03-24-2010 07:44 AM
We use Cisco 3560 switches and we use AVAYA 9630 IP Phones. The users PC is connectd to the IP Phone. The switch port is configured with both the LAN VLAN and the VOICE VLAN
switchport access vlan 26
switchport mode access
switchport voice vlan 206
When capturing traffic with Netflow I see a source traffic from a phone IP and it is using a high percentage of band width. We dont think it is the phone but the PC and we are trying to figure out how to better break that out so we see the true phone IP use and the true PC use that hangs off the phone.
Any suggestions
Thanks
03-24-2010 08:00 AM
Hi Alonzo,
netflow is not supported on Cisco 35xx device. I saw some IOSes, which exported
some information from 3550, but it was not the full netflow information. I suppose that
it was only the first packet of the flow, but I'm not sure. In any case, if you will use
the latest IOS you will not get any netflow packets. There is only one solution
(use the SPAN session and transfer packets to some probe or analyzer) or you
can use transparent probes on the line (i.e. http://www.caligare.com/product/flowmon/)
I haven't any other idea how to monitor these flows.
Kind regards,
Jan Nejman
Caligare, co.
03-24-2010 08:16 AM
Thanks...I am not configuring Netflow on the 3560...I have it running on my Cisco 2600s and 2800s...WAN connection. So when I use Orion Netflow and look at the upstream router with Netflow configured it shows that the IP phones are using a high percentage of BW. I do not see the source IP of the PC connected to the phone but I think that since the phone is a hub all traffic from the PC hits the phone (next hop) and thats what we see is a combination of both vocie and data traffic. So I trying to see if there is a way to split this out so you see traffic from PC with the PC IP as the source and traffic from the voice as the phone IP.
But are you saying that since the 3560 series does not support Netflow we can not see those distint flows on the upstrean WAN router that the switch connects to?
Thanks again for the quick response
03-24-2010 08:30 AM
Hi Alonzo,
I think that you can simply do a two reports. The first one with a condition: "source IP of the PC" and the second one
with IP of the IPphone. I don't know Orion NetFlow but I assume, that there is some option how to specify searching
criteria. If you don't find filtering condition in Orion, you can test any other netflow analyzer. There are many
commericial or free analyzers (ManageEngine, Caligare, Fluke, NTOP etc.) I think that the filtering is the base feature.
As you wrote, I think that in the netflow export you will see more flows with different source IP addresses (one of PC
and the second one of IPphone). Maybe Orion display traffic based on interfaces (not based on IP addresses).
Check it if you will find some menu with more detail specification.
>But are you saying that since the 3560 series does not support Netflow we can not see those distint flows on the upstrean WAN router that the switch >connects to?
Yes, of course you can see netflow export on your routers. You only could not use netflow export from cisco 3550 switch. All upstream traffic going
through the router will be available for analysis.
Jan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide