Monitoring Traffic on CSM

Guys,
I have trouble (slow connection) on my servers behinds CSM. The SVI is on FWSM.
I want to see all the traffic on my servers which is located behind CSM during one day, so I will know what is the root cause of the servers slow connection.
The problem is how can I monitor the traffic in the CSM historically?
I think netflow can't handle it because netflow only knows the real IP (physical IP) of the server, and netflow can't mapping from Real IP to Virtual IP.
Thank for your help.
Regards,
Edwin

Hi Edwin,
To understand what is going on the connections through CSM, it is important to see server side sniffer data and client side sniffer data
from the standpoint of CSM. If you have NAM installed in the Cat6k, you can SPAN port-channel of CSM. In that case traffic are
captured with dot1q tag that makes troubleshooting easy. Without NAM, port SPAN or vlan SPAN of server side and client side are still useful.
There is no historical data with which you can troubleshoot client & server connectivity / performance issue through CSM.
Regards,
Kimihito.

Similar Messages

  • Monitoring traffic but not use IP SLA

    Dear everyone,
    I have a problem. I make a leased line between ISP (Service Provider) to Customer. And customer want to monitor traffic on this link. I can use IP SLA to do it. But now, customer don't agree to open ICMP on this link so IP SLA fall
    Can everyone help me to resolve it?

    SNMP traps for IP SLAs are handled through the system logging (syslog) process. This means that system logging messages for IP SLAs violations are generated when the specified conditions are met, then sent as SNMP traps using the CISCO-SYSLOG-MIB. The ip sla monitor logging traps command is used to enable the generation of these IP SLAs specific traps. The generation of IP SLAs specific logging messages is dependant on the configuration of the standard set of logging commands (for example, logging on). IP SLAs logging messages are generated at the "informational" system logging severity level.
    The command ip sla monitor logging traps is sometime hidden and may not show with ?, so just copy and paste in global config mode and have logging on and check if any traps are generated.
    -Thanks
    Vinod
    **Encourage Contributors. RATE them**

  • RF monitor traffic lights

    How do the two fields of capacity used work to define the workload for users in the RF monitor traffic lights?

    Hello,
    Does anyone know my question?
    Appreciate some help here.
    Thanks,
    tuff

  • Cisco Configuration Professional - Monitor - Traffic Status - Application traffic view

    Installed the Latest version of CCP. Noticed that it use Internet Explorer as the default browser.
    Current issue - Monitor - Traffic Status - Application traffic view show a window that is to large for my current screen,
    I've tried several options to make it more viewable, but no luck.
    Screenshot, Explaining the issue - Notice the difficulty to view the graphs
    Any advice will be appreciated.
    Philip

    I've manage to fix it by changing the zoom on Internet Explorer

  • Monitoring Traffic on a tunnel - Netflow Version 7

    Hi,
    I am trying to setup monitoring for Netflow and it is working but it doesn't seem I am capturing all the traffic as the utilization only shows 1-2%.
    My current setup is this:
    ip flow-cache timeout active 1
    ip flow-export source GigabitEthernet0/1
    ip flow-export version 5
    ip flow-export destination xxx.xxx.xxx.xxx 9996 vrf xxxxxxxxxxxx
    interface Tunnel1
    ip vrf forwarding xxxxxxxxxxxxx
    ip address xxxxxxxxxxxxxxxxxx
    tunnel source xxxxxxxxxxxxxxxxxxxxxx
    tunnel destination xxxxxxxxxxxxxxxxxxxx
    tunnel vrf INTERNE
    interface Tunnel2203
    description WAN: US | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx | xxx.xxx.xxx.xxx
    ip vrf forwarding xxxxxxxxxxxxxxxx
    ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
    ip mtu 1500
    ip route-cache flow
    ip tcp adjust-mss 1350
    ip ospf authentication-key 7 xxxxxxxxxxxxxxxxxxx
    ip ospf cost 20
    keepalive 10 3
    tunnel sourcexxx.xxx.xxx.xxx
    tunnel destination xxx.xxx.xxx.xxx
    tunnel key xxx.xxx.xxx.xxx
    tunnel checksum
    interface GigabitEthernet0/1
    description xxxxxxxxxxxxx, F0/45
    no ip address
    ip flow ingress
    ip flow egress
    ip route-cache flow
    duplex auto
    speed auto
    interface GigabitEthernet0/0
    description xxxxxxxxxxxxxxxx, xxxxxxxxxxxxx
    ip vrf forwarding xxxxxxxxxxxxxxxx
    ip address xxxxxxxxxxxxxxxxx
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip flow egress
    ip route-cache flow
    load-interval 30
    duplex full
    speed 100
    no mop enabled
    Both Gig0/0 and 0/1 connect to the core however, as you see Gig0/0 uses VRP forwarding which is how I have it setup for our Netflow. I only seem be able to see Tunnel 1 and Gig0/0. I cannot see tunnel 2203 or Gig0/1.
    xxxxxxxxxxxxxxx#show ip flow export
    Flow export v5 is enabled for main cache
      Export source and destination details :
      VRF ID : 1
        Source(1)       xxxxxxxxxxx (Tunnel2203)
        Destination(1)  xxxxxxxxxx (9996)
      Version 5 flow records
      3423675 flows exported in 115622 udp datagrams
      0 flows failed due to lack of export packet
    show ip cache flow
    IP packet size distribution (1616M total packets):
       1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
       .000 .398 .065 .054 .017 .030 .015 .011 .007 .007 .008 .005 .004 .003 .003
        512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
       .002 .002 .003 .038 .321 .000 .000 .000 .000 .000 .000
    IP Flow Switching Cache, 278544 bytes
      287 active, 3809 inactive, 62297999 added
      1265353168 ager polls, 0 flow alloc failures
      Active flows timeout in 1 minutes
      Inactive flows timeout in 15 seconds
    IP Sub Flow Cache, 25800 bytes
      287 active, 737 inactive, 3406160 added, 3406160 added to flow
      0 alloc failures, 0 force free
      1 chunk, 1 chunk added
      last clearing of statistics never
    Please help?

    This is not possible ... if you LAG the links.  But if you un-LAG it maybe you can.  I haven't tried it.
    So that tunneled guest traffic flow can come via one trunk and leave on the guest VLAN via another trunk going to another switch. This sounds "awful" (for the lack of a better PG-13 word).

  • Monitoring traffic and collisions

    Hello-
    I am wondering if I could get some feedback on a utility that can be used to monitor collisions (source of problem) on the switches in my cluster. Current setup: 8 x 3548's -> 1 x 3550 in a star config. There seems to be alot of latency at times. I have MRTG running against the 3550, but I need to get to the root of the problem. Any help would be appreciated. Thx in advance.

    That is a strange graph from MRTG. Are you sure that MRTG is still updating? The only time I have seen MRTG draw a graph like that is when it stops updating. The reason for this is when MRTG can no longer collect data it just keeps using the last successful measurement and you end up with a never changing graph like you have.
    Ports blinking amber usually indicate errors. If you do a show interface command every couple of minutes do you see the error cuonters incrementing? If not then you might have failing hardware or heavy traffic in a half duplex environment. If you set the port speeds and duplex you must match the settings on all attached hosts. Hosts that are not set will match speed but end up at half duplex resulting in collisions.
    The MRTG/MIB stuff from the URL I supplied sometimes works - sometimes not. If it doesn't work it is the MIB portion that is ususally incorrect.
    -Mark

  • Monitoring traffic on router (3825)

    I have complaints for a downstream customer trying to connect to my network. He is the only one connecting to hosts via ssh. He is not showing up hitting the 3rd party (Mcaffee Sidewinder Firewall) between the 2 Cisco 3825 routers. I want to put wire shark on the first router to see what the issue might be. Can I span the GE0/0 port to one of the Fast Ethernet ports on this router to hook up a laptop with Wireshark to monitor the traffic of this device?

    You can capture packets directly on the router-
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/epc/command/epc-cr-book.html

  • Monitoring traffic between UCS fabric extenders and fabric interconnect?

    What is the best way to monitor the traffic between UCS fabric extenders (chassis) and fabric interconnect? Specifically I am looking for parameters to keep an eye on to determine when we may need to move from 2 links per fabric extender to 4 to handle greater IO needs.
    Thanks.
    - Klaus

    One way you could monitor usage is by looking at the interface stats just as you would for any switch uplink.
    Connect to the Cluster CLI
    connect NXOS
    Look at the input/output rate of your Server Uplink interfaces.
    In my example I'm using fixed ports 1 through 4 on my FI's connecting to the IOM of the Chassis.
    UCS-A(nxos)# show int eth1/1-4 | include rate
      30 seconds input rate 17114328 bits/sec, 1089 packets/sec
      30 seconds output rate 8777736 bits/sec, 693 packets/sec
        input rate 5.07 Mbps, 198 pps; output rate 1.03 Mbps, 99 pps
      30 seconds input rate 2376 bits/sec, 0 packets/sec
      30 seconds output rate 1584 bits/sec, 2 packets/sec
        input rate 1.58 Kbps, 0 pps; output rate 1.58 Kbps, 3 pps
      30 seconds input rate 2376 bits/sec, 0 packets/sec
      30 seconds output rate 31680 bits/sec, 20 packets/sec
        input rate 1.58 Kbps, 0 pps; output rate 30.89 Kbps, 18 pps
      30 seconds input rate 2376 bits/sec, 0 packets/sec
      30 seconds output rate 1584 bits/sec, 1 packets/sec
        input rate 1.58 Kbps, 0 pps; output rate 1.58 Kbps, 3 pps
    If you notice your two links pushing near 10G consistently, it might be time to add another 2 link.
    Other than this you can use SNMP to log the stats and look based on daily/weekly/monthly usage.
    Robert

  • IDSM-2 (7.0.2) want it to monitoring traffic and not affect anything

    Hello All,
    I am pretty new to IDSM's, just trying to learn about them.  I am working on a production network so I'm having to be pretty careful..
    We have 2 X 6513 with two IDSM-2 installed in each which have just been upgraded to 7.0.2.  They are all in promiscuous mode and we are using VACLS to redirect traffic to them for checking, I want to ensure there is no way that the production traffic can be affected, I can see most of the actions that affect traffic require the IDSM's to be working in INLINE mode.
         The action I was worried about was the TCP RESET, from what I read it seems that this is sent from the management interface of the device and I believe (I may not be correct) that this is available both in inline and in promiscuous mode.  Can anyone confirm if this is correct, is the TCP RESET available in PROMISCUOUS mode and if it is how do I turn it off.  Currently we only want the devices to monitor and then move to the more advanced features after we get a better understanding of our network.
    P.S.  Could anyone suggest a good document on how to go about managing and making use of the amount of alerts, and also IDSM setting up and tuning in general..
    Any help anyone could give would be gratefully appreciated.
    Thanks in advance.

    The action that you specify on each signature defines the action taken. When in promiscuous mode (IDS), actions like drop inline etc will not be available. The best way to go about what you want is to set all your signatures to just fire alerts when they trigger. Some signatures will have actions like tcp reset but if you sort from the action column in the IDM you can easily find these and remove the action and rather just produce alert for it instead. This will allow you to tweak your IDS before applying it inline (IPS) if that is your goal.
    Be aware also that the IDS will baseline your network and the Anomaly Detection module will act a little crazy if you don't let it monitor your network for 1-2 days of normal traffic.

  • App for monitoring traffic volume

    Can someone recommend a good and simple app to monitor internet traffic volume? Unfortunately my router does not offer such an option. I'm not interested in any kind of analysis function, I just want to know at the end of the week/month how much traffic I generated with regular surfing, IPTV, Netflix etc..
    Cheers
    Axel

    Little Snitch & Hands Off!

  • Monitoring Traffic Conversations

    Hi,
    I wonder if someone may be able to advise me.
    We want to look at the IP traffic conversations on a trunk link between two switches.
    How can this be achieved ? Do we have monitor the trunk with a port analyzer as its Layer 2 only, or can we use some form of ACL's on the switches themselves.Any help would be much appreciated.

