Monitoring tunnel interface traffic

We've integrated WLSM with IDSM-2 and want to monitor wireless traffic terminating on tunnel interfaces. Can't find a way to configure SPAN or VACL on IOS 6500 to capture traffic. Any suggestions?

Try this:
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080459221.html

Similar Messages

  • Bandwith monitoring on physical interface or on tunnel interface ?

    Hi All,
    I would like to ask you a question .i am using solarwind monitoring tool for bandwith monioring.
    I would like to know which interface we should use for monitoring ? Physical interface or tunnel interface .
    I am using GRE tunnel in each of my remote locations.
    and in some locations when i compare my physical interface graph and tunnel interface graph ,there is always hugh difference ,tunnel interface always has high utilization.  but for some sides physical interface and tunnel interface graph are same .
    please do let me know which is the best for monitoing .

    Hi ,
    Genrally it can be posible due bandwidth configuration on tunnel interface but ther is no harm in monitoring both the interface,it is genarlly a benfit only for you as if tunnel goes down it will raise an alarm also for the same.
    For exact monitoring for tunnel interface i would suggest you to check  - VPNTTG (VPN Tunnel Traffic Grapher).
    Advantage of VPNTTG over other SNMP based monitoring softwares is following: Other (commonly used) softwares are working with static OID numbers, i.e. whenever tunnel disconnects and reconnects, it gets assigned a new OID number. This means that the historical data, gathered on the connection, is lost each time. However, VPNTTG works with VPN peers IP address and it stores for each VPN tunnel historical monitoring data into the Database.
    Hope that helps out your query !!
    If helpful do rate the valauble post.
    Regards
    Ganesh.H

  • Which object in RSVP message carried the value configured by "tunnel mpls traffic-eng bandwidth" command?

    Hi Experts,
    I configured a simple MPLS TE tunnel in my routers and configured it with "tunnel mpls traffic-eng bandwidth 777" command. The tunnel came up fine. I tried to capture the packets (using GNS capture) going out of tunnel head end interface but I could not find out on which message object the value '777' is carried. Can anyone please explain me exactly in which RSVP/OSPF message the bandwidth value is carried?
    Thanks,
    Madhu

    Hello Madhu,
    I think it is FLOWSPEC object, not 100% sure
    The FLOWSPEC class is defined in RFC 2210. Cisco IOS Software requests Controlled-Load service when reserving a TE tunnel. The FLOWSPEC format is complex and has many things in it that RSVP for MPLS TE doesn't use.The FLOWSPEC is used in Resv messages—Resv, ResvTear, ResvErr, ResvConf, ResvTearConf. Its only use in MPLS TE is to use the average rate section of the FLOWSPEC to specify the bandwidth desired, in bytes. Not bits. Bytes. So if you configure a tunnel with tunnel mpls traffic-eng 100000 to request 100 Mbps of bandwidth, this gets signalled as 12,500,000 bytes per second (100 Mb is 100,000 Kb is 100,000,000 bits, which is 12,500,000 bytes).
    Hope this helps
    Regards
    Mahesh

  • Tunnel mpls traffic-eng dynamic reoptimization issue

    we have a dynamic tunnel, when the LSP switches to a suboptimal path due to failure on the optimal path it does not switch back to the optimal path once the path is restored.
    How do we enable automatic reoptimization plus a threshold setting re = 5 seconds
    interface Tunnel0
    description test
    ip unnumbered Loopback0
    tunnel destination 211.1.219.6
    tunnel mode mpls traffic-eng
    tunnel mpls traffic-eng autoroute announce
    tunnel mpls traffic-eng path-option 10 dynamic

    If you do a "show mpls traffic-eng tunnels brief" you will see that the default periodic optimization is set to 1 hour (3600 seconds).
    You can use the following command to change this default timer:
    mpls traffic-eng reoptimize timers frequency
    For more information on this command, please see this URL:
    http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/swtch_r/swi_m3.htm#wp1061558
    Hope this helps,

  • What is the 'tunnel mpls traffic-en bandwidth' ?

