The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco SRE NAM has an internal Gigabit Ethernet interface and an external interface. You can use either interface for Prime NAM management traffic such as the NAM web GUI, telnet or ssh, but not both. You can configure the Prime NAM internal interface to use either IP unnumbered or a routable subnet.
See the following sections for information about how to configure the Cisco SRE NAM internal interfaces for management:
This section describes how to configure the Cisco SRE NAM internal interface for IP unnumbered.
Note | The addresses used for the interface address (Step 4), the NAM-Address (Steps 6 and 9), and the NAM-Default-Gateway-Address (Step 7) must all be in the same subnet. |
1.
enable
2.
configure
terminal
3.
interface
sm
slot/0
4.
ip
unnumbered
<interface>
<number>
5.
no
shutdown
6.
service-module
ip
address
<NAM-Address>
<subnetmask>
7.
service-module
ip
default-gateway
<NAM-Default-Gateway-Address>
8.
exit
9.
ip
route
<NAM-Address>
255.255.255.255
sm
slot/0
10.
end
In this configuration example:
! interface GigabitEthernet0/0 ip address 209.165.200.225 255.255.255.224 duplex auto speed auto analysis-module monitoring ! interface Integrated-Service-Engine2/0 ip unnumbered GigabitEthernet0/0 ip nbar protocol-discovery no keepalive ! ! ip route 209.165.200.226 255.255.255.255 Integrated-Service-Engine2/0 ! !
root@myNAM.company.com# show ip IP address: 209.165.200.226 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.200.255 IP Interface: Internal DNS Name: myNAM.company.com Default Gateway: 209.165.200.225 Nameserver(s): 171.69.2.133 HTTP server: Enabled HTTP secure server: Disabled HTTP port: 80 HTTP secure port: 443 TACACS+ configured: No Telnet: Enabled SSH: Disabled
This section describes how to configure the SM-SRE internal interface for management using a routable subnet method.
1.
enable
2.
configure
terminal
3.
interface
sm
slot/0
4.
ip
address
<router-side-address>
<subnetmask>
5.
no
shutdown
6.
service-module
ip
address
<NAM-Address>
<subnetmask>
7.
service-module
ip
default-gateway
<router-side-address>
8.
end
In this configuration example:
! interface sm2/0 ip address 209.165.200.225 255.255.255.224 ip route 209.165.200.226 255.255.255.255 Integrated-Service-Engine1/0
root@myNAM.company.com# show ip IP address: 209.165.200.226 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.200.255 IP Interface: Internal DNS Name: myNAM.company.com Default Gateway: 209.165.200.225 Nameserver(s): 171.69.2.133 HTTP server: Enabled HTTP secure server: Disabled HTTP port: 80 HTTP secure port: 443 TACACS+ configured: No Telnet: Enabled SSH: Disabled
This section describes how to configure the SM-SRE to use its external interface for Prime NAM management traffic.
1.
enable
2.
configure
terminal
3.
interface
loopback
<loopback-number>
4.
ip
address
<bogus-address>
<subnetmask>
5.
no
shutdown
6.
exit
7.
interface
sm
slot/0
8. ip unnumbered loopback <number>
9. no shutdown
10.
service-module
external
ip
address
<NAM-Address>
<subnetmask>
11.
service-module
ip
default-gateway
<NAM-Default-Gateway-Address>
12.
end
Command or Action | Purpose | |
---|---|---|
Step 1 | enable
|
Enter IOS exec mode. |
Step 2 | configure
terminal
|
Enter IOS configuration from terminal mode. |
Step 3 | interface
loopback
<loopback-number>
Example:
Router (config)# interface loopback 0
Router (config-if)# |
Create a loopback interface 0 on the router. |
Step 4 | ip
address
<bogus-address>
<subnetmask>
Example:
Router(config-if)# ip address 10.1.1.1 255.255.255.0
|
Set a bogus address on the loopback interface. In the example, interface loopback0 is assigned with an address 10.1.1.1/24. |
Step 5 | no
shutdown
|
Enable the loopback interface. |
Step 6 | exit
Example:
Router(config-if)# exit
Router(config)# |
Exit from interface configuration mode to the global configuration mode. |
Step 7 | interface
sm
slot/0
|
Enter the IOS interface configuration mode for the integrated-service-engine interface. |
Step 8 | ip unnumbered
loopback <number>
Example:
Router (config-if)# ip unnumbered loopback 0
|
Borrow the address that was set to the loopback interface in Step 4. |
Step 9 | no shutdown |
Bring up the integrated-service-engine interface. |
Step 10 | service-module
external
ip
address
<NAM-Address>
<subnetmask>
Example:
Router (config-if)# service-module external ip address 209.165.201.2 255.255.255.224
|
Set <NAM-Address> to the Prime NAM External interface. |
Step 11 | service-module
ip
default-gateway
<NAM-Default-Gateway-Address>
Example:
Router (config-if)# service-module ip default-gateway 209.165.201.222
|
Set up the Prime NAM default gateway address. |
Step 12 | end
|
Exit the router configuration mode. |
In this configuration example:
! interface loopback 0 ip address 10.1.1.1 255.255.255.0 ! ! interface sm3/0 ip unnumbered loopback 0 no shutdown !
