Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
3
Replies

Netflow and VOIP

agrayson
Level 1
Level 1

‎03-24-2010 07:44 AM

We use Cisco 3560 switches and we use AVAYA 9630 IP Phones. The users PC is connectd to the IP Phone. The switch port is configured with both the LAN VLAN and the VOICE VLAN

switchport access vlan 26
switchport mode access
switchport voice vlan 206

When capturing traffic with Netflow I see a source traffic from a phone IP and it is using a high percentage of band width. We dont think it is the phone but the PC and we are trying to figure out how to better break that out so we see the true phone IP use and the true PC use that hangs off the phone.

Any suggestions

Thanks

Labels:
0 Helpful
3 Replies 3

Jan Nejman
Level 3
Level 3

‎03-24-2010 08:00 AM

Hi Alonzo,

  netflow is not supported on Cisco 35xx device. I saw some IOSes, which exported

some information from 3550, but it was not the full netflow information. I suppose that

it was only the first packet of the flow, but I'm not sure. In any case, if you will use

the latest IOS you will not get any netflow packets. There is only one solution

(use the SPAN session and transfer packets to some probe or analyzer) or you

can use transparent probes on the line (i.e. http://www.caligare.com/product/flowmon/)

I haven't any other idea how to monitor these flows.

Kind regards,

Jan Nejman

Caligare, co.

http://www.caligare.com/

0 Helpful

agrayson
Level 1
Level 1
In response to Jan Nejman

‎03-24-2010 08:16 AM

Thanks...I am not configuring Netflow on the 3560...I have it running on my Cisco 2600s and 2800s...WAN connection. So when I use Orion Netflow and look at the upstream router with Netflow configured it shows that the IP phones are using a high percentage of BW. I do not see the source IP of the PC connected to the phone but I think that since the phone is a hub all traffic from the PC hits the phone (next hop) and thats what we see is a combination of both vocie and data traffic. So I trying to see if there is a way to split this out so you see traffic from PC with the PC IP as the source and traffic from the voice as the phone IP. 

But are you saying that since the 3560 series does not support Netflow we can not see those distint flows on the upstrean WAN router that the switch connects to?

Thanks again for the quick response

0 Helpful

Jan Nejman
Level 3
Level 3
In response to agrayson

‎03-24-2010 08:30 AM

Hi Alonzo,

I think that you can simply do a two reports. The first one with a condition: "source IP of the PC" and the second one

with IP of the IPphone. I don't know Orion NetFlow but I assume, that there is some option how to specify searching

criteria. If you don't find filtering condition in Orion, you can test any other netflow analyzer. There are many

commericial or free analyzers (ManageEngine, Caligare, Fluke, NTOP etc.) I think that the filtering is the base feature.

As you wrote, I think that in the netflow export you will see more flows with different source IP addresses (one of PC

and the second one of IPphone). Maybe Orion display traffic based on interfaces (not based on IP addresses).

Check it if you will find some menu with more detail specification.

>But are you saying that since the 3560 series does not support Netflow  we can not see those distint flows on the upstrean WAN router that the  switch >connects to?

Yes, of course you can see netflow export on your routers. You only could not use netflow export from cisco 3550 switch. All upstream traffic going

through the router will be available for analysis.

Jan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents