Hi folks,
I need to monitoring specified by an ACL. The only way to monitoring that traffic is to create a route-map and apply the policy on the incoming interface and to use MRTG to monitor it. Do you have any other better tip?
TIA Alex.
policy on the incoming interface and to
I guess that this is a traditional router - please post the exact model. Could be Router, Catalyst switch, Pix, some other?
sh ver Cisco C837 (MPC857DSL) processor (revision 0x600) with 58983K/6553K bytes of memory. Processor board ID xxx, with hardware revision 0000
Policy routing won't create an additional copy of the traffic so I don't see that this will help you.
deb ip packet [det] may help?
Need to turn of fast switching though which can kill the router if it is busy.
Hi Anybody43,
my question was general. Anyway I would apply that on 800 router series, 837 and 877. Unfortunately they don't share they same release of IOS (even among the same model, they were installed at different times). If you have any hint just tell it to me and I will see from which release onwards that feature is available.
Generally they are not too much overloaded so I I could do that the way I explained but if there more efficient ways of doing that they are welcome. I don't think that to use the debug mode is the best idea. The only doubt I have now is that perhaps I must apply the policy on both the inlet and outlet interface otherwise the flow coming back won't pass through the loopback interface, I guess I need to force it as I would do for the ongoing flow.
Thanks in advance
Alex.
model, they were installed at different times).
onwards that feature is available.
explained but if there more efficient ways of
inlet and outlet interface otherwise the
force it as I would do for the ongoing flow.
Hi,
As I said thre is no way to generate copies of packets on routers. You cuold use policy routing to force traffic out and then feed it back in somehow.
The best solution for this would be add a switch or hub and if a switch use the Cisco SPAN feature. You can also get Ethernet T-pieces or Taps.
Depending on what you need you can get a lot of information from ip accounting, netflow, and of course debug ip packet.
On an 837 without too much traffic deb ip packet is not likely to kill it I don't feel unless there are I guess a lot of hosts.
You can "deb ip pac ACL" to limit the amount of traffic logged but you still have to turn off fast switching.
With Switches you just SPAN the port "monitor session 1 ...".
I often just load ethereal on any PC that I want to monitor and access the PC remotely.
Pix has "capture" command.
You're correct but the ACL used are limited to standard (just source IP address) ACL whereas I need to monitor traffic going to a specific destination. I could do that for the traffic coming back but not for that going forth.
Anothe doubt is about this rule applied on a single interface router acting as default gateway. Itink there is no way to do that because the traffic is redirect and in the worst hypothesis it flows in and out the same interface.
Good!
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.