Cisco Network Analysis Module 6000 Installation And Configuration Manual

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

WS-X6380-NAM

This publication describes how to install the Catalyst 6000 family Network Analysis Module (NAM) and how to configure the NAM using the Catalyst command-line interface (CLI), the NAM Traffic Analyzer application, or both. See the “Related Documentation” section on page 73 for more information about software configuration for the switch.

Note For translations of the warnings in this publication, see the “Safety Overview” section on page 6 and

Contents

refer to the Regulatory Compliance and Safety Information for the Catalyst 6000 Family Switches.

This publication consists of these sections:

• Overview, page 2

• Safety Overview, page 6

• Software Requirements, page 8

• Hardware Requirements, page 9

• Required Tools, page 9

• Installing and Removing the NAM, page 9

• Configuring the NAM, page 16

• Administering the NAM, page 38

• Troubleshooting the NAM, page 59

• Supported RMON and RMON2 MIB Objects, page 64

• GNU General Public License, page 68

• FCC Class B Compliance, page 72

Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Overview

• Related Documentation, page 73

• Obtaining Documentation, page 73

• Obtaining Technical Assistance, page 74

Overview

This section describes the Catalyst 6000 family NAM, how it operates, and how to manage it, and includes these sections:

• Understanding How the NAM Works, page 2

• Managing the NAM, page 3

• New NAM Features, page 3

• Front Panel Description, page 4

• Specifications, page 6

Understanding How the NAM Works

The NAM monitors and analyzes network traffic for the Catalyst 6000 family switches using remote monitoring (RMON), RMON extensions for switched networks (SMON), and other management information bases (MIBs). The NAM supports the following RMON groups:

• RMON groups defined in RFC 1757

• RMON2 groups defined in RFC 2021

In addition to extensive MIB support, the NAM also can monitor individual Ethernet VLANs, which allows it to serve as an extension to the basic RMON support provided by the Catalyst 6000 family supervisor engine.

You can use TrafficDirector, or any other IETF-compliant RMON application, to access link, host, protocol, and response-time statistics for capacity planning, departmental accounting, and real-time application protocol monitoring. You also can use filters and capture buffers to troubleshoot the network.

The NAM can analyze Ethernet VLAN traffic from one or both of the following sources:

• Ethernet, Fast Ethernet, Gigabit Ethernet, trunk port, or Fast EtherChannel SPAN or RSPAN source

port

For more information about SPAN and RSPAN, refer to the “Configuring SPAN and RSPAN” chapter in the Catalyst 6000 Family Software Configuration Guide.

Note Cisco IOS software currently does not support RSPAN.

• Netflow Data Export (NDE)

For more information about NDE, refer to the Catalyst 6000 Family Software Configuration Guide.

The NAM is managed and controlled from either the embedded web-based NAM Traffic Analyzer application (directing a web browser at the NAM) or a Simple Network Management Protocol (SNMP) management application, such as those bundled with CiscoWorks2000, or both.

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Managing the NAM

The NAM Traffic Analyzer application provides access to the NAM data and voice traffic management and monitoring features through a web browser. To use the NAM Traffic Analyzer application, you first need to do some basic configuration tasks on the NAM using the CLI. You then can start the NAM Traffic Analyzer application with a single command. Refer to the User Guide for the Catalyst 6000 Network Analysis Module Traffic Analyzer for more information about using the NAM Traffic Analyzer application.

With NAM Traffic Analyzer, you can do the following tasks:

• Configure SPAN resources

• Configure collections

• Monitor statistics

• Capture and decode packets

• Set and view alarms

For added security, you can use both the CLI (using the ip http secure command) and the NAM Traffic Analyzer application to configure the NAM to use a remote TACACS+ server. For information about configuring the TACACS+ server remote database, refer to the User Guide for the Catalyst 6000 Network Analysis Module NAM Traffic Analyzer. A TACACS+ server can be used for authentication and authorization for your web-based users. You also can use a local database on the NAM for security.

You also can manage the NAM using an SNMP management application such as the Cisco TrafficDirector real-time network management application or NetScout nGenius Real-Time Monitor (RTM). To use RMON and SNMP agent support, you configure the NAM using the CLI.

Refer to the following URL for more information about using RTM:

Overview

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/fam_mod/rel2_1_2/ol_2428.htm

For more information about TrafficDirector and RTM, refer to the CiscoWorks2000 documentation.

For more information about the NAM Traffic Analyzer application, refer to the User Guide for the Catalyst 6000 Network Analysis Module Traffic Analyzer.

If you have a NAM that is already configured and running in the switch, and are familiar with the NAM, you can begin using the NAM Traffic Analyzer application by entering the ip http server enable CLI command, then starting NAM Traffic Analyzer in your browser.

New NAM Features

These new features are included in the NAM:

• Catalyst 6000 NAM Traffic Analyzer

The NAM software release 2.1 includes the embedded NAM Traffic Analyzer application for monitoring and troubleshooting the availability and health of your network. The NAM Traffic Analyzer application provides browser-based access to the NAM RMON1, RMON2, SMON, DSMON, and voice monitoring features.