    Hi
    I do not understand about 'mpls tunnel traffic-en bandwidth'
    If i want to use the RSVP-TE then i know i have to configure the 'ip rsvp bandwidth ...'  and 'tunnel mpls traffic-en bandwidth...'
    But why i have to configure them for TE.
    RSVP is Resource Reservation Bandwidth so i think that 'ip rsvp bandwidth' checked the available B/W in physical interface for TE and it is not the reality B/W for tunnel.
    Is it correct?
    Can you teach me them for me 'IP RSVP BANDWIDTH, TUNNEL MPLS TRAFFIC-EN BANDWIDTH'
    Thank you

    Hello Byung,
    the ip rsvp bandwidth specifies the total amount of resources available outbound an interface = total reserveable bandwidth on the link it can even bei higher then effective interface speed.
    The other command specifies the amount of bandwidth to be used in  the reservation for the specific MPLS TE tunnel and has to be lower then the first one in order for the link to be selected and used for the tunnel. If no suitable path is found the tunnel setup fails.
    To be noted the bandwidth associated to an MPLS TE Tunnel is an administrative parameter and does not reflect the effective traffic that can travel over the tunnel.
    The Call admission control is performed on the administrative bandwidth parameter not on effective user traffic.
    Hope to help
    Giuseppe

  • Where did these tunnel interfaces come from?!?

    Hello,
    just wondering why one of our routers creates tunnel interfaces dynamically.
    I was setting up a GRE tunnel to transport multicast traffic over network. After I was done, I found two extra tunnel interfaces with command show ip interfaces brief and those extra interfaces uses my original tunnel interface as their IP addresses. There is no any configuration regarding to these extra interfaces in running config. How did this happen? Any explanations? Is it relating somehow to my multicast solution?
    If I got two dynamically created tunnels does that mean that I have at least two concurrent multicast groups on my router in active state?
    Sorry for dummy questions but I have almost zero experience what comes for multicast and last time I studied it in school about 8 year ago...
    -JJ

    Hi,
    These are created dynamically, one to encapsulate multicast packets and the other one to decapsulate. You can see them with the command < show ip pim tunnel > . You can find the description and purpose of these tunnels here:
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti/command/imc-cr-book/imc_s1.html#wp9533023710
    Hope this helps,
    Jose.

  • Using Tunnel interface on Router

    Hi Everyone,
    I see hew Tunnel  interface on Router.
    Router is Running OSPF.
    It has no crypto statemets.
    tunnel configuration
    interface Tunnel1
    ip address 10.4.x.x x.x.x.x
    delay 7
    tunnel source Loopback1
    tunnel destination 10.4.x.x
    My question is when we use Tunnel interface without any crypto statemets?
    Thanks
    MAhesh

    This Tunnel is a plain GRE-Tunnel. These are typically used without crypto when:
    1) The traffic is not sent through an untrusted network and a cryptographic protection is not needed.
    2) The GRE-traffic gets encrypted on a separate device if the GRE-Endpoint is not capable of doing the needed cryptographic protection.
    Sent from Cisco Technical Support iPad App

  • Transmit Discards on Tunnel Interface Cisco 2851

    Hi, wondered if anyone could shed any light on this?
    We have a two 2851 routers at two seperate branches that connect via a vpn tunnel back to the head office. When lookking at the tunnel interface it shows a lot of transmit discards which are there constantly and increase as traffic levels go up.
    I have read that this is due to congestion however we are'nt using that much bandwidth at all.
    one site has 100mb private circuit and the other has 10mb both of which are never more than 30% utilised
    any thoughts?
    thanks

    [url=http://membres.lycos.fr/ishbjndm/washingtondbd.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washington7bc.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washingtonc17.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washington47d.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washington123.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washingtoncbb.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washington6a2.html] washington [/url]
    [url=http://members.lycos.nl/fzxhunpv/washington73f.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washingtondae.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washington844.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washington4e3.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washingtonb8e.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washington206.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washingtond0a.html] washington [/url]
    [url=http://dnbvako.zotzoo.com/washington8fa.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washington12f.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washingtond66.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washingtonfc2.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washington55d.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washington1c2.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washington6a6.html] washington [/url]
    [url=http://gcqdamu.zizhost.com/washington17d.html] washington [/url]
    [url=http://ytieutu.wipou.com/washington03c.html] washington [/url]
    [url=http://ytieutu.wipou.com/washingtoneb9.html] washington [/url]
    [url=http://ytieutu.wipou.com/washingtonb3f.html] washington [/url]
    [url=http://ytieutu.wipou.com/washington4e8.html] washington [/url]
    [url=http://ytieutu.wipou.com/washington0c7.html] washington [/url]
    [url=http://ytieutu.wipou.com/washington241.html] washington [/url]
    [url=http://ytieutu.wipou.com/washingtonfe3.html] washington [/url]
    [url=http://poaheif.webheri.net/washington737.html] washington [/url]
    [url=http://poaheif.webheri.net/washington3ca.html] washington [/url]
    [url=http://poaheif.webheri.net/washingtonda1.html] washington [/url]
    [url=http://poaheif.webheri.net/washington474.html] washington [/url]
    [url=http://poaheif.webheri.net/washington368.html] washington [/url]
    [url=http://poaheif.webheri.net/washington6af.html] washington [/url]
    [url=http://poaheif.webheri.net/washington189.html] washington [/url]
    [url=http://fztodds.24fast.info/washington09d.html] washington [/url]

