Hi
Is there any of Cisco feature that let me measure the amount of network usage per user or per ip address. For example: I have 10 computer on my LAN, what can i do if i want to know, let say pc01 use how many Mb per period of time? Is it possible to do it?
Thanks, hhs
Install software on each box and monitor it, or use snmp to poll the switch interfaces and graph the results (mrtg will work as well). Solarwinds engineer toolset can do this, as can many other free and not-free software packages.
I have configure IP Accouting on Cisco Router. ! interface FastEthernet0/0 ip address 172.16.0.1 255.255.255.0 ip accounting output-packets !
And can view the output from the router, by using "sh ip accounting output-packets" it show me SourceIP DestIP Packets Bytes. That's the information i need, but i want to send all of this information to syslog server. Is that possible? If snmp can poll thoes information, how can i do it? Can you give any example?
Thanks, hhs
Hi
netflow is adequate to this task. Let's have a look at
With ip accounting it's much to difficult to investigate. You had to sum up all lines for an specific ip and you can't see which traffic flows because no ports are shown in accounting. Another problem is that you can't find out when traffic was generated unless you do a clear ip accounting, let's say, every minute.
Andre
at
Netflow is not bad, but it is usually hard to have a chart/graph of traffic over time for a single IP. If you just want to manage the heavy hitters and see how a particular link or path is being utilized throughout the day (like most of us do), the netflow is second to none, but if you just want an idea of who is doing what, netflow probably isn't the best tool for that. I also definitely agree with your comments about scalability of accounting and the lack of ability to easily refine the reports. If you had a tool like Solarwinds (not cheap, but should be other free options out there), it will use SNMP strings to poll a device. Basically you would need to setup snmp on the switch and/or router, but you must remember that measurement of bandwidth would be done at layer 2 in this solution, not layer 3, By setting up a SNMP string, you can then use a tool like solarwinds to 'poll' the router by using an interface IP and the correct read or write string. When you connect to the router/switch, Solarwinds asks you which interfaces you would like to poll or watch, and then what kind of graph to create (1 min avg, 5 min avg, etc). This would allow you to graph each switchport on the switch (you would need to resolve what IPs/systems are on what ports the manual way with show arp | include and show cam or show mac-address-table.
MRTG is free and runs on linux and works in very much the same way. You just need to remember that no matter what, these are averages and not actual down to the second traffic levels (unless you use the bandwidth meter portion). Polling a router every second can cause performance degradation, so using a 1 or 5 minute average usually gets a ballpark of what you are looking for.
You can google any of these solutions for configuration examples and/ or software options.
at
everytime i wanted to know which users is utilizating my links i also wanted to know with what services.
... and you'll come to the point where you need to.
i do not like the idea to poll switchports especially on switches with many clients connected to - as i use (up to 200 ports per switch). In most cases traffic is increased to bad levels on wan links so i need to know what's going on in there. The router's port is the common point.
for our company 1 minute averages aren't dispersed enough, btw. we are serving exchange application. For most users these are good values, though.
netflow can provide you with more detailed information as you can get with mrtg and i think sooner or later you'll need them.
To find out how much traffic one PC is generating, netflow is oversized, of course.
Andre
at
I agree with all of the above, however the OP said 10 machines, not
6500s with 200+ ports. For long-term monitoring, a solution of mrtg/ snmp for wan/internet link usage is great, with netflow to tell you what is going on within that bandwidth usage. For short-term troubleshooting of bandwidth bottlenecks, including LAN and WAN, a rapid snmp poller is the best bet to avoid the problems associated with timeframe averaging', but agree that you only use it when you need it. Polling hundreds of 6500s with hundreds or ports each would not be a good idea by any means. For a small time LAN with no WAN links and perhaps an internet connection or two, simple snmp polling could give you most of what you need and perhaps netflow on the WAN or internet link. If you are really in a bind, simple ip route-cache flow with show ip cache-flow can show you the heavy hitters and their source/destination information.
at
I agree with you. We are meaning widely the same. I only want hhs to think about it.
at
was generated
Yeah I could tell we agreed, just didn't want to confuse the OP. Lots of valid information in here when he/she is ready for the next step either way, so thanks for the added comments.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.