Hi Guys,
Need some help here. Can someone advise me on how to go about monitoring the traffic that goes in/out of my cisco 1800 series router please? I'm facing some connectivity issues and would like to check if the network packet has managed to get to my router.
Thanks agian.
Sniffer or netflow come to mind. For a sniffer, you'd need to install a switch outside the interface you wish to monitor and configure a span session. For netflow, you would need a collector/analysis server running netflow and then configure the router to send the data (if the
1800 supports it which I do not know since its a lower end device). Those are probably your only two options other than a debug/acl which could impact performance.
Some more detail on the ACL/debug methods.
For a single IP packet there are a few options
Debug has as VERY severe effect on performance say factor of 100 or 1000.
Turn off fast switching and turn on "debug ip packet" Record config off of router so you can put it back.
conf t int x no ip route-cache exit I forget whether this needs to be done on the input or exit interface so I just do both. If you do all interfaces on your 1800 you cant miss. Put the ip route cache back when done.
If there is more than a very little traffic and you can identify it with an access-list then you can create an ACL to match you traffic against the ACL and deb ip traffic
A possible easier way is to just create a permit access list for the traffic and apply it to the interface. This will have NO impact on the performance (well maybe a few percent or something).
sh access-l will then display "matches".
This is all from memory so may be little errors. e.g. access-l 100 permit tcp 10.10.10.1 255.255.255.255 10.10.20.1 255.255.255.255 eq 80 access-l 100 permit ip any any
conf t int x ip access-group 100 in
Be VERY careful not to cut yourself off from the router. Access-lists have an implicit "deny any" at the end.
If you have a recent 12.4(T) then you might like to look a new feature that allows the router to capture and display packets including exporting them from the router.
ip capture - I think it is called. Beware that the "T" train is for new features and wil be less stable.
Finally for debug you need to arrange to see the debugs.
logging buffered debugging
logging buffered 50000
sh log
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.