6509 NBAR

Unanswered Question
May 10th, 2010
User Badges:

Hi All,


This is Sylvester, I've a small question.


I've a network & the traffic from the network is "really" huge.


(IP network - Internal) ------> Cisco 6509 x 2 (HSRP) --------> Firewall ----------------> Router (HSRP) ---> Internet


Now I need to pull a report on firewall for no of applications accessed by Internal guys. For e.g If a guy inside the network access a bit torrent application, i should have log about it. So I was trying to do in firewall, which I couldnt.


So here is my question, Can it be done in 6509 switch? by using NBAR or something else (Netflow)? End of the day, I need it like a report.


Questions,

1. How much its going to impact my network?

2. Do I need some additional module?

3. Can i pull report from somewhere? Or statistics can be pushed/pulled?

4. Last, but not least. Can it be done?


Regards,

Sylvester.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Hitesh Vinzoda Sun, 05/16/2010 - 23:38
User Badges:
  • Silver, 250 points or more

Hi


NBAR is supported on 6509 and i have been running it on 6500 with Sup 720-3B's with code 12.2 33 SXI. You better be checking the support for NBAR on the code version you are using. NBAR will sniff the flow and based on it, creates statistics which can be exported on NMS running netflow analyzer. This NMS gives detailed report about protocol usage and top protocols etc. etc.



1. How much its going to impact my network?

      Deploying it is not going to impact but analysis can be done for the existing load on the switch before implementing NBAR. Coz i believe in 6500 NBAR is not done in hardware it is done in software, the new Sups 32 PISA does it in hardware.


2. Do I need some additional module?

    It depends upon what exactly you have righnow on your box.


3. Can i pull report from somewhere? Or statistics can be pushed/pulled?

    You need to have third party application which can create historical reports for protocol and traffic statistics/

4. Last, but not least. Can it be done?

   Of course, Yes.


HTH


Hitesh Vinzoda


Please rate useful posts.

Actions

This Discussion

Related Content