Section C-2. 6000 Network Analysis Module


C-2. 6000 Network Analysis Module

  • The NAM monitors traffic on a switch and offers analysis using Remote Monitoring (RMON), RMON2, and Simple Network Management Protocol (SNMP) MIBs.

  • Traffic sourced by a VLAN or a SPAN switch port can be monitored.

  • Netflow data export (NDE) information can be collected and analyzed by the NAM.

  • The NAM can be managed by these applications:

    - NAM Traffic AnalyzerAn internal web-based application

    - CiscoWorks TrafficDirector

    - NetScout nGenius Real-Time Monitor (RTM)

    - CiscoWorks2000 (via SNMP)

Configuration

1.

Access the NAM.

a. Assign the NAM management port to a VLAN:

COS

N/A

IOS

 (global) interface gigabitethernet mod/1 (interface) switchport access vlan vlan-number 


On an IOS switch, the NAM management port (port 1) must be assigned to a vlan-number so that the NAM traffic can be switched to and from the management application.

A COS switch doesn't require this step. Instead, the NAM management port is automatically assigned to the VLAN associated with the sc0 switch interface.

b. Open a CLI session with the NAM:

COS

 session module 

IOS

 session slot module processor 1 


A command-line session is initiated with the NAM module in chassis slot module. To close the session, type the escape sequence ^-] or control-].

c. Log in as the administrator:

NAM

 login: root Password: password 


Use the administrator username root and password (text string; default "root").

d. (Optional) Change the administrator password:

NAM

 (exec) password root 


You should change the root password to something different from the default. The password is a text string of up to 15 characters.

e. (Optional) Initially configure the IP parameters.

- Set the IP address:

NAM

 (exec) ip address ip-address subnet-mask 


The NAM is managed by using its IP address. Make sure the IP address is appropriately chosen to match the management port VLAN.

- Set the broadcast address:

NAM

 (exec) ip broadcast broadcast-address 


The broadcast address should be set according to the IP network and subnet mask of the NAM management port.

- Set the host name and domain name:

NAM

 (exec) ip host name (exec) ip domain domain-name 


The NAM identifies itself by its host name and domain name (text strings).

- Set the default gateway:

NAM

 (exec) ip gateway default-gateway 


Specify the IP address of the default gateway on the NAM management port's local network.

- Identify one or more name servers:

NAM

 (exec) ip nameserver ip-address [ip-address …] 


f. Initially configure the SNMP parameters.

- Identify the system location:

NAM

 (exec) snmp location location 


The system location (text string) is used to describe where the NAM is physically located.

- Identify the system contact:

NAM

 (exec) snmp contact contact 


Give the name of the person or group to be contacted for NAM maintenance as contact (text string).

- Identify the system name:

NAM

 (exec) snmp name name 


The NAM is identified as name (text string) in SNMP queries.

- (Optional) Identify the read-write community string:

NAM

 (exec) snmp community community-string rw 


The SNMP management application can read or write MIB variables only if it uses the community-string (text string) that is configured on the NAM.

- Identify the read-only community string:

NAM

 (exec) snmp community community-string ro 


The SNMP management application can only read MIB variables if it uses the community-string (text string) that is configured on the NAM.

g. (Optional) Test network connectivity to the NAM.

- Ping a remote host:

NAM

[View full width]

 (exec) ping [-nv] [-c count] [-i wait] [-p  pattern] [-s packetsize] {hostname | ip-address} 


ICMP echo packets are sent to the remote host at hostname (text string) or ip-address. To display addresses as numbers rather than host names, use the n flag. For more detail, use the verbose v flag. The number of packets can be given as c count. With the i option, the NAM will pause wait seconds between echo packets. The echo packets can be filled with a pattern (up to 16 bytes in hexadecimal) by using p. The size of the echo packet can be set with s to packetsize bytes.

- Trace the route to a remote host:

NAM

[View full width]

 (exec) traceroute [-Inv] [-f first-ttl] [-m  max-ttl] [-p port] [-s source-addr] [-t tos] [-w wait-time] {hostname  | ip-address} 


Traceroute probe packets are sent to the remote host at hostname (text string) or ip-address. UDP probes are used, unless the I flag forces ICMP echo packets. To display addresses as numbers rather than host names, use the n flag. For more detail, use the verbose v flag. The initial and maximum time-to-live (number of hops) are given by f and m, respectively.

