cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16032
Views
5
Helpful
8
Replies

Monitor and identify traffic on the Gigabit Interface

networksniffer
Level 1
Level 1

Hello,

long story short: I need to monitor and identify the traffic on the WAN GigabitEthernet0/3 interface. Recently after some changes to our network we discovered that our traffic to outside world via this link is doubled from 150-200 to 350 MB/sec (we use MRTG for bandwidth), we suspect there are something looping in the network. That is why I want to trace what is going via Gig0/3 in and out (mostly out). What are the suggestions on how to trace down and identify the what causing such a big spike in the outbound bandwidth?

While replication of the port seems to be a good tool Im not sure that any laptop with packet tracer can handle 300 mb/s of traffic. But, what are suggestions?

Tahnks =)

Router Specs:

cisco 7204VXR (NPE-G1) processor (revision B) with 983040K/65536K bytes of memory.

Processor board ID 18281405

SB-1 CPU at 700MHz, Implementation 1, Rev 0.2, 512KB L2 Cache

4 slot VXR midplane, Version 2.0

Last reset from power-on

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

TN3270 Emulation software.

PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.

Current configuration on bus mb1 has a total of 400 bandwidth points.

This configuration is within the PCI bus capacity and is supported.

PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.

Current configuration on bus mb2 has a total of 90 bandwidth points.

This configuration is within the PCI bus capacity and is supported.

Please refer to the following document "Cisco 7200 Series Port Adaptor

Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>

for c7200 bandwidth points oversubscription and usage guidelines.

2 FastEthernet/IEEE 802.3 interface(s)

3 Gigabit Ethernet/IEEE 802.3 interface(s)

1 ATM network interface(s)

509K bytes of non-volatile configuration memory.

8 Replies 8

acampbell
VIP Alumni
VIP Alumni

Eric,

As a starting point you may be able to spot the top talkers by enabling ip accounting on the interface.

conf t

!

interface gi0/3

ip accounting output-packets

!

end

show ip account

This will build a table of bytes & packet sent from source ip adresses to destination ip addresses.

Something like this:-

router_10.64.7.2#

show ip account

    Source         Destination              Packets               Bytes

172.17.110.208  172.17.110.223            25                   2500

10.64.7.26       172.17.111.59               13                   1092

to turn off

conf t

!

interface gi0/3

no ip accounting output-packets

!

end

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

Hi Eric,

I would also suggest what campbell says, along with that you can also enable netflow to get a detailed information.

Regards,

Sathvik

Reporting back.

The ip accounting did it! We were able to identify spam host and eliminate the high traffic problem. Thank you for you help!

networksniffer
Level 1
Level 1

Thanks acampbell and sathvik.

IP accounting is a pretty good idea, i use it for my vpn connections on vpn router. I will try this one for sure. I dont know anything about Netflow. Is there any good examples on how to set it up for traffic identification?

Regards,

  Eric

Hi Eric,

Good to know you could identify the source. Please refer the URL for mor details on netflow.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html

Regards,

Sathvik

Thanks again!

Seems like netflow is more precise then just ip accounting, I will set it first on the test router to see how it effects the performance, defiantly will need to have something like that in the near future on the core router. =)

If you have a time would you be able to help me with this thread https://supportforums.cisco.com/thread/2247398

so far have no answers on it. Thanks again. =)

Yes. netflow gives you indepth of the communication. Wireless i'm not good at.

Regards,

Sathvik

One more question, you dont happen to know anything about Cisco SMB routers?

https://supportforums.cisco.com/thread/2249641

regards,

   Eric

Review Cisco Networking for a $25 gift card