Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
3
Replies

How to view connections on a specific interface??

jacob6000
Level 1
Level 1

‎02-03-2014 12:33 PM - edited ‎03-07-2019 05:58 PM

I have a 2801 router (12.4) with two lan interfaces and one T-1 that is dedicated for voip traffic. I am seeing an usual amount of traffic on the T-1. How can I see all the flows/connections for the serial interface (T-1) specifically?  Top talkers?

Thank you,

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎02-03-2014 12:37 PM

Yes, top talkers. The quickest way that I know of is:

ip flow-top-talkers

sort bytes

top 10

int s0/0

ip flow egress

ip flow ingress

Then "show ip flow top"

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

jacob6000
Level 1
Level 1
In response to John Blakley

‎02-03-2014 12:56 PM

Thank you John. I'm actually doing that exact thing but I'm confused by the output.

ex:

#sh ip flow top-talkers

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes

Local         154.124.x.x  Se0/1/0*         68.128.110.100 32 3110 44CF    10M

Tu21          192.168.1.125   Vl10          192.168.2.236   06 D091 0814  4601K

Vl10          192.168.2.236   Tu21*         192.168.1.125   06 0814 D08E  4203K

Fa0/0         x.x.x.x    Vl10               x.x.x.x    06 01BB F516  1096K

Vl10          x.x.x.x    Fa0/0*             x.x.x.x    06 F516 01BB   837K

Se0/1/0       49.75.140.1     Vl10          154.124.x.x  32 C8B3 EC6B   710K

Local         154.124.x.x  Se0/1/0*         49.75.140.1     32 E048 8F57   432K

Tu21          192.168.1.100   Vl10          192.168.2.6     11 0000 0000   324K

Vl10          x.x.x.x    Fa0/0*             132.245.15.98   06 EDAD 01BB   303K

Vl10          x.x.x.x    Fa0/0*             x.x.x.x   06 FAB2 01BB   141K

10 of 10 top talkers shown. 113 flows processed.

Now take this one entry. Does the entry below mean that 192.168.2.241 is the actual inside address making a connection to the outside world. This addess isn't allowed to go outside this is why I need confirmation. I have an explicit NAT acl to allow only specific address through  the 154.124.x.x interface (T-1) and this isn't one of them.

Se0/1/0        49.75.140.1     Vl10           154.124.x.x  32 00  10     719K

C8B3 /32 0                     EC6B /24 0     192.168.2.241         242   809.9

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to jacob6000

‎02-03-2014 11:49 PM

hi,

i would suggest to download a netflow traffic analyzer tool to better understand the output.

http://wannabelab.blogspot.com/2013/11/configuring-netflow.html

alternatively, enable ip accounting on the LAN port.

int fx

ip accounting output-packets

sh ip accounting

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card