The UDP port number used is given by the p option. A source address other than the NAM management port can be given by s. The type of service (ToS) value can be given by t. With the w option, the NAM will allow wait seconds for the probe response to return.

2.

(Optional) Shut down the NAM.

CAUTION

Before you can remove the NAM from the switch chassis, you must shut it down properly. Use one of the shutdown methods in this step to bring about an orderly shutdown and wait for the shutdown process to be completed. This is indicated when the status LED changes from green to amber or is off. Then you can safely remove the module.

a. Module shutdown from the NAM CLI:

NAM

 (exec) shutdown 


b. (Optional) Module shutdown or reset from the switch CLI:

COS

 set module shutdown module 

-or-

 reset module 

IOS

 (exec) hw-module module shutdown module 

-or-

 (exec) hw-module module module reset 


You can shut down the NAM in slot module with the shutdown keyword. If the switch is then rebooted or power cycled, the NAM will reboot also. To restore the NAM to service, use the reset keyword.

c. (Optional) Remove or restore power to the NAM:

COS

 set module power down module 

-or-

 set module power up module 

IOS

 (global) no power enable module module 

-or-

 (global) power enable module module 


d. (Optional) Use the NAM Shutdown button as a last resort.

You can use a small pointed object such as the end of a paper clip to push the Shutdown button on the NAM module front panel. The button is located to the right of the status LED.

3.

Select the traffic source to monitor.

a. (Optional) Monitor NDE information.

TIP

The NAM can be configured to collect NDE information from one or more sources. To enable the local switch containing the NAM to be an NDE source, follow the configuration steps presented here. If the local switch is a COS-only switch, you must also configure the Multilayer Switch Feature Card (MSFC)/MSFC2 to generate NDE information. Refer to section "8-6: Network Data Export" for complete configuration information.

- Enable NDE on a Policy Feature Card (PFC):

COS

 set snmp extendedrmon netflow {enable | disable} mod set mls nde {enable | disable} set mls nde version {1 | 7 | 8} 

IOS

 (global) mls nde sender [version version] 


For a PFC/PFC2, Layer 3-switched traffic can be reported as NDE version 7. On a COS switch, the PFC can be enabled to send NDE data to the NAM in slot mod.

- (Optional) Enable NDE on Layer 3 interfaces:

COS

N/A

IOS

 (interface) ip route-cache flow 


For an MSFC/MSFC2, routed traffic can be reported as NDE version 1, 5, or 6. NDE must then be enabled on any Layer 3 interfaces where the MSFC routes traffic.

- Identify the NDE source:

COS

N/A

IOS

[View full width]

 (global) ip flow-export source [{interface  interface-number} | {null interface-number} |  {port-channel number} | {vlan vlan-id}] 


NDE packets will be sent using the source address specified. Either an interface (Ethernet, null, or EtherChannel) or a VLAN can be used as the source.

- Identify the NDE collector:

COS

 set mls nde ip-address 3000 

IOS

 (global) mls rp nde-address ip-address (global) ip flow-export destination ip-address 3000 


The NAM at ip-address will receive the NDE information over UDP port 3000, which is required by the NAM.

- (Optional) Define the flow mask used to generate netflow data:

COS

N/A

IOS

[View full width]

 mls flow {ip {destination | destination-source |  full} | {ipx {destination | destination-source}} 


The NDE sends flow information based on the destination address (destination, the default), both destination and source (destination-source), or both destination and source addresses and ports (full).

- (Optional) Use flow filters to report only specific traffic flows:

COS

[View full width]

 set mls nde flow [exclude | include] [destination  ip-address mask] [source ip-address mask]  [protocol protocol] [src-port number] [dst-port  number] 

IOS

[View full width]

 (global) mls nde flow {exclude | include}  {destination ip-address mask | source ip-address  mask {dest-port number | src-port number}} 


NDE will export flows that match (include) or don't match (exclude) the remaining filter parameters. Filtering can be performed based on destination IP address (destination), destination port number (dest-port), source IP address (source), and source port number (src-port).

b. (Optional) Monitor a SPAN session.

- (Optional) Monitor a switch port:

COS

[View full width]

 set span src-mod/src-ports dest-mod/1 [rx | tx |  both] [inpkts    {enable | disable}] [learning {enable | disable }] [multicast    {enable| disable}] [filter vlans...] [create] 

IOS

[View full width]

 (global) monitor session session source interface  type number    [rx | tx | both] (global) monitor session session destination interface    gigabitethernet mod/1 (global) monitor session session filter vlan vlans 


The traffic source is identified as a specific switch port. The destination is the NAM port 1. Specific VLANs can be filtered for monitoring by using the filter keyword.