root@myNAM.company.com# show ip IP address: 209.165.201.2 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.201.223 IP Interface: External DNS Name: myNAM.company.com Default Gateway: 209.165.201.222 Nameserver(s): 171.69.2.133 HTTP server: Enabled HTTP secure server: Disabled HTTP port: 80 HTTP secure port: 443 TACACS+ configured: No Telnet: Enabled SSH: Disabled
If you configured authentication, authorization, and accounting (AAA) on your router, then you might have to log in twice to open a Prime NAM console session from the router: first with your AAA username and password, and second with the Prime NAM login and password.
If you do not want to log in twice to open a Prime NAM console session from the router, then disable AAA login authentication on the router’s Prime NAM console line by performing this procedure.
If your router contains both the SM-SRE and the NM-CIDS, the Cisco intrusion detection system network module, then AAA can be a useful tool for centrally controlling access to both network modules. For information about AAA, see the Cisco IOS Security Configuration Guide for your Cisco IOS release.
1.
enable
2.
configure
terminal
3.
aaa
authentication
login
list-name
none
4.
line
number
5.
login
authentication
list-name
6.
end
7.
show
running-config
Command or Action | Purpose | |
---|---|---|
Step 1 | enable
Example: Router> enable |
Enables privileged EXEC mode. Enter your password if prompted |
Step 2 | configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | aaa
authentication
login
list-name
none
Example: Router(config)# aaa authentication login name none |
Creates a local authentication list. The none keyword specifies no authentication for this list |
Step 4 | line
number
Example: Router(config)# line 33 |
Enters line configuration mode for the line to which you want to apply the authentication list. The number value is determined by the slot number in which the SM-SRE is installed: number = (32 x slot ) + 1 (for Cisco 3700 series) number = ( (32 x slot ) + 1) x 2 (for Cisco 2800 and Cisco 3800 series) |
Step 5 | login
authentication
list-name
Example: Router(config-line)# login authentication name |
Applies the authentication list to the line. Specify the authentication list name that you configured in Step 3. |
Step 6 | end
Example: Router(config-line)# end |
Returns to privileged EXEC mode. |
Step 7 | show
running-config
Example: Router# show running-config |
Displays the contents of the currently running configuration file.
|
This section describes how to configure the Cisco SRE NAM to establish network connectivity and configure IP parameters. This task must be performed from the Prime NAM CLI. For more advanced Prime NAM configuration, use the Prime NAM GUI or see the Network Analysis Module Command Reference for your Prime NAM software release.
Note | You might have already done Steps 1 and 2 if you have configured the SM-SRE for management using eitherConfiguring the Internal Interface for Management—IP Unnumbered or Configuring the External Interface for Management |
Before doing this procedure, access the Prime NAM console. See the Opening a Session.
1. ip interface {internal | external}
2.
ip
address
ip-address
subnet-mask
3.
ip
broadcast
broadcast-address
4.
ip
gateway
ip-address
5.
Do one of the
following:
6.
ip
domain
name
7.
ip
host
name
8.
ip
nameserver
ip-address
[ip-address ][ip-address ]
9. ping {host | ip-address }
10.
show
ip
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | ip
interface {internal |
external}
Example: root@localhost# ip interface internal root@localhost# ip interface external |
Specifies which Prime NAM interface will handle management traffic. | ||
Step 2 | ip
address
ip-address
subnet-mask
Example: root@localhost# ip address 172.20.104.126 255.255.255.248 |
Configures the Prime NAM system IP address. | ||
Step 3 | ip
broadcast
broadcast-address
Example: root@localhost# ip broadcast 10.255.255.255 |
(Optional) Configures the Prime NAM system broadcast address. | ||
Step 4 | ip
gateway
ip-address
Example: root@localhost# ip gateway 172.20.104.125 |
Configures the Prime NAM system default gateway address. | ||
Step 5 | Do one of the
following:
Example: root@localhost# exsession on root@localhost# exsession on ssh |
(Optional) Enables outside logins.
| ||
Step 6 | ip
domain
name
Example: root@localhost# ip domain company.com |
(Optional) Sets the Prime NAM system domain name. | ||
Step 7 | ip
host
name
Example: root@localhost# ip host nam1 |
(Optional) Sets the Prime NAM system hostname. | ||
Step 8 | ip
nameserver
ip-address
[ip-address ][ip-address ]
Example: root@nam1# ip nameserver 209.165.201.1 |
(Optional) Sets one or more Prime NAM system name servers.
| ||
Step 9 | ping {host |
ip-address }
Example: root@nam1# ping 10.20.30.40 |
Checks connectivity to a network device.
| ||
Step 10 | show
ip
Example: root@nam1# show ip |
Displays the Prime NAM IP parameters.