For information about enabling and using the NAM Traffic Analyzer application, see the application online help or see the PDF version of User Guide for the Catalyst 6000 Network Analysis Module Traffic Analyzer in the online help.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Overview

• The licensed Application Response Time (ART) MIB, which is used to determine the source of the

slowdowns in application performance. The ART MIB measures the response time on the network at the transport layer.

Note You must purchase an ART MIB license from Cisco Systems before enabling and using

the ART MIB feature.

• The licensed voice-monitoring application.

Note You must purchase a separate software license to enable voice collection on the NAM.

• Both Media Gateway Control Protocol (MGCP) and Session Initiation Protocol (SIP) voice

protocols are now supported.

• Signalling Connection Control Part (SCCP) and H.323 voice protocols are now supported.

• The trap destination table is available when you enter the show snmp CLI command.

Note Cisco IOS does not support the show snmp CLI command.

• You can upgrade the maintenance image while the application is running.

Front Panel Description

The NAM front panel (see Figure 1) includes a STATUS LED, hard drive LED, SHUTDOWN button, and PCMCIA slot.

Figure 1 Network Analysis Module

WS-X6380-NAM

STATUS

NTWK ANALYSIS HDL

STATUS LED PCMCIA slot

STATUS LED

The STATUS LED indicates the operating states of the NAM. Table 1 describes the LED operation.

Table 1 STATUS LED Description

For Vendor Use Only

SHUTDOWN

SLOT

SHUTDOWN button Hard drive

(HD) LED

EJECT

PCMCIA

33089

Color Description

Green All diagnostic tests pass. The NAM is operational.

Red A diagnostic other than an individual port test failed.

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Table 1 STATUS LED Description (continued)

Color Description

Orange Indicates one of three conditions:

Off The NAM power is off.

SHUTDOWN Button

Caution Do not remove the NAM from the switch until the NAM has shut down completely and the STATUS

LED is orange. You can damage the NAM if you remove it from the switch before it completely shuts down.

To avoid corrupting the NAM hard disk, you must correctly shut down the NAM before you remove it from the chassis or disconnect the power. This shutdown procedure is normally initiated by commands entered at the supervisor engine CLI prompt or the NAM CLI prompt.

If the NAM fails to respond to these commands properly, you must use the SHUTDOWN button on the front panel to initiate the shutdown procedure.

Overview

• The NAM is running through its boot and self-test diagnostic sequence.

• The NAM is disabled.

• The NAM is in the shutdown state.

To push the button, use a small pointed object (such as a paper clip).

The shutdown procedure may require several minutes. The STATUS LED turns off when the NAM shuts down.

Hard Drive Activity LED

The hard drive (HD) activity LED is lit when the hard drive is in use.

PCMCIA Slot

The PCMCIA slot provides access for up to two standard PCMCIA cards (now known as PC cards) and is reserved for future use.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Safety Overview

Specifications

Table 2 describes the specifications for the NAM.

Table 2 Specifications

Specification Description

Dimensions (H x W x D) 1.18 x 15.51 x 16.34 in. (30 x 394 x 415 mm)

Weight Minimum: 3 lb (1.36 kg)

Maximum: 5 lb (2.27 kg)

Environmental conditions:

Operating temperature

Nonoperating temperature

Humidity

Safety Overview

Safety warnings appear throughout this document in procedures that may harm you if performed incorrectly.

For additional safety information, refer to documents listed in the “Related Documentation” section on

page 73.

Warning

This warning symbol means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. To see translations of the warnings that appear in this publication, refer to the Regulatory Compliance and Safety Information document that accompanied this device.

WaarschuwingDit waarschuwingssymbool betekent gevaar. U verkeert in een situatie die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken, dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen. Voor vertalingen van de waarschuwingen die in deze publicatie verschijnen, kunt u het document Regulatory Compliance and Safety Information (Informatie over naleving van veiligheids- en andere voorschriften) raadplegen dat bij dit toestel is ingesloten.

32 to 10°F (0 to 40°C)

–40 to 167°F (–40 to 75°C)

10 to 90%, noncondensing

Warning

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

VaroitusTämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien ehkäisykeinoista. Tässä julkaisussa esiintyvien varoitusten käännökset löydät laitteen mukana olevasta Regulatory Compliance and Safety Information -kirjasesta (määräysten noudattaminen ja tietoa turvallisuudesta).

78-10406-05

Safety Overview

Warning

AttentionCe symbole d'avertissement indique un danger. Vous vous trouvez dans une situation pouvant causer des blessures ou des dommages corporels. Avant de travailler sur un équipement, soyez conscient des dangers posés par les circuits électriques et familiarisez-vous avec les procédures couramment utilisées pour éviter les accidents. Pour prendre connaissance des traductions d’avertissements figurant dans cette publication, consultez le document Regulatory Compliance and Safety Information (Conformité aux règlements et consignes de sécurité) qui accompagne cet appareil.

WarnungDieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren und der Standardpraktiken zur Vermeidung von Unfällen bewußt. Übersetzungen der in dieser Veröffentlichung enthaltenen Warnhinweise finden Sie im Dokument Regulatory Compliance and Safety Information (Informationen zu behördlichen Vorschriften und Sicherheit), das zusammen mit diesem Gerät geliefert wurde.