- (Optional) Monitor a VLAN.

COS

[View full width]

 set span src-vlans dest-mod/1 [rx | tx | both]  [inpkts {enable |)    disable}] [learning {enable | disable}]  [multicast {enable |    disable}] [create] 

IOS

[View full width]

 (global) monitor session session source vlan vlans  [rx | tx | both] (global) monitor session session destination interface    gigabitethernet mod/1 


One or more VLANs can be given as sources of traffic to be monitored. The destination is the NAM port 1.

4.

(Optional) Upgrade the NAM software.

a. Make the upgraded partition inactive:

COS

 reset module hdd:partition 

IOS

 (global) hw-mod module module reset hdd:partition 


To upgrade the application partition (1), reload the NAM and run from the maintenance partition (2). Alternatively, if the maintenance partition software must be upgraded, run from the application partition (1).

b. Install an image from an FTP server:

NAM

 (exec) upgrade ftp-url 


The NAM can download a software image from any FTP server (including CCO at ftp.cisco.com), provided that it can reach the server over the network. First, make sure you can ping the server.

The software image is located by its URL, ftp-url. Use the format ftp://host/absolute-path/filename for a server that supports anonymous FTP. Otherwise, you can specify a username and password by using the format ftp://user@hostname/absolute-path/filename.

c. Reload the NAM into the application partition:

COS

 reset module hdd:1 

IOS

 (global) hw-mod module module reset hdd:1 


5.

(Optional) Apply a software patch to the NAM.

a. Make sure the NAM is running the application image.

b. Download and apply the patch.

NAM

 (exec) patch ftp-url 


The NAM can download a patch file from any FTP server (including CCO at ftp.cisco.com), provided that it can reach the server over the network. First, make sure you can ping the server.

The patch is located by its URL, ftp-url. Use the format ftp://host/absolute-path/filename for a server that supports anonymous FTP. Otherwise, you can specify a username and password by using the format ftp://user@hostname/absolute-path/filename.

6.

(Optional) Access the NAM's HTTP server.

a. Install a strong crypto (3DES) patch:

NAM

 (exec) patch ftp-url 


The NAM must first have a patch applied that will enable 3DES cryptographic features. You can find the strong crypto patch on the Cisco FTP site in a location such as ftp://ftp.cisco.com/cisco/crypto/3DES/lan/catalyst/6000/nam/cisco-nam-strong-crypto-patchK9-1.0-1.i386.rpm.

b. Select the secure HTTP port:

NAM

 (exec) ip http secure port port 


The TCP port used for secure HTTP access is given as port (1 to 65535). This is typically 8080.

c. Enable the NAM HTTP server:

NAM

 (exec) ip http server enable 


d. (Optional) Use self-signed certificates for secure server connections:

NAM

 (exec) ip http secure generate self-signed-certificate 


The self-signed certificate is generated by the NAM itself and is delivered to the HTTP clients for secure HTTP sessions.

e. (Optional) Use a certificate authority (CA) for secure server connections.

- Request a certificate from the CA:

NAM

 (exec) ip http secure generate certificate-request 


This command prompts you for the necessary information about your organization and server. A certificate request is then displayed as several lines of printed characters. To actually request the certificate, you have to copy and paste the request information into a request message that is manually sent to the CA. The CA should send a reply with the certificate data.

Install the certificate:

NAM

 (exec) ip http secure install certificate 


This command will prompt you for the certificate information. Copy and paste the lines of certificate characters, including the lines that mark the beginning and end of the certificate. End the certificate data by typing a period and then pressing the Enter key.

Displaying Information About the NAM

Table C-2 lists the switch commands that you can use to display various helpful information about the NAM.

Table C-2. Commands to Display NAM Information

Display Function

Switch OS

Command

SNMP configuration

NAM

 show snmp 

IP configuration

NAM

 show ip 

CPU usage

NAM

 show cpu 

Memory usage

NAM

 show memory 

Version and serial number

NAM

 show bios 

HTTP certificates

NAM

 show certificate show certificate-request 

Installed features

NAM

 show patches show options 




Cisco Field Manual. Catalyst Switch Configuration
Cisco Field Manual. Catalyst Switch Configuration
ISBN: 1587050439
EAN: N/A
Year: 2001
Pages: 150

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net