distinguish every interface on every remote device (potentially in both directions separately), this action could result in a large, unmanageable number of data sources. By using conceptual data sources, you have complete flexibility to group all interfaces in all directions into a single conceptual data source.
You could also choose to create a separate conceptual data source for each interface on the device. In general, you can combine any number of "simple flow paths" to form a conceptual data source. Each simple flow path can consist of a single interface in the input direction, the output direction, or both directions.
The following restrictions apply to creating conceptual data sources and assigning flow paths to them.
•
•
•
Understanding NetFlow Flow Records
An NDE packet contains multiple flow records. Each flow record has two fields:
•
•
Note
In most cases, turning on NetFlow on an interface populates the NetFlow cache in the device with flows that are in the input direction of the interface. As a result, the input SNMP ifIndex field in the flow record has the ifIndex of the interface on which NetFlow was turned on. Sample NetFlow Network, Figure 3-4, shows a sample network configuration with a NetFlow router.
Figure 3-4 Sample NetFlow Network
The Reporting Flow Records table (Table 3-13) lists the reported flows if NetFlow is enabled on interface a.
Table 3-13 Reporting Flow Records
a
b
Yes
a
c
Yes
b
c
No
b
a
No
c
a
No
c
b
No
Configuring NetFlow on Devices
The configuration commands for NetFlow devices to export NDE packets to the NAM are platform and device specific. The example configuration commands provided here are the ones most commonly found for devices running Cisco IOS or Catalyst OS. For more detailed information, see your device documentation.
For Devices Running Cisco IOS
Step 1
Prompt#configure terminalPrompt(config)#interface <type slot/port>Prompt(config-if)#ip route-cache flowStep 2
Prompt(config)#ip flow-export destination <NAM IP address> 3000
For Devices Supporting Multi-Layer Switching Cache Running Cisco IOS
Step 1
Prompt(config)#mls nde sender version <version-number>
Note
Step 2
Prompt(config)#mls flow ip fullStep 3
Prompt(config)#mls nde senderStep 4
Prompt(config)#ip flow-export destination <NAM IP address> 3000
For Devices Supporting NDE v8 Aggregations Running Cisco IOS
Step 1
Prompt(config)#ip flow-aggregation cache <aggregation-type>Where aggregation-type can be:
•
•
•
•
Step 2
Prompt(config-flow-cache)#enableStep 3
Prompt(config-flow-cache)#export destination <NAM address> 3000
For Devices Running Catalyst OS
Step 1
Prompt>(enable) set mls nde version <nde-version-number>
Note
Step 2
Prompt>(enable) set mls flow fullStep 3
Prompt>(enable) set mls nde enableStep 4
Prompt>(enable) set mls nde <NAM address> 3000
For Devices That Support NDE Export From Bridged-Flows Statistics
Step 1
Prompt>(enable) set mls bridged-flow-statistics enable <vlan-list>Step 2
Prompt>(enable) set mls nde <NAM address> 3000
For NAMs Located in a Device Slot
If the NAM is located in one of the device slots, the device can be set up to export NDE packets to the NAM.
Step 1
Prompt>(enable) set mls nde version <nde-version-number>Step 2
Prompt>(enable) sel mls nde fullStep 3
Prompt>(enable) set mls nde enableStep 4
Prompt>(enable) set snmp extendedrmon netflow enable <NAM-slot>
Configuring VACL on a WAN Interface
Because WAN interfaces do not support the SPAN function, you must use the switch CLI to manually configure a VACL in order to monitor WAN traffic with the NAM. This feature only works for IP traffic over the WAN interface.
VACL can also be used of there is no available SPAN session to direct traffic to the NAM. In this case, a VACL can be set up in place of a SPAN for monitoring VLAN traffic.
The following example shows how to configure a VACL on an ATM WAN interface and forward both ingress and egress traffic to the NAM. These commands are for switches running Cisco IOS version 12.1(13)E1 or higher. For LAN VACLs on Catalyst OS, the security Access Control List (ACL) feature can be used to achieve the same result. For more information on using these features, see your accompanying switch documentation.
Cat6509#config terminalCat6509(config)#access-list 100 permit ip any anyCat6509(config)#vlan access-map wan 100Cat6509(config-access-map)#match ip address 100Cat6509(config-access-map)#action forward captureCat6509(config-access-map)#exitCat6509(config)#vlan filter wan interface AM6/0/0.1Cat6509(config)#analysis module 3 data-port 1 capture allowed-vlan 1-4094Cat6509(config)#analysis module 3 data-port 1 captureCat6509(config)#exitTo monitor egress traffic only, get the VLAN ID that is associated with the WAN interface by using the following command:
Cat6509#show cwan vlan Hidden VLAN swidb->i_number Interface1017 94 ATM6/0/0.1
Once you have the VLAN ID, configure the NAM data port using the following command:Cat6509(config)#analysis module 3 data-port 1 capture allowed-vlan 1017To monitor ingress traffic only, replace the VLAN number in the capture configuration with the native VLAN ID that carries the ingress traffic. For example, if VLAN 1 carries the ingress traffic, you would use the following command:
Cat6509(config)#analysis module 3 data-port 1 capture allowed-vlan 1Configuring VACL on a LAN VLAN
For VLAN Traffic monitoring on a LAN, traffic can be sent to the NAM by using the SPAN feature of the switch. However, in some instances when the traffic being spanned exceeds the monitoring capability of the NAM, you might want to pre-filter the LAN traffic before it is forwarded. This can be done by using VACL.