AvvertenzaQuesto simbolo di avvertenza indica un pericolo. La situazione potrebbe causare infortuni alle persone. Prima di lavorare su qualsiasi apparecchiatura, occorre conoscere i pericoli relativi ai circuiti elettrici ed essere al corrente delle pratiche standard per la prevenzione di incidenti. La traduzione delle avvertenze riportate in questa pubblicazione si trova nel documento Regulatory Compliance and Safety Information (Conformità alle norme e informazioni sulla sicurezza) che accompagna questo dispositivo.

Warning

AdvarselDette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig praksis når det gjelder å unngå ulykker. Hvis du vil se oversettelser av deadvarslene som finnes i denne publikasjonen, kan du se i dokumentet Regulatory Compliance and Safety Information (Overholdelse av forskrifter og sikkerhetsinformasjon) som ble levert med denne enheten.

AvisoEste símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá causar danos físicos. Antes de começar a trabalhar com qualquer equipamento, familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer práticas comuns que possam prevenir possíveis acidentes. Para ver as traduções dos avisos que constam desta publicação, consulte o documento Regulatory Compliance and Safety Information (Informação de Segurança e Disposições Reguladoras) que acompanha este dispositivo.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Software Requirements

Warning

¡Advertencia!Este símbolo de aviso significa peligro. Existe riesgo para su integridad física. Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes. Para ver una traducción de las advertencias que aparecen en esta publicación, consultar el documento titulado Regulatory Compliance and Safety Information (Información sobre seguridad y conformidad con las disposiciones reglamentarias) que se acompaña con este dispositivo.

Varning!Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan leda till personskada. Innan du utför arbete på någon utrustning måste du varamedveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga skador. Se förklaringar av de varningar som förkommer i denna publikation i dokumentet Regulatory Compliance and Safety Information (Efterrättelse av föreskrifter och säkerhetsinformation), vilket medföljer denna anordning.

Only trained and qualified personnel should be allowed to install, replace, or service this equipment.

Software Requirements

Table 3 lists the NAM software versions supported by Catalyst OS and Cisco IOS software.

Table 3 NAM Software Compatibility

NAM Software Catalyst Software Cisco IOS Software

Application Image Maintenance Image

1.1(1a) 1.1(1a)m or later 5.5(1) to 6.3(1) Not applicable

1.2(1), 1.2(2) 1.2(1a)m 6.1(1d) or later 12.1(8a)EX with Supervisor Engine 2 with an MSFC 2.

1.2(3) 1.2(1a)m 5.5(1) or later 12.1(8a)EX or later with Supervisor Engine 2 with an MSFC 2.

12.1(11b)E or later with a Supervisor Engine 1A with an MSFC 2, or a Supervisor Engine 2 with an MSFC 2.

2.1(1a) 1.2(1a)m 6.1(1d) or later Not applicable

2.1(2) 1.2(1a)m 6.1(1d) or later 12.1(11b)E or later with a Supervisor Engine 1A with an MSFC 2, or a Supervisor Engine 2 with an MSFC 2.

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Hardware Requirements

For Catalyst OS, any Catalyst 6000 or 6500 series switch with any supervisor module is supported using Supervisor Engine 1, 1A, or 2. For Cisco IOS, any Catalyst 6000 or 6500 series switch with a Supervisor Engine 1A (or Supervisor Engine 2) with an MSFC2 if it is running 12.1(11b)E. If the switch is running the older 12.1(8a)EX, a Supervisor Engine 2 with an MSFC2 is required.

Required Tools

Note Before installing the NAM, you must install the Catalyst 6000 family switch chassis and at least one

supervisor engine. For information on installing the switch chassis, refer to the Catalyst 6000 Family Installation Guide.

These tools are required to install the NAM in the Catalyst 6000 family switches:

• Flat-blade screwdriver

• Phillips-head screwdriver

• Wrist strap or other grounding device

Hardware Requirements

• Antistatic mat or antistatic foam

Whenever you handle the NAM, always use a wrist strap or other grounding device to prevent electrostatic discharge (ESD).

Installing and Removing the NAM

Warning

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

All Catalyst 6000 family switches support hot swapping, which allows you to install, remove, replace, and rearrange modules without turning off the system power. For more information on removing the NAM from a switch, see the “Removing the NAM” section on page 15.

When the system detects that a module has been installed or removed, it automatically runs diagnostic and discovery routines, acknowledges the presence or absence of the module, and resumes system operation with no operator intervention.

Installing and using the NAM requires the following:

• Perform the initial installation by placing the NAM in a switch.

• Go to switch CLI, session to the NAM CLI and provide a basic configuration

• Send a data source to the NAM (Netflow data, SPANned ports, VLANs, or etherchannels)

• Configure collection types of you want to monitor (RMON, voice, application response time, and

other collection monitoring as required for your network).

• Configure alarms.