  • Mystery Tunnel Interfaces on 2921 Router

    Hi All,
    I need some help.
    For some reason it seems we have 3 Tunnel interfaces on the router, not sure how it got there but we are unable to delete them or configure them.
    They seem to take the loopback ip as source and if I delete the loopback interface it chooses another IP.
    Output from sh ip int brief, not sure where it gets those IP's from as well.
    Tunnel0                    172.16.0.1      YES unset  up                    up     
    Tunnel1                    172.16.0.1      YES unset  up                    up     
    Tunnel2                    172.16.0.1      YES unset  up                    up    
    See below when I try to enter interface config mode:
    Router1(config)#int tunnel 0
    % This interface cannot be modified
    Any suggestions or help will be appreciated.
    Regards
    Z

    Hi Zubair,
    this is due to WCCP. You have WCCP for service 61 and 62 so my guess is you have an optimizer appliance (like WAAS) talking WCCP with this router. The tunnel interfaces are the result of WCCP using GRE encapsulation to redirect the traffic to the WAN optimizers.
    you can find more info here:
    https://supportforums.cisco.com/docs/DOC-15782
    thanks,
    Fabrizio

  • EEM Tracking two tunnel interfaces at the same time

    Hi Everyone,
    luckly i just got introduced to EEM lately, and i was wondering how life saver this would be in alot of enviroments..
    I am trying to write an EEM to monitor two out of three tunnel interfaces if they went down i'd like to perform an action on the third interface.
    i went through online posts and saw there was "event track" under the EEM, but when i login to  any of my routers i can't see this, i dont get the option track.
    here is what i want to do..
    monitor tunnel 100 and tunnel 200 - if the line protocol went down or there are no routing information recieved on them action is to unshut tunnel 300 and tunnel 400
    thanks guys for help in advance

    Hi,
    Here is an example that does something similar:
    track 10 interface Ethernet0/0 line-protocol
    delay up 10
    track 11 interface Ethernet0/1 line-protocol
    delay up 10
    track 12 interface Ethernet0/2 line-protocol
    delay up 10
    track 13 interface Ethernet0/3 line-protocol
    delay up 10
    track 19 list threshold percentage
    object 10
    object 11
    object 12
    object 13
    threshold percentage down 51 up 100
    event manager applet DOWN
    event track 19 state down
    action 1.0 cli command "enable"
    action 1.1 cli command "conf t"
    action 2.0 cli command "int lo100"
    action 2.1 cli command "shut"
    action 9.0 syslog priority alerts msg "SWITCHOVER TRIGGER"
    event manager applet UP
    event track 19 state up
    action 1.0 cli command "enable"
    action 1.1 cli command "conf t"
    action 2.0 cli command "int lo100"
    action 2.1 cli command "no shut"
    action 9.0 syslog priority alerts msg "PREEMPT TRIGGER“

  • Tunnel interface selection

    Hi,
    Apologies in advance but im new to MPLS, But is possible to have more than one pysical interface in a tunnel and is it possible load balance accross the physical links ?

    Hi Stephen,
    If you want two port to be bundled in TE tunnel for load sharing which is not possible. But yes you include one port in
    tunnel and leave another port in IGP then you can load share between them with below rules (But both should have equal cost to destination)
    1-You will never load share between an IGP route and a TE route for the tunnel tail.
    2-You might load share between an IGP route and a TE route for nodes behind the tunnel tail.
    Algorithm by default include both tunnel path and igp path in path list.
    If ou want to load share between two TE tunnel then.....
    Both kind of load-sharing is possible with TE tunnel i.e equal cost load sharing and
    unequal cost load sharing.
    If you do not set any load share value it pick from bandwidth command. (like if bw is 20,20,40 meg then load sharing
    will be in ratio of 1:1:2)
    command: "tunnel mpls traffic-eng load-share --value--"
    you can verify the load share with below command
    "show ip cef exact-route source-ip destination-ip"
    or
    "sh ip cef destination-ip internal"
    please remember if you use same source and destination then it will show you same tunnel for all traffic. Please try changing source and you will see different tunnel used.
    Hope this helps
    Regards
    Mahesh

  • Tunnel interface to physical interface

    Hi All,
    I was wondering if it is possible to build a site to site vpn connection one side using tunnel interface and the other end using a physical interface.
    My plan is to use a 3945 router, build multiple tunnel interfaces on the router to connect 50 clients. By using tunnel interface on the router i could leverage on the vrf feature to isolate clients  but if i use tunnel interface on my end  i am not certain if the tunnel will come up if my client is using 1) ASA 2) PIX 3) vpn concentrator - which doesnt support tunnel interface.
    Thanks for your help in advance.
    Lou