|
This section provides the following examples:
In the following example, the external Prime NAM interface is used for management traffic. The HTTP server and Telnet access are enabled. The resulting Prime NAM CLI prompt is root@nam1.company.com# .
root@nam.domain.name# ip interface external root@nam.domain.name# ip address 172.20.105.215 255.255.255.192 root@nam.domain.name# ip domain company.com root@nam.company.com# ip host myNAM root@myNAM.company.com# ip nameserver 209.165.201.29 root@myNAM.company.com# ip gateway 172.20.105.210 root@myNAM.company.com# exsession on root@myNAM.company.com# ip http server enable Enabling HTTP server... No web users are configured. Please enter a web administrator user name [admin]: New password: Confirm password: User admin added. Successfully enabled HTTP server.
root@myNAM.company.com# ping 172.20.98.129 PING 172.20.98.129 (172.20.98.129) 56(84) bytes of data. 64 bytes from 172.20.98.129: icmp_seq=1 ttl=254 time=1.27 ms 64 bytes from 172.20.98.129: icmp_seq=2 ttl=254 time=1.13 ms 64 bytes from 172.20.98.129: icmp_seq=3 ttl=254 time=1.04 ms 64 bytes from 172.20.98.129: icmp_seq=4 ttl=254 time=1.08 ms 64 bytes from 172.20.98.129: icmp_seq=5 ttl=254 time=1.11 ms --- 172.20.98.129 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4003ms rtt min/avg/max/mdev = 1.043/1.129/1.278/0.090 ms root@myNAM.company.com#
root@nam1.company.com# show ip IP address: 172.20.105.215 Subnet mask: 255.255.255.192 IP Broadcast: 10.255.255.255 IP Interface: External DNS Name: nam1.company.com Default Gateway: 172.20.105.210 Nameserver(s): 209.165.201.29 HTTP server: Enabled HTTP secure server: Disabled HTTP port: 80 HTTP secure port: 443 TACACS+ configured: No Telnet: Enabled SSH: Disabled root@nam1.company.com#
The Cisco SRE NAM gets the UTC (GMT) time from an external NTP server. After the Prime NAM acquires the time, you can set the local time zone using the Prime NAM System Time configuration screen.
Caution | Both the client computer and the Prime NAM server must have the time set accurately for their respective time zones. If either the client or the server time is wrong, then the data shown in the GUI will be wrong. |
To configure the Prime NAM system time with an NTP server:
Step 1 | On the Prime NAM appliance GUI, choose Administration > System > System Time. |
Step 2 | Click the NTP Server radio button. |
Step 3 | Enter one or two NTP server names or IP address in the NTP server name/IP Address text boxes. |
Step 4 | Select the Region and local time zone from the lists. |
Step 5 | Do one of the
following:
|
This section describes how to enable Prime NAM packet monitoring on router interfaces that you want to monitor through the internal Prime NAM interface.
When you enable Prime NAM packet monitoring on an interface, Cisco Express Forwarding sends an extra copy of each IP packet that is received from or sent out on that interface to the Prime NAM through the Integrated-Service-Engine interface on the router and the internal Prime NAM interface.
1.
enable
2.
configure
terminal
3.
ip
cef
4.
Do one of the
following:
5.
analysis-module
monitoring
6. Repeat Step 5 and Step 5 for each interface that you want the Prime NAM to monitor through the internal Prime NAM interface.
7.
end
8.
show
running-config
Command or Action | Purpose | |
---|---|---|
Step 1 | enable
Example: Router> enable |
Enables privileged EXEC mode.
|
Step 2 | configure
terminal
Example: Router# configure terminal |
Enters global configuration mode. |
Step 3 | ip
cef
Example: Router(config)# ip cef |
Enables the Cisco Express Forwarding switching path. |
Step 4 | Do one of the
following:
Example: Router(config)# interface serial 0/0 |
Selects an interface for configuration. |
Step 5 | analysis-module
monitoring
Example: Router(config-if)# analysis-module monitoring |
Enables Prime NAM packet monitoring on the interface. |
Step 6 | Repeat Step 5 and Step 5 for each interface that you want the Prime NAM to monitor through the internal Prime NAM interface. |
— |
Step 7 | end
Example: Router(config-if)# end Router# |
Returns to privileged EXEC mode. |
Step 8 | show
running-config
Example: Router# show running-config |
Displays the contents of the currently running configuration file.
|
This section provides the following example:
In the following example, NAM packet monitoring is enabled on the serial interfaces:
interface Serial 0/0 ip address 172.20.105.213 255.255.255.240 ip route-cache flow speed auto full-duplex analysis-module monitoring no mop enabled ! interface Serial 0/1 ip address 172.20.105.53 255.255.255.252 ip route-cache flow duplex auto speed auto analysis-module monitoring ! interface Integrated-Service-Engine 2/0 ip address 10.1.1.1 255.255.255.0 hold-queue 60 out !