• View monitored statistics, alarms, and use packet capture or decode functionality.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Installing and Removing the NAM

This section describes how to install and verify the operation of the NAM in the Catalyst 6000 family switches and contains the following sections:

• Slot Assignments, page 10

• Verifying the Installation, page 14

• Removing the NAM, page 15

Slot Assignments

The Catalyst 6006 and 6506 switch chassis have six slots, the Catalyst 6009 and 6509 switch chassis have nine slots, and the Catalyst 6513 switch chassis has thirteen slots. (See Figure 2.)

Note The Catalyst 6509-NEB switch has vertical slots numbered 1 to 9 from right to left. Install the

modules with the component side facing to the right.

• Slot 1 is reserved for the supervisor engine.

• Slot 2 can contain an additional redundant supervisor engine in case the supervisor engine in slot 1

• If a redundant supervisor engine is not required, slots 2 through 6 on the 6-slot chassis, (slots 2

fails.

through 9 on the 9-slot chassis and slots 2 through 13 on the 13-slot chassis) are available for switching modules, such as the NAM.

• Install switching-module filler plates, which are blank switching-module carriers, in the empty slots

to maintain consistent airflow through the switch chassis.

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Figure 2 Slot Numbers on Catalyst 6000 Family Switches

Installing and Removing the NAM

Supervisor engine

Redundant supervisor

engine

Switching

modules

Fans

WS-X6K-SUP1

STATUS

SUPERVISOR I

WS-X6K-SUP1

STATUS

SYSTEM

SUPERVISOR I

S-X6408

STATUS

8 PORT G

IGABIT ETHERN

S-X6408

STATUS

8 PORT GIGABIT ETH

ERNET

S-X64

STATUS

8 PORT G

IGABIT ETHER

X 6

2 2

U T A

R T

0 0F

-X 6

2 2

U T A

R T

0 0

X 6

2 2

U T A

FAN LED

R T

0 0F

-X 6 3

-N A M

U T A

Y S

i t c

L o

a d

T E

R MGM

SET

YSTEM

ACTIVE

T E

ACTIV

PWR MGMT

RESET

K IN L

IN L

LINK

NET

LINK

I A

i tc

L o

a d

N I L

LINK

LIN

LINK

1 0

LINK

For Vendor Use O

nly

H U

T D

O W

INPUT

FAN

OUTPUT

FAIL

J E

LINK

J E

LINK

N I L

K IN L

INK L

1 2

1 4

1 5

1 6

LINK

1 2

1 3

1 5

LINK

N I L

K IN L

INK L

1 7

1 8

LINK

1 8

LINK

L O

K IN L

IN L

LINK

1 9

2 2

LINK

1 9

LINK

2 0

2 1

2 2

2 4

LINK

E J

C T

INPUT

FAN

OUTPUT

FAIL

33086

Installing the NAM

Warning

Step 1 Make sure you take the necessary precautions to prevent ESD damage.

Step 2 Choose a slot for the NAM. (Refer to “Slot Assignments” section on page 10.)

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

To install the NAM in the Catalyst 6000 family switch, follow these steps:

Note Yo u must install the supervisor engine in slot 1. You can install a redundant supervisor engine

Power supply 1

Power supply 2

in slot 2. If a redundant supervisor engine is not required, slots 2 through 6 on the 6-slot chassis, (slots 2 through 9 on the 9-slot chassis and slots 2 through 13 on the 13-slot chassis) are available for switching modules.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Installing and Removing the NAM

Step 3 If the desired slot is empty and is not covered by a switching-module filler plate, go to Step 5.

Otherwise, loosen the captive installation screws (with a screwdriver if necessary) that secure the switching-module filler plate or the existing switching module in the desired slot.

Warning

Blank faceplates and cover panels serve three important functions: they prevent exposure to hazardous voltages and currents inside the chassis; they contain electromagnetic interference (EMI) that might disrupt other equipment; and they direct the flow of cooling air through the chassis. Do not operate the system unless all cards, faceplates, front covers, and rear covers are in place.

Step 4 Remove the switching-module filler plate or the existing switching module.

Step 5 Hold the NAM with one hand, and place your other hand under the carrier to support the module.

Caution Do not touch the printed circuit boards or connector pins.

Step 6 Place the module in the slot.

Step 7 Align the notch on the sides of the switching-module carrier with the groove in the slot. (See Figure 3.)

Figure 3 Installing Modules in the Catalyst 6000 Family Switch

WS-X6K-SUP1

STATUS

SUPERVISOR I

WS-X6K-SUP1

STATUS

SUPERVISOR I

S-X6408

STATUS

8 POR

T G

IGABIT ETHERNET

S-X64

STATUS

8 PORT GIGABIT ETHERNET

S-X6408

STATUS

8 PORT GIG

ABIT ETHERNET

-X 6

S U T A

0 0

X 6

S U T A

0 0

-X 6

S U T A

0 0

FAN LED

itc

a d

T E

SYSTEM

ACTIVE

PWR MGMT

RESET

itc

T E

SYSTEM

ACTIVE

PWR MGMT

RESET

K IN L

IN L

LIN

LINK

K LIN

LIN

LINK

P C

a d

P C

LINK

K IN

K N I

LINK

1 0

J E

LINK

J E

LINK

K IN

LINK

K IN L

IN L

LINK

K IN L

LINK

2 0

2 1

K IN L

-X 6

-N A

S U T A

T S

N A

For Vendor Use Only

S H

O W

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

L O

INPUT

FAN

OUTPUT

FAIL

INPUT

FAN

OUTPUT

FAIL

33087

78-10406-05

Installing and Removing the NAM

Caution Always use the ejector levers when installing or removing the NAM. A module that is partially seated

in the backplane will cause the system to halt and subsequently crash.

Step 8 Keep the NAM at a 90-degree orientation to the backplane (horizontal to the floor), and carefully slide

the module into the slot until the notches on both ejector levers engage the chassis sides.

Step 9 Using the thumb and forefinger of each hand, simultaneously pivot both ejector levers forward to fully

seat the module in the backplane connector. (See Figure 4.)

Note If you perform a hot swap, the console displays the message “Module n has been inserted.”

If you are running Cisco IOS, the console displays the message “Power to Module in slot n set on.” These messages do not appear when you are connected to the Catalyst 6000 family switch through a Telnet session.

Figure 4 Ejector Levers and Captive Installation Screws

WS-X6380-NAM

STATUS

NTWK ANALYSIS HDL

For Vendor Use Only

SHUTDOWN

SLOT

PCMCIA

Ejector lever

EJECT

33088

Captive installation screws

Step 10

Use a screwdriver to tighten the captive installation screws on the left and right sides of the NAM.

Note After you install or reinstall the NAM into a switch, you must log in to the NAM root account and

configure the NAM parameters before you can use the NAM for network analysis. See the “Initial

Configuration” section on page 24 for instructions on how to configure the NAM parameters.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Installing and Removing the NAM

Verifying the Installation

These sections describe how to verify the installation of the NAM.

• Cisco IOS Software, page 14

• Catalyst OS Software, page 14

Cisco IOS Software

To verify that the switch acknowledges the new NAM and has brought it online, enter the show module command.

This example shows the output of the show module command:

Router#show mod Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ ---------- 2 2 Catalyst 6000 supervisor 2 (Active) WS-X6K-SUP2-2GE SAD0410050B 3 48 48 port 10/100 mb RJ-45 ethernet WS-X6248-RJ-45 SAD03080485 5 2 Network Analysis Module WS-X6380-NAM SAD05130AXB 7 2 Intrusion Detection System WS-X6381-IDS SAD05100HPT

Mod MAC addresses Hw Fw Sw Status

--- ------------------------------- ------ ------------ ------------ ------ 2 0050.3e7e.70a2 to 0050.3e7e.70a3 90.223 6.1(3) 7.1(0.9) Ok 3 00e0.b0ff.9050 to 00e0.b0ff.907f 0.702 4.2(0.24) 7.1(0.9) Ok 5 0003.32bb.dacb to 0003.32bb.dacc 1.2 4B4LZ0XA 1.2(01) Ok 7 0003.3283.cae6 to 0003.3283.cae7 1.1 4B4LZ0XA 2.5(1) Ok

Mod Sub-Module Model Serial Hw Status

--- --------------------------- --------------- --------------- ------- ------ 2 Policy Feature Card 2 WS-F6K-PFC2 SAD040801JA 0.305 Ok 2 Cat6k MSFC 2 daughterboard WS-F6K-MSFC2 SAD04450FSS 1.1 Ok

When running Cisco IOS enter the show interface GigabitEthernet slot/ [1 | 2] command while logged in to the supervisor engine or console to verify that the switch acknowledges the new modules and has brought them online.

Catalyst OS Software

To verify that the switch acknowledges the new NAM and has brought it online, enter the show module or show port [mod/port] command.

This example shows the output of the show module command:

Console> (enable) show module Mod Slot Ports Module-Type Model Sub Status

--- ---- ----- ------------------------- ------------------- --- -------1 1 2 1000BaseX Supervisor WS-X6K-SUP1A-2GE yes ok 15 1 1 Multilayer Switch Feature WS-F6K-MSFC no ok 3 3 2 Network Analysis Module WS-X6380-NAM no ok 5 5 48 10/100BaseTX Ethernet WS-X6248-RJ-45 no ok . . . Console> (enable)

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Removing the NAM

This section describes how to remove the NAM from the Catalyst 6000 family switch.

Caution Do not remove the NAM from the switch until the NAM has shut down completely and the STATUS

LED is orange or off. You can damage the NAM if you remove it from the switch before it completely shuts down.

Installing and Removing the NAM

Warning

During this procedure, wear grounding wrist straps to avoid ESD damage to the card. Do not directly touch the backplane with your hand or any metal tool, or you could shock yourself.

To remove the NAM, follow these steps:

Step 1 Shut down the NAM by one of these methods:

• Cisco IOS software

–

From the root account on the NAM, enter the shutdown command.

–

In privileged mode from the CLI, enter the hw-mod module mod shutdown command. (When this command is used, you will have to enter the hw-mod module mod reset command in order to restart the NAM.)

Note When the switch is rebooted, the NAM will reboot.

–

If the NAM does not respond to any commands from the NAM prompt or the supervisor engine, use a small, pointed object to access the SHUTDOWN button.

