Once approach to this is to use the built in services on our Cisco 1841 router, the ip flow and ip route-cache command sets.
Enabling the flows is actually quite simple to do, it is the recording of the data and the reporting, but more on that later.
So the first thing to do is to enable ip route-cache flow on all your interfaces, these are the root interfaces and not the sun interfaces, so fastethernet0/0 ATM0/0/0 Dialer0 etc.
Once this is done you can then configure the export of the flow data to be recorded. I have been using an application called Net FlowAnalyzer which you can trial for 30 days from here
So once you have an application to record the data you need to configure the Cisco to export the data.
ip flow-export destination 10.0.0.1 9996
ip flow-export source fastethernet0/0
ip flow-export version 9
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
snmp-server ifindex persist
This exports the data to a server on 10.0.0.1 on port 9996 UDP. Don't forget to allow the UDP port 9996 inbound on any Windows Firewall on your server!
Now that this is all in place you can check the flows with these commands
show ip flow export
show ip cache-flow
No comments:
Post a Comment