Catalyst 5000 Family Software Configuration Guide (6.3 and 6.4) - Configuring the Network Analysis Module [Cisco Catalyst 5000 Series Switches]

Table Of Contents

Configuring the Network Analysis Module

Understanding How the Network Analysis Module Works

Default Network Analysis Module Configuration

Configuring the Network Analysis Module from the NMS

Configuring the Network Analysis Module from the CLI

Using SPAN as a Traffic Source

Using NetFlow Data Export as a Traffic Source

Enabling the VLAN Monitor Option

Enabling the VLAN Agents Option

Additional Network Analysis Module Commands

Configuring the Network Analysis Module

This chapter describes how to configure the Catalyst 5000 family Network Analysis Module.

Note For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 5000 Family Command Reference.

This chapter consists of these sections:

•Understanding How the Network Analysis Module Works

•Default Network Analysis Module Configuration

•Configuring the Network Analysis Module from the NMS

•Configuring the Network Analysis Module from the CLI

•Additional Network Analysis Module Commands

Note These sections describe the Network Analysis Module configuration that can be done from the CLI of a Catalyst 5000 family switch. See the CiscoWorks2000 documentation for procedures required on the Network Management System (NMS).

Understanding How the Network Analysis Module Works

For Ethernet VLANs, the Network Analysis Module extends the RMON support provided by the supervisor engine software with the following (see the "Supported RMON and RMON2 MIB Objects" section on page 26-3 for details):

•RMON groups defined in RFC 1757

–Hosts (RMON group 4)

–HostTopN (RMON group 5)

–Matrix (RMON group 6)

–Filter (RMON group 7)

–Capture (RMON group 8)

•RMON2 groups defined in RFC 2021

–ProtocolDirectory (RMON2 group 11)

–ProtocolDistribution (RMON2 group 12)

–AddressMap (RMON2 group 13)

–NlHost (RMON2 group 14)

–NlMatrix (RMON2 group 15)

–AlHost (RMON2 group 16)

–AlMatrix (RMON2 group 17)

The Network Analysis Module can analyze Ethernet VLAN traffic from either or both:

•The Switched Port Analyzer (SPAN) source port (For more information about SPAN, see Chapter 27, "Configuring SPAN.")

•NetFlow Data Export (NDE) (For more information about NDE, refer to the Layer 3 Switching Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926 Series, and 2980G Switches.)

Note When monitoring a VLAN, a Fast Ethernet port, or more than two Ethernet ports, use a Supervisor Engine III in the system to ensure the most reliable SNMP access to the Network Analysis Module under heavy traffic conditions.

The Network Analysis Module is managed and controlled from an SNMP management application, such as CiscoWorks2000 (see the "Using CiscoWorks2000" section on page 25-13).

Default Network Analysis Module Configuration

Table 28-1 describes the Network Analysis Module default configuration.

Table 28-1 Network Analysis Module Default Configuration

Feature

Default Setting

SPAN (supervisor engine feature)

Disabled

NetFlow Data Export
(NFFC/NFFC II feature)

Disabled

Extended RMON

Enabled

Extended RMON Netflow
(NetFlow Monitor option)

Disabled

Extended RMON Vlanmode
(VLAN Monitor option)

Disabled

Extended RMON Vlanagent
(VLAN Agent option)

Disabled

Configuring the Network Analysis Module from the NMS

To configure the Network Analysis Module from the NMS, refer to the NMS documentation (see the "Using CiscoWorks2000" section on page 25-13). RMON domain configuration can be done only through SNMP from the NMS.

Configuring the Network Analysis Module from the CLI

These sections describe how to use the CLI to configure the Network Analysis Module:

•Using SPAN as a Traffic Source

•Using NetFlow Data Export as a Traffic Source

•Enabling the VLAN Monitor Option

•Enabling the VLAN Agents Option

Using SPAN as a Traffic Source

To use the SPAN source port as a traffic source for the Network Analysis Module, set the Network Analysis Module as the SPAN destination port.

The Network Analysis Module can analyze Ethernet VLAN traffic from Ethernet or Fast Ethernet SPAN source ports, or you can specify an Ethernet VLAN as the SPAN source. To use the Network Analysis Module VLAN Monitor option, set a trunk port as the SPAN source port (for more information, see the "Enabling the VLAN Monitor Option" section).

Using NetFlow Data Export as a Traffic Source

To use NetFlow Data Export (NDE) as a traffic source for the Network Analysis Module, enable the NetFlow Monitor option to allow the Network Analysis Module to receive the NDE stream from an NFFC or NFCC II installed in the switch. The resultant statistics are provided on reserved ifIndex.3000.

Note For information on configuring NDE, refer to the Layer 3 Switching Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926 Series, and 2980G Switches.

Note If you are using software release 5.4(2) and later, the password is not required. Skip steps 2 through 4 in the following procedure if your system is running a version 5.4(2) or later.

To enable the NetFlow Monitor option, follow these steps:

Step 1 Purchase a NetFlow Monitor option license from your Cisco sales representative, which will have a registration key and URL on it.

Step 2 (Note that steps 2 through 4 are not required if you are using software release 5.4(2) and later.)

Obtain the Media Access Control (MAC) address of your Network Analysis Module by entering this command:
Console> show module mod_num
This example shows how to display the MAC address:
Console> show module 4
Mod Module-Name         Ports Module-Type           Model    Serial-Num Status
--- ------------------- ----- --------------------- --------- --------- -------
4                       1     Network Analysis/RMON WS-X5380  008175475 ok
Mod MAC-Address(es)                        Hw     Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
4   00-e0-14-10-18-00                      0.100  4.1.1      4.3(1)
Note The MAC address in the example is 00-e0-14-10-18-00.

Step 3 Access the URL specified on the NetFlow Monitor option license.

Step 4 Enter the registration key and the MAC address of the Network Analysis Module to generate the password for your Network Analyzer Module.

Step 5 Enter this command in privileged mode to enable the NetFlow Monitor option:
Console> set snmp extendedrmon netflow enable password
This example shows how to enable the NetFlow Monitor option and how to verify that it is enabled:
Console> (enable) set snmp extendedrmon netflow enable password
Snmp extended RMON netflow enabled
Console> (enable) show snmp
RMON:                       Disabled
Extended RMON:              Enabled
Extended RMON Netflow:      Enabled
Extended RMON Vlanmode:     Disabled
Extended RMON Vlanagent:    Disabled
<...output truncated...>
Console> (enable)
Step 6 Enter this command in privileged mode to enable NDE:
Console> set mls nde enable
Note With a Network Analysis Module installed, you do not need to specify an external data collector with a set mls nde collector_ip [udp_port_number] command as described in the Layer 3 Switching Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2926 Series, and 2980G Switches. Ignore messages which indicate that the host and port are not set.

Enabling the VLAN Monitor Option

When the SPAN source is a trunk port and the VLAN Monitor option is enabled, the Network Analysis Module aggregates statistics by VLAN instead of the source MAC address.

To enable the VLAN Monitor option, perform this task in privileged mode:

Task

Command

Enable VLAN Monitor.

set snmp extendedrmon vlanmode enable

This example shows how to enable the VLAN Monitor option and how to verify that it is enabled:
Console> (enable) set snmp extendedrmon vlanmode enable
Snmp extended RMON vlanmode enabled
Console> (enable) show snmp
RMON:                       Disabled
Extended RMON:              Enabled
Extended RMON Netflow:      Disabled
Extended RMON Vlanmode:     Enabled
Extended RMON Vlanagent:    Disabled
<...output truncated...>
Console> (enable)
Enabling the VLAN Agents Option

Note The VLAN Agents option increases the load on the Network Analysis Module and might not be suitable for use on a heavily loaded switch, or when the switch is configured to analyze a high volume of network traffic.

When the VLAN Agents option is enabled, the Network Analysis Module aggregates statistics by VLAN as well as by port.

To enable the VLAN Agents option, perform this task in privileged mode:

Task

Command

Enable VLAN Agents.

set snmp extendedrmon vlanagent enable

This example shows how to enable the VLAN Agents option and how to verify that it is enabled:
Console> (enable) set snmp extendedrmon vlanagent enable
Snmp extended RMON vlanagent enabled
Console> (enable) show snmp
RMON:                       Disabled
Extended RMON:              Enabled
Extended RMON Netflow:      Disabled
Extended RMON Vlanmode:     Disabled
Extended RMON Vlanagent:    Enabled
<...output truncated...>
Console> (enable)
Additional Network Analysis Module Commands

Table 28-2 lists the additional commands supported by the Network Analysis Module, which are described in the Catalyst 5000 Family Command Reference.

Table 28-2 Additional Network Analysis Module Commands

Command

Description

clear config mod_num

Clears the configuration of the specified module.

clear config extendedrmon

Clears the Network Analysis Module RMON configuration from NVRAM.

clear counter mod_num

Clears the MAC and port counters on the specified Network Analysis Module.

clear log mod_num

Deletes all entries in the error log for the specified Network Analysis Module.

set module {enable | disable} mod_num

Enables or disables the module.

set module name mod_num

Sets the name of the module.

set port name mod_num/1

Sets the name of the Network Analysis Module port.

show log mod_num

Displays the error logs for the specified Network Analysis Module.

show module [mod_num]

With a Network Analysis Module installed, displays "Network Analysis/RMON" under "Module-Type."

show mac [mod_num[/1]]

Shows MAC counters.

show port [mod_num[/1]]

Shows port status and counters.

show port capabilities [mod_num[/1]]

Shows module information.

show port ifindex [mod_num[/1]]

Shows the module's SNMP ifindex.

show port status [mod_num[/1]]

Shows port status information.

show port trap [mod_num[/1]]

Shows port trap as disabled (cannot be enabled for the Network Analysis Module).

show snmp

•Displays "Extended RMON: Extended RMON module is not present" when no Network Analysis module is installed.

•Displays "Extended RMON: Enabled" when a Network Analysis Module is installed.

•Displays RMON Multicast, RMON Broadcast, RMON Unicast, and RMON DropEvent information when SPAN is enabled and the Network Analysis Module is the SPAN destination.

show span

Displays RMON Multicast, RMON Broadcast, RMON Unicast, and RMON DropEvent information when SPAN is enabled and the Network Analysis Module is the SPAN destination.

show test [mod_num]

Displays the results of diagnostic tests.

download [mod_num]

Copies a software image from a specified host to the Flash memory of the Network Analysis Module.

reset [mod_num]

Reboots the module.

Note When you enter a download command for a Network Analysis Module, a Telnet session is not disconnected; ignore the message that says the command may disconnect your Telnet session.

Note Any command not listed returns a "not supported" message.