    Hi,
    What you need is the Switched Port Analyzer (SPAN) feature. The following link has a good document on it:
    http://www.cisco.com/warp/public/473/41.html
    Hope that helps - pls rate the post if it does.
    Paresh

  • Monitoring traffic

    It seems not possible to monitor or log incoming and outgoing traffic with a TC or Airport Extreme. Is this true? Madness. Why can't I accomplish this most rudimentary of tasks?

    nrfems83 wrote:
    I currently have a secured small business network.  I have an open policy for employees to use their personal laptops on the network with restrictions of inappropriate material being viewed at work.
    I know currently I have employees breaking this policy.  How do I catch them? 
    Is there a software that can be installed on the main computer with the wireless router that will allow me to monitor the web traffic? I do not want to and can not install any software on their personal laptops just the main computer.  They all signed a form stating they would not view the web sites that are deemed inappropriate but I have to "catch them" to be able to prove it.
    Please advise.
    Hi
    Its possible to create an access policy using a linksys routers web ui , its easy .
    though u have to implement it in a correct mannar.
    my ideaolgy is a bit confusing so am pasting think link to the linksys KB for the article :
    http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=4041&p_created=11601...
    let me know the status?
    pe@c3
    "What u Give , is wht u better start expecting to take back".. - http://Forsakenbliss.wordpress.com

  • How to monitor traffic and associations per AP with WCS?

    Hi,
    is there a way to get traffic and client access/associations data with WCS for each AP of a centrally managed WLAN?
    I manage a campus WLAN with a 4402 WLC (software version 6.0.188.0) and a WCS version 6.0.170.0 .
    WCS provides me detailed information on a client basis: I'm able to know the association history of each client currently
    connected, both which AP the client has connected to, and how much traffic the client has generated/received for each connection.
    I hadn't find a way to get the same information on an AP basis. Namely, which clients have been connected, and how much traffic
    has been transmitted per time slot.
    I suppose this is just a matter of making a different query to the WCS database, since the data are the same used for providing
    the information on the client association and traffic history. Though, I haven't find a way on WCS to get this information.
    Thanks a lot in advance for any help, cheers,
    Piero

    Use the client reports from WCS reporting:
    http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0reps.html#wp1134645
    The Client Summary report contains four sub reports. Each of them can be  independently customized. The following information is default  information available from a Client Summary report depending on the  customizable report selected:
    •Number of Sessions
    •Number of Total Users
    •Number of Unique Users
    •Number of New Users
    •Number of Unique APs
    •Number of Users per AP
    •Total Traffic (MB)
    •Average Traffic per Session (KB) and per user (in KB)
    •Total Throughput (Mbps)
    •Average Throughput per Session and per user (Mbps)
    •Protocol—802.11a/n or 802.11b/g/n.
    •SSID—The user-defined Service Set Identifier name
    •VLAN
    •Vendor
    •User Count
    •Time Used (Minutes)
    •Traffic (MB)
    •Session Count
    •% of Users
    •% of Time
    •% of Traffic
    •% of Session
    •Total Time of a session

  • Monitoring traffic on Airport network

    I have a Time Capsule running a secure (WPA2) wireless network with an iMac, MacBook, 3 windows machines an iPhone and Sony PS3 sharing the connection. How can I monitor and record, from the iMac, upload/download usage of each device over a period of time? Someone is using my bandwidth, I just need to find out who.

    You can see the MAC address off all connected devices on your network as follows:
    Open AirPort Utility - Click Manual Setup
    Click the Advanced icon
    Click the Logging & Statistics tab near the top of the window
    Click Logs and Statistics near the bottom of the window
    Click Wireless Clients to see the MAC address of any device connected using wireless
    Click DHCP Clients to see wired and wireless devices on your network
    So, if you see 3 wireless devices on your network and you have only 2 devices yourself, then you may have an issue. However, anyone that is really smart enough to crack your network will also know how to avoid being detected.
    Be sure you are using WPA2 Personal security with a long, non-dictionary password for best security practices.
    Message was edited by: Bob Timmons

  • Airport Extreme monitoring traffic

    Is there a way that the Airport Extreme can log or show outbound traffic? (ie. see what websites are being accessed from my wifi network)

    The AirPort Extreme base station (AEBS) has no feature for tracking web access.

Maybe you are looking for