    Mark Mattix wrote:I did some reading on EIGRP and is it correct that the EIGRP Header and Payload (TLV) are encapsulated in an IP packet and addressed to the address, 224.0.0.10? Is this the reason why multicast traffic must be encapsulated first in GRE to travel over the internet? Olivier Pelerin> This is correct
    When I set up a site to site VPN using GRE tunnels and an IPSec config on the interfaces would this be considered, IPSec over GRE, or GRE over IPSec? I don't understand that difference.
    Olivier Pelerin> See the diagram below - this explain GRE over IPSEC. That's a diagram I did here for a training
    On the example packet I posted above, is the public address that's routed over the internet part of the IPSec packet/suite? I guess a better question is, what portions of the packet make up IPSec and which portion is just regular IPv4 addressing?
    Olivier Pelerin> the diagram below should answer that
    I've been wrong in thinking that GRE and IPSec go hand in hand when infact it's possible to only use IPSec and no type of tunnel. If IPSec is set up on the interfaces and the tunnels are configured at both end points, what does your information first get encapsulated by, GRE or IPSec? In your example packet format Olpeleri, is looks like the IP packet is first encapsulated in GRE then encapsulated by IPSec. Is this correct? If so when information leaves our LAN and heads to the internet, does it first go through the tunnel to be encapsulated by GRE then out the physical link that adds the IPSec encapsulation?
    Olivier Pelerin> Correct. GRE first then encryption
    Sorry for all these questions, I'm just trying to learn how this works! Thanks again for the help!
    [red = encrypted]

  • Looking for a better solution that tunnel interface

    Hi
    acctualy I have a Vsat connection between my remote site and central office
    on both site we have router and sat modem
    I have now a tunnel interface between my two routers,I am looking for a better idea,,

    hi...
    so you have tunnel interface between your two router so now what are you looking for...?
    secure IPsec connection or what???
    please explaine in details
    regards
    Devang

  • Possible to ssh tunnel Bonjour traffic across different subnets?

    Hello:
    For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
    So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
    Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
    ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
    thus being able to set up a secure point-to-point iChatAV connection?
    Anybody ever do something like this?

    Hin j.v.,
    It is possible to iChat Bonjour over a Virtual Private Network , yes.
    2:33 PM Thursday; May 4, 2006

  • DLSW and Tunnel Interfaces problem

    We have a pair of routers with tunnel interfaces and DLSW between them.
    Some times the tunnel interface goes down thus loosing service trough DLSW.
    Is there any problem reported between DLSW and this kind of tunel interfaces ?

    Hi,
    i assume you are using dlsw tcp peers.
    In general dlsw does not know over what infrastucture the connection really runs. Dlsw gives data to tcp and tcp is responsible for doing the actual transmission.
    I dont know of any problems with dlsw and tunnel interfaces in general.
    Some more information might help to understand the problem.
    What type of tunnel are you using? GRE?
    What version of ios are you running?
    Do you use additional encapsulation overhead like ipsec ect?
    Does tcp on this router use path mtu discovery?
    thanks...
    Matthias

Maybe you are looking for

  • Go to a Website no longer disappears when cursor in blank field

    Normal windows standards dictate that an empty field show blank when a cursor is put in it. However, starting with FF15, the Go to a Website verbiage does not disappear. Is there a config to make this go away? Confusing, because your never sure quick

  • Columns mismatch between Source database and Source in Informatica

    Hi, I'm trying to create few columns into the datawarehosue tables. I can see the columns in my source system (Siebel CRM) in toad. When I access the source table via Informatica Powercenter Designer. I don't see that column in the source tabel. I ha

  • Show two windows, two different docs at once, split screen

    Hi, I need to take the names of form fields and rewrite them in the asp send document. For this I figure it would be really easy to show a side by side view of two different documents. I could have the form up on the left, and the send asp document o

  • RAW compatibility update for Sony Alpha a55 (model SLT-A55V)

    Hello, It seems to be everyone's issue with latest camera - when is Apple going to send an update for the Sony Alpha a55?? Or does someone knows a way around to get RAW compatibility with this model? Thanks Vxx

  • Convert Colors RGB to CMYK something i don't understand.

    Hello! I'm still "fighting" with maximum TotalInk. There is the problem. Indesign have background and overlaying image with effect - Multiply. So it's extremely hard to avoid not exceed maximum ink. Indesign don't provide normal way to do it and i st