• Catalyst OS software

–

From the root account on the NAM, enter the shutdown command.

–

In privileged mode from the CLI, enter the set module disable mod command. (When this command is used, you will have to enter the set module enable mod command in order to restart the NAM.)

When you enter the set module disable mod command, the specified NAM will remain disabled, even if the switch is rebooted, until you enter the set module enable mod command.

–

In privileged mode from the CLI, enter the set module shutdown mod command. This form of the command will shut down only the specified NAM.

When you enter the set module shutdown command, the NAM will reboot if the switch is rebooted.

–

In privileged mode from the CLI, enter the set module shutdown all command.

When you enter the set module shutdown all command, you will shut down every NAM installed in the switch.

–

If the NAM does not respond to any commands from the NAM prompt or the supervisor engine, use a small, pointed object to access the SHUTDOWN button.

Note Shutdown may require several minutes.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Configuring the NAM

Step 2 Verify that the NAM shuts down. Do not remove the NAM from the switch until the STATUS LED is

Step 3 Use a screwdriver to loosen the captive installation screws at the left and right sides of the NAM.

Step 4 Grasp the left and right ejector levers. Simultaneously, pull the left lever to the left and the right lever to

Step 5 As you pull the module out of the slot, place one hand under the carrier to support it. Avoid touching

Step 6 Carefully pull the NAM straight out of the slot, keeping one hand under the carrier to guide it. Keep the

Step 7 Place the removed module on an antistatic mat or antistatic foam.

off or orange.

the right to release the NAM from the backplane connector.

the module itself.

module at a 90-degree orientation to the backplane (horizontal to the floor).

Warning

Step 8 If the slot is to remain empty, install a module filler plate to keep dust out of the chassis and to maintain

proper airflow through the module compartment.

Configuring the NAM

How you configuring the NAM on your switch depends on whether you are using Cisco IOS software or the Catalyst OS software. There are also NAM configuration tasks that are common to both switch operating systems.

The following sections describe how to configure the NAM from the CLI for each switch operating system:

• Cisco IOS Software, page 16

• Catalyst OS Software, page 24

When you have completed configuring the software-dependent attributes for the NAM, you can configure the software-independent attributes in this section:

• Operating System-Independent Configuration, page 31

Cisco IOS Software

These sections describe how to remove the NAM from the Catalyst 6000 family switch when using Cisco IOS:

• Initial Configuration, page 17

• Configuring VLANs, page 19

• Using NetFlow Data Export as a Traffic Source, page 20

• Using SPAN as a Traffic Source, page 22

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Initial Configuration

Before you can use the NAM for network analysis, you must log into the NAM root account and configure the following:

• IP address

• Subnet mask

• IP broadcast address

• IP host name

• Default gateway

• Domain name

• If you are using a Domain Name Service (DNS), configure the DNS name server.

• If you are using external SNMP manager to communicate with the NAM, configure the following:

• Start the web server using the ip http server enable command.

–

SNMP MIB variables

–

Access control for the SNMP agent

–

System group settings on the NAM

Configuring the NAM

To configure these parameters for the NAM, perform these steps in privileged mode:

Step 1 Enter this command to verify that the NAM is installed and that the power is on:

Router# show module mod

Step 2 Establish a console session with the NAM by entering:

Router# session slot processor 1

Step 3 At the login prompt, type root to log in to the root account.

Step 4 At the password prompt, type root as the root password.

Note If you have not changed the password from the factory-set default, a warning message

displays. If you decide to change the password from the default, see the “Changing and

Recovering the NAM CLI Passwords” section on page 48 for more information.

Step 5 Configure the IP address and subnet mask by entering:

root@localhost# ip address ip-address subnet-mask

Step 6 Configure the IP broadcast address by entering:

root@localhost# ip broadcast broadcast-address

Step 7 Configure the IP host name used in the CLI prompt, show commands, and log messages by entering:

root@localhost# ip host name

Step 8 Configure the default gateway by entering:

root@localhost# ip gateway default-gateway

Step 9 Configure the domain name for the NAM by entering:

root@localhost# ip domain domain-name

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Configuring the NAM

Step 10 Configure one or more IP addresses as DNS name servers by entering:

Step 11 Verify the NAM configuration by entering:

Step 12 Configure the SNMP syslocation MIB variable by entering:

Step 13 Set the SNMP sysContact MIB variable by entering:

Step 14 Set the SNMP sysName MIB variable by entering:

root@localhost# ip nameserver ip-address [ip-address]

root@localhost# show ip

root@localhost# snmp location location-string

Note The MIB variables in Step 13 and Step 14 must be valid DisplayString texts, each with a

maximum length of 64 characters.

root@localhost# snmp contact contact-string

root@localhost# snmp name name-string

Note You can delete the SNMP location, SNMP contact, or SNMP name by entering the respective

command without any parameters.

Step 15 Set the SNMP agent community string parameter password for read-write access by entering:

root@localhost# snmp community community-string rw

Step 16 Set the SNMP agent community string parameter password for read-only access by entering:

root@localhost# snmp community community-string ro

Note Clear the SNMP community string with the snmp delete community community-string

command.

Step 17 Verify the SNMP access controls and settings by entering:

root@localhost# show snmp

After completing this configuration, the NAM is ready to use with a network-monitoring application such as TrafficDirector or any other IETF-compliant RMON application.

Note If you are using RTM, you need to input the community strings in RTM exactly as you enter them in

the NAM.

This example shows how to configure the NAM:

Router#session slot 8 processor 1 The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 127.0.0.81 ... Open

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Cisco Network Analysis Module (WS-X6380-NAM)

WARNING! Default password has not been changed!

root@localhost# ip address 172.20.52.29 255.255.255.224 root@localhost# ip broadcast 172.20.52.31 root@localhost# ip host nam1 root@localhost# ip gateway 172.69.2.132 root@localhost# ip domain cisco.com root@localhost# ip nameserver 171.62.2.132 root@localhost# show ip IP address: 172.20.98.167 Subnet mask: 255.255.255.192 IP Broadcast: 172.20.98.191 DNS Name: namlab-shared.cisco.com Default Gateway: 172.20.98.129 Nameserver(s): 171.69.2.133 HTTP server: Enabled HTTP secure server: Disabled HTTP port: 80 HTTP secure port: 443 TACACS+ configured: Yes Exsession: On root@localhost# root@localhost# snmp location “Cisco Lab, Building X, Floor 1”

Configuring the NAM

Configuring VLANs

root@localhost# snmp contact “Jane Doe, Cisco Systems, (408) 111-1111” root@localhost# snmp name “6k-NAM - Slot 2” root@localhost# snmp community public ro root@localhost# snmp community private rw

root@localhost# show snmp

SNMP Agent: nam1.cisco.com 172.20.52.29

SNMPv1: Enabled SNMPv2C: Enabled SNMPv3: Disabled

community public read community private write

sysDescr "Catalyst 6000 Network Management Module (WS-X6380-NAM)" sysObjectID 1.3.6.1.4.1.9.5.1.3.1.1.2.223 sysContact "Jane Doe, Cisco Systems, (408) 111-1111" sysName "6k-NAM - Slot 2" sysLocation "Cisco Lab, Building X, Floor 1" root@localhost#

You must configure a VLAN for the NAM management port using the switchport access vlan vlan-number command.

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Configuring the NAM

Using NetFlow Data Export as a Traffic Source

To use NetFlow Data Export (NDE) as a traffic source for the NAM, enable the NetFlow Monitor option to allow the NAM to receive the NDE stream. The statistics are presented on reserved ifIndex.3000.

NDE makes traffic statistics available for analysis by an external data collector. You can use NDE to monitor all Layer 3 switched and all routed IP unicast traffic. In a Catalyst 6000 family switch, both the PFC and the MSFC maintain NetFlow caches that capture flow-based traffic statistics. The cache on the PFC captures statistics for Layer 3-switched flows. The cache on the MSFC captures statistics for routed flows.

Note For information on configuring NDE, refer to the switch software configuration guide.

To configure NDE for the Cisco IOS, follow these steps:

Step 1 Determine the current NDE configuration by entering:

Router#show running-config | include mls mls rp nde-address 172.20.27.229 mls rp ip route-map mls rp ip no mls ip multicast aggregate no mls ip multicast non-rpf cef mls aging fast mls flow ip full mls flow ipx destination-source mls nde flow include protocol tcp mls nde sender mls qos statistics-export interval 300 mls qos statistics-export delimiter |

Router#show running-config | include flow mls flow ip full mls flow ipx destination-source mls nde flow include protocol tcp ip route-cache flow ip route-cache flow ip route-cache flow ip flow-export source Vlan2 ip flow-export destination 172.20.27.229 3000 ip flow-aggregation cache as

Step 2 Determine the configured NDE exports by entering:

Router#show mls nde Netflow Data Export enabled Exporting flows to 172.20.27.229 (3000) Exporting flows from 172.20.27.221 (57675) Version:7 Include Filter is: protocol:TCP Exclude Filter not configured Total Netflow Data Export Packets are: 0 packets, 0 no packets, 0 records Total Netflow Data Export Send Errors: IPWRITE_NO_FIB = 0 IPWRITE_ADJ_FAILED = 0 IPWRITE_PROCESS = 0 IPWRITE_ENQUEUE_FAILED = 0 IPWRITE_IPC_FAILED = 0

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

IPWRITE_MTU_FAILED = 0 IPWRITE_ENCAPFIX_FAILED = 0

Router#show ip flow export Flow export is enabled Exporting flows to 172.20.27.229 (3000) Exporting using source interface Vlan2 Version 1 flow records 0 flows exported in 0 udp datagrams 0 flows failed due to lack of export packet 0 export packets were sent up to process level 0 export packets were dropped due to no fib 0 export packets were dropped due to adjacency issues 0 export packets were dropped due to fragmentation failures 0 export packets were dropped due to encapsulation fixup failures 0 export packets were dropped enqueuing for the RP 0 export packets were dropped due to IPC rate limiting

Step 3 Configure NDE as follows:

Router(config)#mls nde sender Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#mls rp nde-address 172.20.27.229

Configuring the NAM

Router(config)#mls flow ip full

Router(config)#mls nde flow include protocol tcp

Router(config)#ip flow-export destination 172.20.27.229 3000

Note The UDP port number must be set at 3000.

Router(config)#ip flow-export source vlan 2

Router(config)#ip flow-aggregation cache as

Router(config-flow-cache)#enable

Router(config)#interface GigabitEthernet8/6 Router(config-if)#ip address 1.2.3.4 255.255.255.0

Router(config-if)#ip route-cache flow

When you configure a NAM module as an NDE collector, you should use the IP address of the NAM (set up by sessioning into the NAM module).

Step 4 Synchronize NDE-related information with the NAM by entering:

Router#hw-module module 5 sync nde-info

This command may prompt you to reset the module. Use this command whenever the NDE configuration and the NAM configuration is completed (such as a VLAN of the NAM management port and that VLAN interface’s IP address and other configuration information).

Note If the NAM is not being used as an NDE collector, this step is not required. This step only applies to

the NAM that has version 1.2(xx). (NAM version 1.1(xx) is not supported).

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Configuring the NAM

Using SPAN as a Traffic Source

Note You can configure SPAN as a traffic source using both the CLI and the NAM Traffic Analyzer

application.

To direct SPAN traffic to the NAM for monitoring, configure port 1 on the NAM as the SPAN destination port. You cannot use ports on the NAM module as SPAN source ports.

The NAM can analyze Ethernet VLAN traffic from Ethernet or Fast Ethernet SPAN source ports. You can also specify an Ethernet VLAN as the SPAN source.

The NAM can analyze Ethernet traffic from Ethernet, Fast Ethernet, Gigabit Ethernet, trunk port, or Fast EtherChannel SPAN source ports. You can also specify an Ethernet VLAN as the SPAN source.

To use the SPAN source port as a traffic source for the NAM, set port 1 on the NAM as the SPAN destination port. You cannot set port 2 on the NAM as a SPAN source port.

Refer to the Catalyst 6000 Family IOS Software Configuration Guide at the following website for more information on SPAN:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/index.htm

For more information on configuring SPAN, refer to the switch software configuration guide.

To enable SPAN on the NAM, perform one of these tasks:

Task Command

Set the source interfaces and VLANs for the monitor session.

Enable port 1 of the NAM as a SPAN destination.

Router (config)# monitor session {session_number} {source {interface type slot/port} | {vlan vlan_ID}} [, | - | rx | tx | both]

Router (config)# monitor session {session_number} {destination {interface type slot/port} [, | - ] | {vlan vlan_ID}}

Disable the monitor session. Router (config)# no monitor session session_number

Filter the SPAN session so that only certain VLANs are seen from

Router (config)# monitor session {session_number} {filter {vlan_ID} [, | - ]}

switch port trunks.

Show current monitor sessions. Router # show monitor session {session_number}

This example shows how to enable SPAN on the NAM:

Router#show monitor Session 1

--------Source Ports: RX Only: None TX Only: None Both: None

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

Source VLANs: RX Only: None TX Only: None Both: None Destination Ports:None Filter VLANs: None

Session 2

--------Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: None Destination Ports:None Filter VLANs: None

Router#conf t Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#monitor session 1 source vlan 1 both

Configuring the NAM

Note The SPAN destination for the NAM must always be port 1.

Router# 00:21:10:%SYS-5-CONFIG_I:Configured from console by console Router#conf t Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#monitor session 1 destination interface gi 8/1

Router#show monitor

Session 1

--------Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: 1 Destination Ports:Gi8/1 Filter VLANs: None

Session 2

--------Source Ports: RX Only: None TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: None Destination Ports:None Filter VLANs: None Router#

78-10406-05

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

Configuring the NAM

Catalyst OS Software

These sections describe how to configure the NAM from the CLI:

• Initial Configuration, page 24

• Configuring VLANs, page 27

• Using NetFlow Data Export as a Traffic Source, page 27

• Using SPAN as a Traffic Source, page 28

• Configuring the SNMP Agent, page 29

Initial Configuration

Before you can use the NAM for network analysis, you must log into the NAM root account and configure the following:

• IP address

• Subnet mask

• IP broadcast address

• IP host name

• Default gateway

• Domain name

• If applicable, the DNS name server.

• If using an external SNMP manager to communicate with the NAM you must configure the

following:

–

SNMP MIB variables

–

Access control for the SNMP agent

–

System group settings on the NAM

• Start the web server using the ip http server enable command.

To configure these parameters for the NAM, perform these steps in privileged mode:

Step 1 Verify that the NAM is installed and that the power is on by entering this command:

Console> show module mod

Step 2 Establish a console session with the NAM by entering this command:

Console> (enable) session mod

Step 3 At the login prompt, type root to log into the root account.

Step 4 At the password prompt, type root as the root password.

Note If you have not changed the password from the factory-set default, a warning message

displays. To change the password from the default, see the “Changing and Recovering the

NAM CLI Passwords” section on page 48 for more information.

Catalyst 6000 Family Network Analysis Module Installation and Configuration Note

78-10406-05

+ 54 hidden pages

Cisco Network Analysis Module 6000 Installation And Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual