10-06-2007 02:42 AM - edited 03-09-2019 06:58 PM
We have a VPN from a cisco 877 to a Concentrator. I notice every day the CPU and bandwidth on the 877 is high at 8am-10am, can I see what PC or type of traffic is doing this on the 877?
10-07-2007 09:24 PM
You can configure Netflow and use a freeware Netflow application to monitor bandwidth, applications, and protocols used per host, etc.
10-07-2007 09:45 PM
Thanks, can I get this all from the Cisco website?
10-08-2007 06:15 AM
I like this one, you can use this permenantly for free if you only monitor up to (2) interfaces. Otherwise, you can get a 30 day trial.
http://manageengine.adventnet.com/products/netflow/index.html
You can configure Netflow on the appropriate interface by doing the following:
!
config t
interface fa4
ip route-cache flow
exit
ip flow-export version 5
ip flow-export destination 192.168.1.1 9996
!
Replace the interface and destination IP to match your needs.
10-08-2007 06:32 AM
Hi, which one is it I need to download?
Is the Cisco one not free?
10-08-2007 06:40 AM
http://download.adventnet.com/products/netflow/2028821/ManageEngine_NetFlowAnalyzer_6002.exe
Cisco has other links but most of them are for UNIX and Linux.
10-08-2007 07:02 AM
Right all installed, I'm using a Cisco 837 as a VPN, woudl I monitor the ATM0, Dialer 1 or Ethernet 0 which is the router IP?
10-08-2007 07:10 AM
You can configured it on the ethernet0 interface and dialer1
10-08-2007 07:12 AM
Hi, I have installed in on a server with an IP of 192.168.100.1 and added your config to the Ethernet 0, but not data is going to the Netflow webserver, how can I check it can conncet this server or it is working?
10-08-2007 07:17 AM
show ip cache flow
10-08-2007 07:21 AM
Here it is:
IP packet size distribution (26605 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .770 .025 .106 .026 .028 .019 .002 .001 .001 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .001 .014 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
8 active, 4088 inactive, 268 added
9944 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
8 active, 1016 inactive, 258 added, 258 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-WWW 3 0.0 5 99 0.0 0.2 1.6
TCP-SMTP 19 0.0 1 60 0.0 0.8 15.4
TCP-other 163 0.0 115 100 1.3 8.9 6.6
UDP-DNS 25 0.0 1 75 0.0 1.8 15.4
UDP-NTP 8 0.0 1 96 0.0 0.0 15.6
UDP-other 16 0.0 1 220 0.0 0.1 15.4
ICMP 26 0.0 2 306 0.0 1.6 15.4
Total: 260 0.0 72 100 1.3 6.0 9.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0 172.19.10.17 Di1 192.168.101.1 06 05B5 0401 2
Et0 172.19.10.11 Di1 192.168.101.8 06 0446 0A26 1788
Et0 172.19.10.17 Di1 192.168.101.7 06 0491 0A26 1251
Et0 172.19.10.20 Di1 192.168.101.8 06 04B6 0A26 2041
Et0 172.19.10.22 Di1 192.168.101.7 06 0610 0A26 523
Et0 172.19.10.18 Di1 192.168.101.3 06 0853 0475 8
Et0 172.19.10.18 Di1 192.168.101.7 06 06F1 0A26 295
Et0 172.19.10.21 Di1 192.168.101.8 06 070B 0A26 1784
f3rryun1t2#
10-08-2007 08:05 AM
Looks good and now...
show ip flow export
10-08-2007 08:34 AM
Hi, I'm not near my pc but will be in an hour so will post the results, however, I tried that earlier and remember lots of zeros in the table as of there is no data, any reason for this?
10-08-2007 09:41 AM
Hi, here it is, is the source IP ok?:
User Access Verification
Router#show ip flow export
Flow export v5 is enabled for main cache
Exporting flows to 192.168.100.1 (9996)
Exporting using source IP address 86.84.80.x
Version 5 flow records
1371 flows exported in 399 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
Router#
10-08-2007 12:39 PM
You can change that if you want to but yes it is exporting the Netflow information to the server. All you need to do is configure the Netflow server with the router and interfaces.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide