Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
309
Views
0
Helpful
1
Replies

Matching a device to bandwidth consumption

oneirishpollack
Level 1
Level 1

‎09-19-2012 05:49 AM - edited ‎03-07-2019 08:57 AM

My company is composed of three different campuses, all with a similar network topology. We currently are experiencing high bandwidth on our serial interface at one of the campuses in particular. The network is composed of about 20 VLANS routed internally using a Cisco 6509. Traffic to the outside is PAT’d by an ASA 5510 and then forwarded through our edge router interface. Each VLAN is PAT’d to a specific public address.

Due to the PAT, how would you recommend determining what specific private addresses are consuming our resources on the serial interface. When I look at our NMS, it reports the public address, but that only narrows it down to a VLAN. For example, all the devices in VLAN 6 are translated to 146.34.118.245, and 146.34.11.245 is a top talker.

computer --> 2960-s (access) --> 6509 (L3 Switch) --> ASA 5510 (PAT) --> 3845 (gateway)----> Internet

Any recommendations or thoughts would be appreciated.

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-19-2012 06:27 AM

Hello Onerishpollack,

you can think of enabling netflow on the C6500 L3 switch and more specifically  in ingress direction on the SVI Vlan 6.

Depending on IOS version on C6500 you can enable netflow selectively or only globally

see

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/nde.html

>>Cisco IOS Release 12.2(33)SXH and later releases  support per-interface NetFlow, which enables PFC NetFlow data collection  on a per-interface basis. With releases earlier than  Release 12.2(33)SXH, NetFlow on the PFC could be only be enabled and  disabled globally.

Once netflow is enabled on the involved SVI you can export flow accounting data to a Netflow Collector server or you can use

show ip cache flow

to visualize the flow cache locally on the C6500.

see

http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/command/nf-02.html#GUID-E3881A9E-7FD9-4BCE-83E5-603E55AE72DC

Once you get the output of the show ip cache flow you can put it in a txt or csv file and you can aggregate ( sum ) all flows with the same source IP address and you can find the top talkers.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card