The following example shows how to configure VACL for LAN VLAN interfaces. In this example, all traffic directed to the server 172.20.122.226 on VLAN 1 is captured and forwarded to the NAM located in slot 3.
Cat6509#config terminalCat6509#(config)#access-list 100 permit ip any anyCat6509#(config)#access-list 110 permit ip any host 172.20.122.226Cat6509#(config)#vlan access-map lan 100Cat6509#(config-access-map)match ip address 110Cat6509#(config-access-map)#action forward captureCat6509#(config-access-map)#exitCat6509#(config)#vlan access-map lan 200Cat6509#(config-access-map)#match ip address 100Cat6509#(config-access-map)#action forwardCat6509#(config-access-map)#exitCat6509#(config)#vlan filter lan vlan-list 1Cat6509#(config)#analysis module 3 data-port 1 capture allowed-vlan 1Cat6509#(config)#analysis module 3 data-port 1 captureCat6509#(config)#exitManaging NetFlow Devices
Before you can monitor NetFlow data, you must add the NetFlow devices to be monitored. The remote NDE device must also be configured to export NDE packets to the NAM. For more information on configuring NetFlow on devices, see the "Configuring NetFlow on Devices" section or your accompanying device documentation. The following topics help you set up and manage the devices used for NetFlow monitoring:
Creating Devices
Once you create a NetFlow device, NetFlow data sources are automatically created for that device. You can use the Listening Mode to verify that NDE packets are active on these data sources. For more information on using the Listening Mode, see the "Using the Listening Mode" section.
To create a device:
Step 1
The Active SPAN Sessions table displays.
Note
Step 2
The NetFlow Devices table displays.
Step 3
The New Device dialog box appears.
Step 4
•
•
•
Editing Devices
Note
To edit a device:
Step 1
Step 2
The Active SPAN Sessions table displays.
Step 3
The NetFlow Devices table displays.
Step 4
The Edit Device window appears.
Step 5
•
•
•
Deleting Devices
To delete a device:
Step 1
The Active SPAN Sessions table displays.
Step 2
The NetFlow Devices table displays.
Step 3
Note
Testing Devices
You can test the SNMP community strings for the devices in the Devices table. To test a device, select it from the Devices table, then click Test. The Device System Information Dialog Box (Table 3-14) displays.
If the device is sending NetFlow Version 9 (V9) and the NAM has received the NDE templates, then a V9 Templates button appears below the Device System Information window.
Note
To view the NetFlow V9 templates, click the V9 Templates button. For more information, see Table 3-17 in Using the Listening Mode.
Creating Custom Data Sources
A NetFlow data sources are automatically learned when you create a device in the Devices section. For more information on creating NetFlow devices, see the "Creating Devices" section. This option allows you to create custom data sources on NetFlow devices with specific interface information.
To create a custom data source:
Step 1
Step 2
The NetFlow Data Sources table displays.
Step 3
The following table shows the wizard used to create or edit a NetFlow data source.
Selecting a NetFlow Device
To select a NetFlow device:
Step 1
Step 2
Step 3
Selecting the Interfaces
To select an interface:
Step 1
Step 2
Tip
If no interfaces are listed, manually enter them in the Interface Index text box.
Step 3
The selected interfaces are displayed in the Selected Interfaces section.
•
•
Step 4
Special (0) Interface
NDE packets sometimes have NetFlow records reporting either (or both) input if-index and output if-index fields as being 0. This could be a result of one or more of the following reasons:
•
•
•
For more information, see the accompanying documentation for your NetFlow device.
Verifying NetFlow Data Source Information
To verify NetFlow data source information:
Step 1
Step 2
•
•
Editing a Custom Data Source
To edit a custom data source:
Step 1
Step 2
The NetFlow Data Sources table displays.
Step 3
The wizard used to edit NetFlow data sources displays.
Step 4
•
•
Deleting a Custom Data Source
To delete a data source, select it from the NetFlow Data Source table, then click Delete.
Note
Using the Listening Mode
The Listening Mode of the NAM allows you to view the IP addresses of devices sending NDE packets to the NAM, the number of NDE packets, and time that the last NDE packet was received. The NetFlow Listening Mode table only lists devices that the NAM currently receives NDE packets from.
To use listening mode:
Step 1
Step 2
The NetFlow Listening Mode Table (Table 3-15) displays.
Step 3
Step 4
Note
Viewing Details from the NetFlow Listening Mode Table
Select the device from the table, then click Details.
The Device Details Window (Table 3-16) displays.
If the device is sending NetFlow Version 9 (V9) and the NAM has received the NDE templates, then a V9 Templates button appears below the Device Details window. For more information, see:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_feature_guide09186a00801b0696.html
Note
To view the NetFlow V9 templates, click the V9 Templates button.
The V9 Templates Window (Figure 3-5) displays (see example below).
Figure 3-5 V9 Templates Window
The V9 Templates Table (Table 3-17) describes the template data.
Table 3-17 V9 Templates Table
Type
Type of template data.
Length (Bytes)
Length of template data in bytes.
Adding a Device To Monitor
To add a device to monitor:
Step 1
The New Device Window displays.
Step 2
The new device is added to the NetFlow Devices table.
Testing the Router Community Strings
For NM-NAM and NME-NAM devices only
Before the router can send information to the NAM using SNMP, the router community strings set in the NAM Traffic Analyzer must match the community strings set on the actual router. The Router Parameters dialog box displays the router name, hardware, Supervisor engine software version, system uptime, location, and contact information.
The local router IP address and the SNMP community string must be configured so that the NAM can communicate with the local router.
To set the community strings on the router, use the router CLI. For information on using the CLI, see the documentation that accompanied your device.
Caution
To test router community strings:
Step 1
The Router Parameters dialog box displays.
Step 2
The Router Community String Test dialog box displays.
Setting Up an Interface
Note
Before you can view traffic statistics and the TopN traffic for applications, hosts, and conversations, you must first set up the interfaces.
Click in the check box to enable Netflow NDE on the selected interface and all of its sub-interfaces. A NAM NDE datasource will be created for each enabled sub-interface, and hosts, conversations and application NDE data sources will also be created. This action populates the Monitor > Router detail window with the hosts, conversations and application statistics.
In the case of parent interfaces with sub-interfaces, only the leaf child will be enabled. For example, ATM2/0.1-atm-subif has child ATM2/0.1-aal5-layer. Only the aal5-layer will be enabled. NDE will only be seen on this child interface.
Note
To keep the detail screen consistent with data, we recommend that you set the Router Netflow Active Timeout to the same polling interval as the NAM. Go to the Setup > Datasources > Interfaces window or the Setup > Router Parameters window.
To set up interfaces to enable you to view traffic statistics:
Step 1
NAM 3.6 supports up to 1,500 datasources.
Step 2
The Interfaces window displays.
Router interfaces and SNMP Read/Write Community strings must also be configured. See Router Parameters for more information.
Step 3
MPLS Data Sources
When data packets containing MPLS labels are spanned to the NAM, the traffic can be monitored by the tag inside the data packets. This feature is especially useful in a network that deploys MPLS/VPN where traffic from each VPN can be uniquely identified by a combination of MPLS labels. When the NAM encounters stacked MPLS labels, only the relevant inner-most label (the bottom tag in the label stack) is used for monitoring.
To enable RMON monitoring for MPLS, you must first configure an MPLS data source. To enable MPLS traffic monitoring, you must create a form of virtual interface that can be tied to a particular MPLS tag. After setting up the custom MPLS data source, you can enable monitoring of the following:
•
•
•
This section contains the following topics:
•
•
•
•
•
•
•
Automatic Discovery of MPLS VPN Labels
In an MPLS VPN environment, the NAM can monitor traffic using either VPN routing/forwarding (VRF) table name or virtual circuit (VC) ID configured at the switch. This higher level of abstraction hides the underlying label associations.
The VRF and VC information can only be obtained from the switch CLI. This requires you to provide the switch login credentials, username and password, and whether to access the switch CLI through telnet or ssh. Enable mode password is not required.
After the VRF, VC, and the associated labels are discovered, you can reference the VRF or VC using either the VRF name or VC ID directly without any knowledge of the underlying labels using the NAM monitoring functions.
The labels associated with each VRF or VC are allocated dynamically by the switch. As a result, the labels will not be persistent when the switch is rebooted or a supervisor switch-over occurred. The NAM will have to re-discover VRF and VC information from the switch under these situations. A manual refresh feature is also provided for on-demand refresh.
Setting Up Layer 3 VRF Data Sources
To set up layer 3 VPN routing/forwarding (VRF) table (L3 VRF) data sources:
Step 1
The Active SPAN Sessions table displays.
Step 2
The MPLS VRF Data Source Configuration window displays shown in Figure 3-6.
Figure 3-6 MPLS VRF Data Source Configuration Window
Step 3
If the list is still empty after clicking Import from Router, the NAM failed to automatically import VRF configuration from the router. In this case, perform Step 4. If the VRF information is available, proceed to Step 5.
If the NAM failed to automatically import VRF configuration from the router, click Import Log. The MPLS Import log contains information that might help you diagnose the problem in the connection. See Importing Log, for more information about the Import Log.
Step 4
After clicking Import from File, the Import VRF/VC Configuration window displays enabling you to specify the location from which to import the VRF/VC configuration file. The VRF/VC configuration file might be on your local machine or at a remote URL.
See Creating a VRF/VC Configuration File, for information about how to create the text VRF/VC configuration file.
Step 5
Creating or deleting a NAM data source does not affect the switch configuration.
Setting Up Layer 2 Virtual Circuit Data Sources
To set up layer 2 (L2) virtual circuit data sources:
Step 1
The Active SPAN Sessions table displays.
Step 2
The MPLS Virtual Circuit Data Source Configuration window displays shown in Figure 3-7.
Figure 3-7 MPLS Virtual Circuit Data Source Configuration Window
Step 3
If the list is still empty after clicking Import from Router, the NAM failed to automatically import VC configuration from the router. In this case, perform Step 4. If the VRF information is available, proceed to Step 5.
If the NAM failed to automatically import VC configuration from the router, click Import Log. The MPLS Import log contains information that might help you diagnose the problem in the connection. See Importing Log, for more information about the Import Log.
Step 4
After clicking Import from File, the Import VRF/VC Configuration window displays enabling you to specify the location from which to import the VRF/VC configuration file. The VRF/VC configuration file might be on your local machine or at a remote URL.
See Creating a VRF/VC Configuration File, for information about how to create the text VRF/VC configuration file.
Step 5
Creating or deleting a NAM data source does not affect the switch configuration.
Setting Up MPLS Label Data Sources
To set up MPLS Label data sources:
Step 1
The Active SPAN Sessions table displays.
Step 2
The MPLS Label Data Source Configuration window displays shown in Figure 3-8.
Figure 3-8 MPLS Label Data Source Configuration Window
Step 3
A dialog box asks you to select a VRF or VC first.
Step 4
The Create MPLS Custom Datasource window displays as shown in Figure 3-9.
Figure 3-9 Create MPLS Custom Datasource Window
Step 5
The tag number must match the value in the packets, as only those will be represented in the data-source. You need to know the tag number from the router configuration. The NAM will assign a name based on the MPLS tag number you provide.
Step 6
You can use the name field to identify the MPLS tag value, the VRF tunnel name, or something else (such as VPN-San_Jose-RTP).
Step 7
Creating a VRF/VC Configuration File
The VRF/VC configuration file contains text information about the VRFs and VCs configured at the router. Each configuration line contains four fields separated by a space. Table 3-18 describes the format of a configuration line.
The following is an example of the VRF/VC configuration file:
# MPLS configuration file# Autogenerated at 2006-04-26 19:43VRF customer_A 114 0VRF customer_B 600 204/500,204/308VC 201 111 204/309VC 202 120 204/310VC 203 121 204/311VC 204 122 204/312VC 205 123 204/313VC 206 124 204/314VC 207 125 204/315VC 208 126 204/319VC 209 127 204/317VC 210 128 204/318Importing a VRF/VC Configuration File
If you have a text file that contains the known VRF/VC configuration, you can import the configuration by clicking Import from File. You might have created this file by using the Export to File button. Figure 3-10 shows the Importing VRF/VC Configuration File window.
Click Browse to locate the configuration file you want to import, or enter the URL of a remote file, then click Import.
Figure 3-10 Importing VRF/VC Configuration File Window
Exporting a VRF/VC Configuration File
After you have the desired MPLS configuration on the NAM, you can export the configuration to a file to serve as a backup. Creating a backup file enables you reload the configuration if the configuration is lost or if you want to revert to an earlier configuration. Click Export to File to export your MPLS VRF/VC datasource configuration.
Importing Log
After you import the VRF/VC data source configuration from the router or VRF/VC datasource configuration file, you can view the log of the MPLS import by clicking Import Log. The MPLS Import log contains a listing of occurrences in the connection and can be useful in troubleshooting. The log might show an invalid user name or password, no connection to the switch, command-line parsing errors, or other problems that might have occurred. An MPLS import log should contain the message: VRF/VC update successful.
Setting Up Monitoring
Before you can monitor data, you must set up the data collections in the Monitor option of the Setup tab. For information on data collections, see the "Overview of Data Collection and Data Sources" section on page 4-2. There are options to set up the following:
•
•
•
•
Monitoring Core Data
You can enable or disable individual core data collections on each available data source. The following core collections are available:
•
•
•
•
•
•
•
•
•
•
•
Note
Note
Note
To set up core monitoring functions:
Step 1
The Core Monitoring Functions Dialog Box (Figure 3-11) displays.
Figure 3-11 Core Monitoring Functions Dialog Box
Step 2
To turn on core monitoring for the router, select Router from the Data Source drop-down menu. For routers, the following Data Sources are available:
•
•
•
•
To turn on core monitoring data for the switch, select Supervisor from the drop-down menu. For switches, the following Data Sources are available:
•
•
•
•
•
You can enter a partial name of a data source and click Filter to find data sources that match. Click Clear to return to the entire list of data sources.
Step 3
•
•
•
•
•
•
•
•
•
Step 4
Step 5
Enabling Mini-RMON Collection
Note
Enabling Mini-RMON on the switch Supervisor allows you to monitor port statistics data from each switch port. You must enable Mini-RMON in privileged mode from the CLI. To enable Mini-RMON, do one of the following:
For Switches Running Catalyst OS
Enter the set snmp rmon enable command.
For Switches Running Cisco IOS Software
You must enable Mini-RMON on each individual interface.
Enter the following commands:
Supervisor name(config) #interface interface-nameSupervisor name(config-if) #rmon collection stats collection-control-index owner monitorSupervisor name(config-if) #endwhere:
•
•
been used.Monitoring Voice Data
When you enable monitoring for voice data, the results are exclusively available through the NAM Traffic Analyzer. You can use the Monitor tab to view the collected voice data. For more information on viewing the voice data, see the "Viewing Collected URLs" section on page 4-19.
The voice monitoring option is on by default, however to monitor voice data, you must enable voice monitoring in the NAM Traffic Analyzer application.
Note
To set up voice monitoring:
Step 1
The Core Monitoring Functions table displays.
Step 2
The Voice Monitor Setup Window(Table 3-19) displays.
Step 3
Note
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.htmlStep 4
Monitoring RTP Stream Traffic
The NAM enables you to identify and monitor all RTP stream traffic among all SPANed traffic without having to know the signalling traffic used in negotiating the RTP channels. When RTP Stream Monitoring is enabled, the NAM identifies all RTP streams among the SPANed traffic, monitors the identified RTP traffic, and sends syslog alarm messages for those RTP streams that violate the packet loss thresholds.
By default, the NAM can monitor up to 30 concurrent RTP streams, but you can set up the NAM to monitor from 1 to 100 streams. See Setting Up RTP Stream Thresholds for more information about how to set up NAM RTP Stream packet loss thresholds for the following:
•
The valid threshold value is 1 to 10 inclusive. Each RTP packet has an RTP header that contains a sequence number. The sequence number is incremented by one for each RTP packet received in the same RTP stream. A gap in the sequence numbers identifies a packet loss. If the gap in sequence numbers jump is more than the threshold, the NAM raises an alarm condition.
•
This value is accumulative per-million packet loss rate from 1 to 100 inclusive. Every time NAM detects a packet loss (sequence gap) event, the NAM calculates the per-million packet loss rate. If the computed per-million packet loss rate crosses this threshold, the NAM raises an alarm condition.
You can set up these thresholds at Setup > Alarms > NAM RTP Stream Thresholds.
You can define filter entries to narrow down to the subset of RTP streams so the NAM monitors only those RTP streams matching the filter criteria. For example, a filter to set up the NAM to monitor RTP streams from the subnet 209.165.201.0 to host 1.1.1.1 would be:
source = 209.165.201.0source mask = 255.255.255.0destination = 1.1.1.1destination mask = 255.255.255.255To set up RTP Stream monitoring:
Step 1
The Core Monitoring Functions table displays.
Step 2
The RTP Stream Setup window displays with two distinct areas.
Step 3
The New Filter dialog box appears with fields for you to enter IP address and mask for both the source and destination of the RTP stream.
Step 4
Click Reset to clear all fields of the New Filter dialog box.
Step 5
You can set the Maximum Source of Destination Entries to a value from 1 -100.
Step 6
Clicking Reset clears the Monitoring Enabled check box and resets the Maximum Source of Destination Entries to the default value (30).
Monitoring Response Time Data
You can monitor response time to collect the response time between a client and a server. You can enable or disable response time monitoring on individual collection data sources. When you enable response time monitoring, the application supplies the default collection parameters.
The response time monitoring option is on by default; however to monitor response time data, you must enable response time monitoring in the NAM Traffic Analyzer application.
These topics help you set up and manage response time monitoring:
•
•
•
Creating Response Time Data Collections
To set up Response Time data collections:
Step 1
The Core Monitoring Functions table displays.
Step 2
The Response Time Monitoring Setup table displays.
Step 3
The Response Time Monitoring Setup, Collection Configuration Dialog Box (Table 3-20) displays.
Step 4
Step 5
Editing Response Time Data Collections
To edit Response Time data collections:
Step 1
The Core Monitoring Functions table displays.
Step 2
The Response Time Monitoring Setup table displays.
You can enter a partial name of a data source and click Filter to find data sources that match. Click Clear to return to the entire list of data sources.
Step 3
The Response Time Monitoring Setup, Collection Configuration Dialog Box (Table 3-20) displays.
Step 4
Deleting Response Time Data Collections
To delete one or more response time data collections, simply select the data collections from the Response Time Monitoring Setup table, then click Delete.
Monitoring DiffServ Data
Differentiated services monitoring (DSMON or DiffServ) is designed to monitor the network traffic usage of differentiated services code point (DSCP) values.
To monitor DiffServ data, you must configure at least one aggregation profile and one or more aggregation groups associated with each profile. For more information on configuring an aggregation profile, see the "Creating a DiffServ Profile" section.
To set up monitoring of differentiated services:
Step 1
The Core Monitoring Functions table displays.
Step 2
The DiffServ Monitor Setup Dialog Box (Table 3-21) displays.
You can enter a partial name of a data source and click Filter to find data sources that match. Click Clear to return to the entire list of data sources.
Step 3
Step 4
Setting Up the DiffServ Profile
A DiffServ profile is a set of aggregation groups that can be monitored as a whole. After you create the proper profile(s), you can enable DiffServ collection. For more information on setting up DiffServ collections, see the "Monitoring DiffServ Data" section.
These topics help you set up and manage the DiffServ profile:
Creating a DiffServ Profile
To create a DiffServ profile:
Step 1
The Core Monitoring Functions table displays.
Step 2
The DiffServ Monitor Profile Dialog Box displays.
Step 3
The DiffServ Profile Setup Dialog Box (Table 3-22) displays.
Step 4
Step 5
Editing a DiffServ Profile
To edit a DiffServ profile:
Step 1
The Core Monitoring Functions table displays.
Step 2
The DiffServ Monitor Profile Table displays.
Step 3
The DiffServ Profile Setup Dialog Box (Table 3-22) displays.
Step 4
Deleting a DiffServ Profile
To delete one or more DiffServ profiles, simply select the profiles from the DiffServ Monitor Profile table, then click Delete.
Monitoring URL Collection Data
The URL collection listens to HTTP traffic (TCP port 80) on a selected datasource and collects URLs. Only one collection on a single datasource can be enabled at a time.
A URL, for example: http://host.domain.com/intro?id=123, consists of a host part (host.domain.com), a path part (intro), and an arguments part (?id=123).
The collection can be configured to collect all parts or it can configured to collect only some of the parts and ignore others.
This section contains the following sections:
Enabling a URL Collection
To enable a URL collection:
Step 1
The Core Monitoring Functions table displays.
Step 2
The URL Collection Configuration Dialog Box (Figure 3-12) displays.
Figure 3-12 URL Collection Configuration Dialog Box
Step 3
Step 4
You can enter a partial name of a data source and click Filter to find data sources that match. Click Clear to return to the entire list of data sources.
Note
:
Step 5
Step 6
•
•
•
•
•
Step 7
Changing a URL Collection
To change a URL collection:
Step 1
Step 2
The URL Collection Configuration Dialog Box (Figure 3-13) displays.
Figure 3-13 URL Collection Configuration Dialog Box
Step 3
Note
Step 4
Disabling a URL Collection
To disable a URL collection:
Step 1
Step 2
Step 3
Step 4
Setting Up the Protocol Directory
The NAM contains a default set of protocols to be monitored. You can edit and delete protocols from the RMON2 protocol directory table on the NAM.
These topics help you manage the protocol directory:
•
•
•
Individual Applications
The Protocol Directory window (Figure 3-14) lists protocols that have been set up for this NAM. Use this window to view, add proprietary protocols, and to edit the settings for well-known protocols.
Figure 3-14 Protocol Directory Table
This section provides the following sections:
Creating a New Protocol
We recommend that users do not make changes to the protocol directory from this screen. The NAM is designed to function with default protocols. Also, modifications that SNMP management applications sometimes make to the protocol directory might conflict with customizations made on this screen.
To create a new protocol:
Step 1
The Protocol Directory Table (Figure 3-14) displays.
Step 2
The Create New Protocol window (Figure 3-15) displays.
Figure 3-15 New Protocol Parameters Window
Step 3
The New Protocol Parameters window (Figure 3-16) displays. This window varies depending on the protocol type you select.
Figure 3-16 New Protocol Parameters Window
Step 4
Step 5
Tip
Editing a Protocol
We recommend that you do not change any settings in the NAM protocol directory. Changing the default settings might cause unexpected behavior in SNMP-based management applications such as NetScout nGenius Real-Time Monitor. However, advanced users might want to monitor proprietary protocols or alter the normal settings for well-known protocols.
To edit a protocol:
Step 1
The Protocol Directory table displays.
Step 2
The Edit Protocol Dialog Box(Table 3-25) displays.
Step 3
Step 4
•
•
•
Tip
•
Deleting a Protocol
To delete a protocol, simply select it from the Protocol Directory table, then click Delete.
Tip
Setting Up Application Groups
An application group is a set of application protocols that can be monitored as a whole. The following topics help you set up and manage the application group:
•
•
Creating an Application Group
To create an application group:
Step 1
The Protocol Directory table displays.
Step 2
Step 3
The New Application Group Dialog Box (Table 3-26) displays.
Step 4
Step 5
Step 6
Editing an Application Group
To edit an application group:
Step 1
The Individual Applications window displays.
Step 2
The Application Groups window displays.
Step 3
The Application Groups Edit window displays.
Step 4
Deleting an Application Group
To delete one or more application groups, simply select the profiles from the Application Groups table, then click Delete.
Setting Up Autolearned Protocols
The Autolearned Protocols Preferences window allows you to configure the NAM to automatically learn application information. You can set the following preferences:
•
•
•
•
•
To set up Autolearned Protocol preferences:
Step 1
Step 2
The Autolearned Protocols Preferences Dialog Box (Figure 3-17) displays.
Figure 3-17 Autolearned Protocols Preferences Dialog Box
Step 3
Step 4
Setting Up URL-based Applications
URL-based applications are extensions to the protocol directory. When the URL in an HTTP request (a URL on TCP port 80) matches the criteria of a URL-based application, the traffic is classified as that protocol.
A URL-based application can be used the same way as any other protocol in the protocol directory. For example, a URL-based application can be used in collections, captures, and reports.
An incoming URL is matched against the criteria of the configured URL-based application, in the order of the index, until a match is found. When a match is found, the remaining URL-based applications are not considered.
This section contains the following sections:
•
•
•
Creating a URL-based Application
A URL consists of the following parts:
•
•
•
For example, in the URL http://host.domain.com/intro?id=123:
•
•
•
In the configuration of an URL-based application, the path part and the argument path are combined and called the path part.
Note
Note
To set up URL-based applications:
Step 1
Step 2
The URL Matches Dialog Box (Figure 3-18) displays.
Figure 3-18 URL Matches Dialog Box
Step 3
The Create URL Match Entry Dialog Box (Figure 3-19) displays.
Figure 3-19 Create URL Match Entry Dialog Box
Step 4
RFC 2895 specifies rules for creating a protocol name. In accordance with these rules, only the following characters are allowed:
•
•
•
•
•
•
•
Note
Step 5
Editing a URL-based Application
To edit URL-based applications:
Step 1
Step 2
The URL Matches Dialog Box (Figure 3-20) displays.
Figure 3-20 URL Matches Dialog Box
Step 3
The Edit URL Match Entry Dialog Box (Figure 3-21) displays.
Note
Figure 3-21 Edit URL Match Entry Dialog Box
Change the information as described in the URL Match Entry Dialog Box (Table 3-28).
Step 4
Deleting a URL-based Application
To delete a URL-based application:
Step 1
Step 2
The URL Matches Dialog Box (Figure 3-22) displays.
Figure 3-22 URL Matches Dialog Box
Step 3
Setting Alarm Thresholds
You can set up alarm thresholds on the NAM by defining threshold conditions for the following monitored variables on the NAM:
•
•
•
•
•
•
•
•
•
•
Note
These topics help you set up and manage alarm threshold settings:
•
•
Setting NAM MIB Thresholds
NAM MIB thresholds are values you set that trigger alarms. Thresholds can be set on network hosts, MAC-layer hosts, network conversations, and MAC-layer conversations.
Note
Selecting NAM MIB Variables
To select NAM MIB variables:
Step 1
Step 2
Step 3
Step 4
Selecting NAM MIB Parameters
To select NAM MIB parameters:
Step 1
Step 2
The New Alarm Dialog Box (Table 3-29) displays.
Step 3
Step 4
Viewing Alarm Details from the NAM MIB Thresholds Table
To view details of a specific alarm from the NAM MIB Thresholds table, select the radio button, then click Details. The Alarms Details Table(Table 3-30) displays.
Table 3-30 Alarm Details Table
Variable
Monitored variable.
Data Source
Data source being monitored.
Address
Destination and source address of the hose.
Interval (seconds)
Interval of the sampling period.
Description
Description of the alarm.
Sample Type
Sample type of the alarm—absolute or delta.
Rising Threshold
The number of rising packets or octets that triggers the alarm.
Falling Threshold
The number of falling packets or octets that triggers the alarm.
Alarm Action
Action to be taken when the alarm is triggered.
Community
SNMP community where traps are sent.
Trigger Set
None, Start or Stop. Start indicates a capture process would start when this alarm is triggered. Stop means a capture process would stop when this alarm is triggered. None means no capture trigger is set for this alarm.
See Working with Automatic Capture (Alarm-Triggered Capture) for information about how to use the alarm-triggered capture feature.
Editing a NAM MIB Threshold
To edit a NAM MIB threshold:
Step 1
The Thresholds table displays.
Step 2
The Edit Alarm dialog box displays.
Step 3
Step 4
Deleting a NAM MIB Threshold
To delete a NAM MIB threshold, simply select it from the Alarms table, then
click Delete.Setting Voice Thresholds
Voice threshold events can be logged locally on the NAM or sent to remote syslog hosts. For information on setting up syslogs, see the "Setting Up the NAM Syslog" section.
To set voice thresholds:
Step 1
The NAM MIB Thresholds table displays.
Step 2
The Voice Alarms Dialog Box(Table 3-31) displays.
Step 3
Step 4
Setting Up RTP Stream Thresholds
You can set up the NAM to monitor RTP streams to display packet loss statistics based on the RTP sequence number. When you set up the RTP stream thresholds and enable alarms, an EMail alarm message is sent to those configured under Admin > System > EMail Configuration. See E-Mail Configuration for information about how to configure EMail.
