Unknown network traffic / router traffic monitoring

Similar Messages

• How much additional traffic does agentless monitoring add to your network

  I know this is not a fully evolved question because you could respond, what MP's (Maintenance Packs) do I have installed, and what all am I monitoring, however I am somewhat new to SCOM 2012, I've set it up and have it going, getting great alerting,
  right on so far! I have about a dozen servers that will not install the SCOM agent either from the management server via discovery, nor manually, and I want to be sure as not to overload the network with additional traffic.
  Your thoughts on this please.
  This is a great product once you wrap your head around it, and after a solid 4 days on it.  :)

  Hi rapper36,
  From:
  http://blogs.catapultsystems.com/cfuller/archive/2012/06/22/opsmgr-2012-resource-requirements-and-usage-recommendations-for-agent-and-agentless-monitoring-scom.aspx
  OpsMgr 2012 Agentless Monitoring resource requirements:
  Processor: < 1% average increase in processor utilization
  Disk: < 1 average increase in pages per second
  Disk: < 1 MB data (as there is no %programfiles%\System Center Operations Manager folder created)
  Network: < 1 MB data sent and received to the system during installation
  Memory: 14 MB less available memory
  Time to Deploy to Monitored state: 2.5 minutes
  After the agent was appearing as monitored the performance counters gathered prior to the installation were compared to those gathered after installation. The results indicate additional overhead associated with the Operations Manager 2012 agentless monitoring
  after the agent was appearing as monitored.
  Processor:  < 1% average increase in processor utilization
  Disk: < 1 average increase in pages per second
  Disk: < 10 MB
  Network:  < 1 MB/min additional traffic
  Memory:  < 1  MB less available memory
  Natalya
  ### If my post helped you, please take a moment to Vote as Helpful and\or Mark as an Answer

• Need to route traffic based on destination to 2 different routers

  I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
  The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
  I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
  The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
  I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
  I am sure I am just missing something silly.
  Here are the relevant portions of the config:
  interface GigabitEthernet0/0/1
   ip address 172.31.0.20 255.255.254.0
   ip nat inside
   ip policy route-map Test
   negotiation auto
   vrrp 1 ip 172.31.0.1
   vrrp 1 priority 105
  interface GigabitEthernet0/0/1.2
   encapsulation dot1Q 2
   ip address 10.10.48.12 255.255.255.224
   ip nat inside
   ip access-group 199 in
   vrrp 1 ip 10.10.48.3
   vrrp 1 priority 105
   vrrp 2 priority 105
   no cdp enable
  ip route 0.0.0.0 0.0.0.0 10.10.48.1
  ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
  access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
  route-map Test permit 19
   match ip address 116
   continue 20
   set ip next-hop 172.31.1.3
  route-map Test1 permit 20
   set ip next-hop 10.10.48.15
  Thanks in advance.
  Burton Hallman

  Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
  That aside in terms of your PBR -
  1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
  2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
  Jon

• VRF-Lite on one 6509; How to route traffic from global to VRF.

  To anyone that can lead me in the right direction:
  I have a 6509 switch with IOS " s3223-adventerprise_wan-mz.122-33.SXJ2.bin"  on it. I am running VRF-lite on it and would like to route some subnets from the global route table to the VRF route table. How can I do this and stay on the same physical switch.  I am using EIGRP for the global network and route table and static routing within the the VRF.  Any suggestions or recommendations?  Thanks in advance for your help in this matter...

  Hello,
  You need to use (Static route) in both directions, One Static in the VRF table points to the Global interface, and another one in the Global point to the VRF interface for the recieved traffic. After that, you Can Redistribute the Global Static route into Eigrp for end-to-end connectivity!
  Example:
  Consider you have 2 interfaces in your Core SW-6509: One is G0/1 and the other is G0/2
  G0/1 is placed into the Global table , and G0/2 is part of VRF (X)
  interface G0/1
  IP address 1.1.1.1 255.255.255.0
  inteface G0/2
  ip vrf forwarding X
  ip address 2.2.2.2 255.255.255.0
  Consider Subnet Y.Y.Y.Y in the Global and you want to have it accessible from the VRF!
  configure this:  (ip route vrf X  y.y.y.y y.y.y.y.y G0/1 Global)
  Configure also this for the return traffic from the Global table: (ip route 2.2.2.2 z.z.z.z G0/2)
  You Can then redistribute the Global static into the Eigrp as below:
  router Eigrp 1
  no auto summary
  redistribute static metric 1.1.1.1.1
  HTH
  Mohamed

• Route Traffic to down a specfic link

  I need to route traffic that is sourced from 10.1.50.0 network down link 1. Currently all traffic goes down Link 2. I want all traffic except 10.1.50.0 network to still use Link 2 as primary. What would be the best approach a static route for the 10.1.50.0 network or some type of policy map or something else? Thanks for the help

  Thanks for the reply. I created the access list and policy map from above but can not put the policy map on the VLAN interface. The commands are there but when I verify by looking at the interface it is not there. It is a 3750 G with IPSERVICES IOS. Any ideas? Thanks
  Standard IP access list 50
  10 permit 10.2.50.0, wildcard bits 0.0.0.255 log
  sh route-map
  route-map **VLAN250**, permit, sequence 10
    Match clauses:
      ip address (access-lists): 50
    Set clauses:
      interface GigabitEthernet2/0/1
    Policy routing matches: 0 packets, 0 bytes

• Slow TCP performance for traffic routed by ACE module

  Hi,
  the customer uses two ACE20 modules in active-standby mode. The ACE load-balances servers correctly. But there is a problem with communication between servers in the different ACE contexts. When the customer uses FTP from one server in one context to the other server in other context the throughput through ACE is about 23 Mbps. It is routed traffic in ACE:-(  See:
  server1: / #ftp server2
  Connected to server2.cent.priv.
  220 server2.cent.priv FTP server (Version 4.2 Wed Apr 2 15:38:27 CDT 2008) ready.
  Name (server2:root):
  331 Password required for root.
  Password:
  230 User root logged in.
  ftp> bin
  200 Type set to I.
  ftp> put "|dd if=/dev/zero bs=32k count=5000 " /dev/null
  200 PORT command successful.
  150 Opening data connection for /dev/null.
  5000+0 records in.
  5000+0 records out.
  226 Transfer complete.
  163840000 bytes sent in 6.612 seconds (2.42e+04 Kbytes/s)
  local: |dd if=/dev/zero bs=32k count=5000  remote: /dev/null
  ftp>
  The output from show resource usage doesn't show any drops:
  conc-connections              0          0     800000    1600000          0
    mgmt-connections             10         54      10000      20000          0
    proxy-connections             0          0     104858     209716          0
    xlates                        0          0     104858     209716          0
    bandwidth                     0      46228   50000000  225000000          0
      throughput                  0       1155   50000000  100000000          0
      mgmt-traffic rate           0      45073          0  125000000          0
    connections rate              0          9     100000     200000          0
    ssl-connections rate          0          0        500       1000          0
    mac-miss rate                 0          0        200        400          0
    inspect-conn rate             0          0        600       1200          0
    acl-memory                 7064       7064    7082352   14168883          0
    sticky                        6          6     419430          0          0
    regexp                       47         47     104858     209715          0
    syslog buffer            794624     794624     418816     431104          0
    syslog rate                   0         31      10000      20000          0
  There is parameter map configured with rebalance persistant for cookie insertion in the context.
  Do you know how can I increase performance for TCP traffic which is not load-balanced, but routed by ACE? Thank you very much.
  Roman

