Monitoring network traffic on Cisco 1800 series

Discussion in 'Cisco' started by taihc, Nov 18, 2008.

  1. taihc

    taihc Guest

    Hi Guys,

    Need some help here. Can someone advise me on how to go about
    monitoring the traffic that goes in/out of my cisco 1800 series router
    please? I'm facing some connectivity issues and would like to check
    if the network packet has managed to get to my router.

    Thanks agian.
     
    taihc, Nov 18, 2008
    #1
    1. Advertisements

  2. taihc

    Trendkill Guest

    Sniffer or netflow come to mind. For a sniffer, you'd need to install
    a switch outside the interface you wish to monitor and configure a
    span session. For netflow, you would need a collector/analysis server
    running netflow and then configure the router to send the data (if the
    1800 supports it which I do not know since its a lower end device).
    Those are probably your only two options other than a debug/acl which
    could impact performance.
     
    Trendkill, Nov 18, 2008
    #2
    1. Advertisements

  3. taihc

    bod43 Guest

    Some more detail on the ACL/debug methods.

    For a single IP packet there are a few options

    Debug has as VERY severe effect on performance
    say factor of 100 or 1000.

    Turn off fast switching and turn on "debug ip packet"
    Record config off of router so you can put it back.

    conf t
    int x
    no ip route-cache
    exit
    I forget whether this needs to be done on the
    input or exit interface so I just do both.
    If you do all interfaces on your 1800 you cant miss.
    Put the ip route cache back when done.

    If there is more than a very little traffic and you can identify
    it with an access-list then you can create an ACL to
    match you traffic against the ACL and
    deb ip traffic <acl-number>


    A possible easier way is to just create a permit access list
    for the traffic and apply it to the interface.
    This will have NO impact on the performance
    (well maybe a few percent or something).

    sh access-l
    will then display "matches".

    This is all from memory so may be little errors.
    e.g.
    access-l 100 permit tcp 10.10.10.1 255.255.255.255
    10.10.20.1 255.255.255.255 eq 80
    access-l 100 permit ip any any

    conf t
    int x
    ip access-group 100 in

    Be VERY careful not to cut yourself off from the router.
    Access-lists have an implicit "deny any"
    at the end.

    If you have a recent 12.4(T) then you might like to look a new feature
    that allows the router to capture and display packets
    including exporting them from the router.

    ip capture - I think it is called.
    Beware that the "T" train is for new features and wil be less stable.

    Finally for debug you need to arrange to see the debugs.

    logging buffered debugging

    logging buffered 50000

    sh log
     
    bod43, Nov 18, 2008
    #3
  4. taihc

    alexd Guest

    It'd be nice to know what type of interface it is you think you're having
    issues on. It's a lot easier to do packet sniffing on ethernet than DSL,
    for instance...
    I can confirm that the 1841 [and 877 for that matter] with Advanced IP
    Services supports netflow.
     
    alexd, Nov 18, 2008
    #4
  5. taihc

    Trendkill Guest

    Good to know, thanks for confirming Alex.
     
    Trendkill, Nov 18, 2008
    #5
  6. taihc

    bod43 Guest

    Hmmm - I suspect Netflow is in all routers.
    i.e. software routers - for hardware switches all bets are off.
    Let's have a look.

    1841 -
    Looks like Netflow for IPV4 is in all images but
    netflow for IPV6 is not in IPBASE but is in Adv IP Services.
    12.4(21a)

    Comparing above two with ww.cisco.com/go/fn


    *Common Features in Both Images *
    NetFlow
    NetFlow Aggregation
    Netflow Egress Accounting
    NetFlow Layer 2 and Security Monitoring Exports
    Netflow MIB and Top Talkers
    Netflow Multicast Support
    Netflow Multiple Export Destinations
    NetFlow Policy Routing (NPR)
    NetFlow Subinterface Support
    NetFlow ToS-Based Router Aggregation
    NetFlow v9 Export Format
     
    bod43, Nov 19, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.