Step 1
The NAM MIB Thresholds table displays.
Step 2
The NAM RTP Steam Thresholds window displays. Table 3-32 describes the fields of the NAM RTP Steam Thresholds window.
Step 3
Step 4
Step 5
Setting Up the NAM Syslog
NAM syslogs are created for MIB threshold events, voice threshold events, or system alerts. The NAM maintains two syslog files, one for logging RMON threshold events (for MIB and voice threshold events) and one for logging local NAM system alerts.
You can specify whether syslog messages should be logged locally on the NAM, on a remote host, or both. You can use the NAM Traffic Analyzer to view the local NAM syslogs.
For information on viewing the syslogs, see "Viewing Alarms." You can use a standard text editor to view syslogs on remote hosts.
To set up the NAM syslog:
Step 1
The NAM MIB Thresholds table displays.
Step 2
The NAM Alarms Syslog Dialog Box (Table 3-33) displays.
Step 3
Step 4
Setting Switch Thresholds
Note
You can configure RMON thresholds in the switch Mini-RMON MIB. You can specify only variables from the etherStatsTable in the Mini-RMON MIB to monitor for threshold-crossing conditions.
These topics help you set up and manage switch thresholds:
Creating Switch Thresholds
Note
To create switch thresholds:
Step 1
The Thresholds table displays.
Step 2
The Switch Threshold Alarms dialog box displays.
Step 3
The New Switch Alarm Dialog Box (Table 3-34) displays.
Step 4
Note
Editing Switch Thresholds
Note
To edit switch thresholds:
Step 1
The Thresholds table displays.
Step 2
The Switch Threshold Alarms dialog box displays.
Step 3
The Edit Alarm dialog box displays.
Step 4
Deleting Switch Thresholds
Note
To delete an existing switch threshold alarm, simply select it from the Switch Threshold Alarms table, then click Delete.
Setting NAM Trap Destinations
Traps are used to store alarms triggered by threshold crossing events. When an alarm is triggered, you can trap the event and send it to a separate host.
These topics help you set up and manage NAM traps:
•
•
•
Creating a NAM Trap Destination
To create a NAM trap destination:
Step 1
The NAM MIB Thresholds table displays.
Step 2
The Traps dialog box displays.
Step 3
The Create Trap Dialog Box (Table 3-35) displays.
Step 4
Step 5
Editing a NAM Trap Destination
To edit a NAM trap destination:
Step 1
The Thresholds table displays
Step 2
The Traps dialog box displays.
Step 3
The Edit Trap dialog box displays.
Step 4
Step 5
Deleting a NAM Trap Destination
To delete an existing trap, simply select it from the Traps table, then click Delete.
Setting NAM Alarm Mail
Note
You can configure the NAM to send email to one or more addresses in the case of a NAM alarm. To configure EMail alarms:
Step 1
Step 2
The Alarm Mail Configuration dialog box displays.
Step 3
Use an EMail address such as jdoe@cisco.com. Use a space to separate multiple EMail addresses.
Setting Global Preferences
Global preferences settings apply to all users of the NAM and determine how data displays are formatted. To set up global preferences.
Step 1
The Preferences Dialog Box (Figure 3-23) displays.
Figure 3-23 Preferences Dialog Box
Step 2
Table 3-36 Preferences Dialog Box
Entries Per Screen
The number of rows to display in tabular screens.
Enter a number from 1 to 100. The default is 15.
Refresh Interval
The number of seconds between monitor display refreshes.
Enter a number from 15 to 3600. The default is 60.
Number Graph Bars
The number of graph bars to display in TopN displays and charts.
Enter a number from 1 to 15. The default is 10.
Perform IP Host Name Resolution
Display DNS names, if available.
Select to enable or deselect to disable. Enabled by default.
Note
Data Displayed in
Option to display data in bits or bytes.
Select Bytes or Bits. Default is bytes.
Format Large Numbers
Display large integer values in appropriate units with prefixes such as Kilo (K), Mega (M), Giga (G) and Tera (T.)
Check box to format large numbers. If this box is unchecked, large numbers are not formatted. The default is unchecked.
International Notation
You have the option to print numbers in the following format:
1,025.72
1.025,72
1 025,72
Default is 1,025.72
CSV Export Monitor Entries
Provides the option to CSVexport all entries in a particular monitor table or just the current entries displayed on a particular window.
Default is Current Window Only.
Audit Trail
Check box to enable or disable the audit trail.
Enables the recording of critical user activities to an internal log file. By default, the audit trail is enabled.
See also:
•
•
ESP-Null Heuristic
Enables NAM to detect ESP-null encryption and parse content as described in Internet RFC 2410.
Enabling ESP-Null Heuristic forces the NAM to check all packets with an ESP header to see if it could be using Null encryption. The ESP-Null Heuristic feature adds processing overhead, so it is disabled by default.
Step 3