  Default inactivity timeouts used by ACE are
  icmp 2sec
  tcp 3600sec
  udp 120sec
  With your config you will change inactivity for every protocol to 7500sec.If you want to change TCP timeout to 7500sec and keep the
  other inactivity timeouts as they are now use following
  parameter-map type connection GLOBAL-TCP
  set timeout inactivity 600
  parameter-map type connection GLOBAL-UDP
  set timeout inactivity 120
  parameter-map type connection GLOBAL-ICMP
  set timeout inactivity 2
  class-map match-all ALL-TCP
  match port tcp any
  class-map match-all ALL-UDP
  match port tcp any
  class-map match-all ALL-ICMP
  match port tcp any
  policy-map multi-match TIMEOUTS
  class ALL-TCP
  connection advanced GLOBAL-TCP
  class ALL-UDP
  connection advanced GLOBAL-UDP
  class ALL-TCP
  connection advanced GLOBAL-ICMP
  and apply service-policy TIMEOUTS globally
  Syed Iftekhar Ahmed

• Naming Networks in EEM route table monitor

  I have the following EEM applet running on one of my core devices to monitor any changes in the routing table.
  event manager applet route-table-monitor
  event routing network 0.0.0.0/0 ge 1
  action 0.5 set msg "Route changed: Type: $_routing_type, Network: $_routing_network, Mask/Prefix: $_routing_mask, Protocol: $_routing_protocol, GW: $_routing_lastgateway, Intf: $_routing_lastinterface"
  action 1.0 syslog msg "$msg"
  action 2.0 cli command "enable"
  action 3.0 info type routername
  action 4.0 mail server "*.*.*.*" to "roger@*********" from "Core1" subject "Routing Table Change" body "$msg  $_cli_result"
  action 8.0 set msg "Route changed: Type: "
  This works brilliantly however the email I get lists the networks by IP and I am trying to get it to identify them by name
  Email Output
  Route changed: Type: modify, Network: 10.8.4.0, Mask/Prefix: 255.255.255.0, Protocol: BGP, GW: 10.1.1.1, Intf: N/A
  The script is running on a 3750
  I tried putting ip host info on the switch but that did not work.
  I am not sure if there is an extra line I can add to the script or if anyone else has done this?
  Thanks
  Roger

  I don't understand the request.  Where would the network "name" come from?  Networks are unnamed on IOS.

• Possible to Route Traffic Based on AVC?

  Is it possible to route traffic, based on the Application Visibility Control functions that specific Cisco routers are capable of?  Here's my issue:  I have two ISP's.  One is at about 120% utilization.  The other isn't doing anything.  I can specify ip routes based on IP addresses.  For instance, I can ip route 173.252.110.27 255.255.255.255 10.x.x.x to point to our ISP2 firewall, which is our non-utilized provider, for Facebook traffic.  The problem is that sites like this have massive public subnets, so I won't be able to capture all of the traffic destined to Facebook.  Is there a way to route traffic based on application?  I know that Palo Alto firewalls have a way to do Policy Based Forwarding, based on application.  I was wondering if the same was possible with AVC.  Thanks for any help.

  Hello.
  Yes, it's possible and, actually, you have 2 ways.
  1. use manual load-balanace between links.
  2. use PfR to load-balance traffic automatically.
  PS: you also will need NAT with route-map.

• Drive+ Traffic Routing

  Hi,
  I've been using Android phones with Google Maps for several years and recently switched to WP8.1 with Here Drive+ for navigation. I'm in the USA, New York City metro area, and find the route selection based on traffic not good. From what I see on the map, the actual traffic (yellow/red lines) does seem to be accurate as far as I can tell, but the routing seems to ignore it. I find I can't rely on it to give me the best route to get to my destination based on current traffic conditions. I also find the ETA to be incorrect by 15-30 minutes where Google Maps was much closer to actual time.
  As an example, yesterday, I had two route choices, one was more miles with no traffic and a second was less miles with heavy traffic. There are smart signs on the road showing the drive time to the George Washington Bridge from a point. One route was a 15 minute drive the other was a 54 minute drive. Radio news traffic confirmed what the signs said. 
  I could see on Drive+ that the green, yellow, red lines seemed to match the conditions on the road sign and where I could see traffic flow. Drive+ selected the heavy traffic route, I seleted the light traffic route. Drive+ kept trying to re-route me on the heavy traffic road via u-turns and connecting roads. It showed my time to my destination as 4:11PM. As I continued on my route, it finally showed me on this route and changed the ETA to 3:50PM. It should have routed me using a shorter drive time from the start.
  The app needs to better handle traffic conditions for route selection as this seems to be typical.

  Thanks. The thread you linked was based on a re-route for a current trip. For me, even the initial route is selected had a longer ETA. It should have based the initial trip on traffic.
  I think what might be happening is it selects the trip based on distance, then adds traffic rather than using traffic to compute the route.
  Re-routing a current trip is something that Google only recently added as well.

• 13017 Received TACACS+ packet from unknown Network Device or AAA Client

  I am adding new routers to our Corporate network for a new MPLS network.  I am getting 13017 Received TACACS+ packet from unknown Network Device or AAA Client  errors for these new routers.  They are added to ACS 5.4.0.30 correctly just like all of our other devices.  We have never had real routers on the network before, just switches and access points.  Is there something special I need to set in ACS for these to work and authenticate correctly?  I can only access the currently with built in login locally.
  One of the new router configs
  Current configuration : 2370 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname T666
  boot-start-marker
  boot-end-marker
  enable secret 5 $1$h7b3$.T2idTKb9H98BQ8Op0MAC/
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authentication enable default group tacacs+ enable
  aaa authorization exec default group tacacs+ local if-authenticated
  aaa accounting exec default start-stop group tacacs+
  aaa session-id common
  clock timezone CST -6
  clock summer-time CDT recurring
  ip cef
  ip auth-proxy max-nodata-conns 3
  ip admission max-nodata-conns 3
  voice-card 0
  crypto pki trustpoint TP-self-signed-2699490457
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-2699490457
   revocation-check none
   rsakeypair TP-self-signed-2699490457
  username netadmin privilege 15 secret 5 $1$SIR2$A3MpShVNeAOlTPyLZESr..
  interface FastEthernet0/0
   ip address 10.114.2.1 255.255.255.0
   ip helper-address 10.30.101.4
   duplex auto
   speed auto
  interface FastEthernet0/1
   no ip address
   shutdown
   duplex auto
   speed auto
  interface Serial0/1/0
   ip address X.X.X.X 255.255.255.252
   no fair-queue
   service-module t1 timeslots 1-24
   service-module t1 remote-alarm-enable
   service-module t1 fdl ansi
   no cdp enable
  router bgp 65065
   no synchronization
   bgp log-neighbor-changes
   network 10.114.2.0 mask 255.255.255.0
   neighbor X.X.X.X remote-as 209
   neighbor X.X.X.X default-originate
   default-information originate
   no auto-summary
  ip forward-protocol nd
  ip bgp-community new-format
  ip http server
  ip http authentication aaa
  ip http secure-server
  ip tacacs source-interface FastEthernet0/0
  no logging trap
  tacacs-server host 10.30.101.221 key 7 1429005B5C502225
  tacacs-server host 10.30.101.222 key 7 1429005B5C502225
  tacacs-server directed-request
  control-plane
  banner exec ^CC
  C
  Login OK
  ^C
  banner motd ^CC
  C
  **  UNAUTHORIZED ACCESS TO THIS SYSTEM IS PROHIBITED.  USE OF
  **  THIS SYSTEM CONSTITUES CONSENT TO MONITORING AT ALL TIMES.
  **  RUAN Transport Corporation
  **  Network Services
  **  [email protected]
  **  515.245.2512
  ^C
  line con 0
  line aux 0
  line vty 0 4
   exec-timeout 30 0
   transport input all
  line vty 5 15
   exec-timeout 30 0
  scheduler allocate 20000 1000
  end
  T666#

  AAA Protocol > TACACS+ Authentication Details
  Date :
  September 19, 2014
  Generated on September 19, 2014 10:21:27 AM CDT
  Authentication Details
  Status:
  Failed
  Failure Reason:
  13017 Received TACACS+ packet from unknown Network Device or AAA Client
  Logged At:
  Sep 19, 2014 10:21 AM
  ACS Time:
  Sep 19, 2014 10:21 AM
  ACS Instance:
  acs01
  Authentication Method:
  Authentication Type:
  Privilege Level:
  User
  Username:
  Remote Address:
  Network Device
  Network Device:
  Network Device IP Address:
  10.114.2.1
  Network Device Groups:
  Access Policy
  Access Service:
  Identity Store:
  Selected Shell Profile:
  Active Directory Domain:
  Identity Group:
  Access Service Selection Matched Rule :
  Identity Policy Matched Rule:
  Selected Identity Stores:
  Query Identity Stores:
  Selected Query Identity Stores:
  Group Mapping Policy Matched Rule:
  Authorization Policy Matched Rule:
  Authorization Exception Policy Matched Rule:
  Other
  ACS Session ID:
  Service:
  AV Pairs:
  Response Time:
  Other Attributes:
  ACSVersion=acs-5.3.0.40-B.839 
  ConfigVersionId=359 
  Device Port=59840 
  Protocol=Tacacs
  Authentication Result
  Steps
  Received TACACS+ packet from unknown Network Device or AAA Client
  Additional Details
  DiagnosticsACS Configuration Changes

• Macs show up as "unknown" on my router's DHCP Client Table

  Both of my Macs, an Intel Mac Mini running Snow Leopard and a G4 iMac running Tiger show up as "unknown" in my router's DHCP client table.
  All of my Windows PCs all show up with their computer names.
  Is there a way to get my Macs' computer names to show up in the DHCP client table? The router is a Linksys RTP300.

  Open Network System Preferences, click on the service you are using to connect to the network (airport, ethernet, etc), click on Advanced and go to the TCP/IP tab. There is a field for DHCP client ID. This may pass a name to the router and it may use it. I don't know.
  Another option is the WINS tab. You can set the Netbios name (other than the default) and workgroup (and any WINS servers, if you know their addresses).

• What is the correlation of Logger Private network to Router Private Network.

  What is the correlation of Logger Private network to Router Private Network.
  You have to define them in Websetup for the Router and Logger but what is communicating on the Private network path between the Logger and Router?    I thought that was over the Public network.  is it only Recovery from the Loggers talking over the Private network?

  Hi,
  you can read about the types of messages exchanged over various links in the SRND.
  G.

• Connecting to an unknown network when a password is required.

  I struggle to connect to an unknown network when a password is required. In settings, there's a tick as if it's connected but it isn't. What am I doing wrong?

  - Googling shows that you have to join the network and then open Safari and agree to the terms and conditions and then the connect will be completed.
  - Try:
  Reset networks settings: Settings>General>Reset>Reset Network Settings
  - Go to Settings>Safari and clearing history, cookies and data

• Just started to update my phone to iSo5 when wireless connection was lost on my laptop, I can't get it back and it says there are no networks available-router is working fine, am using it on my iPhone now. Help!

  I just updated itunes and started to update my phone to iSo5 when wireless connection was lost on my laptop, I can't get it back and it says there are no networks available-router is working fine, am using it on my iPhone now. Help!

  Reboot your router. You by chance dont have a netgear N300 WNR2000 router do you? I had one of those and would lose wifi on it constantly, Switched to a Cisco wifi router and it works much better.

• When getting online Macbook defaults to an unknown network.

  Lately, when I get online, my connection defaults to an unknown network. This happens only on the Macbook, other devices are OK. Is there any way to lock the computer into just my own nework? Could not find anything in preferences.

  Please try the following on your MacBook:
  1a. Delete Preferred Network(s)
  System Preferences > Network > AirPort > Advanced > AirPort tab
  Under "Preferred Networks," delete the network(s) you regularly use from the list.
  1b. Delete AirPort Keychain Entries
  Launch the "Keychain Access" application located in Applications/Utilties.
  Click on the "Kind" filter at the top, and look for any "AirPort network password" entries...and delete them.
  1c. Add Preferred Network(s)
  System Preferences > Network > AirPort > Advanced > AirPort tab
  Add the preferred network(s) using the "+" button.
  Restart or log out then back in.