05-18-2016 02:23 AM
Hello guys,
I'm trying to complete an assignment in which I have to recommend hardware upgrades (generally only the router in a few of the clients cases).
The majority of their routers are SR520, 877's etc which are old...but I'm trying to find some form of "proof" if you will, showing the amount of work the router is currently doing and why it would be beneficial to upgrade etc
Previously I was trying to set up Netflow and then export this data to an analyzer, however a vast majority of clients don't want me exporting this data anywhere and will only allow me to access the router itself and use any available CLI commands to get the info I need.
I set up netflow anyway without the export commands, and use the following commands to view the data (still trying to figure out how to interpret this)
show ip flow export
show ip cache flow
show ip cache verbose flow
Are there any other commands and techniques that would be good for me to look at?
Also putting a list together with the security risks, vulnerabilities that came with the OS/firmware they're running but doubt I could make any sort of detailed report with that info alone.
Thanks!
05-18-2016 06:33 AM
Have you looked at Cisco Active Advisor (CAA)? It will check the devices against both End of Sale / End of Support notices as well as any security notices (PSIRTs) applicable to the devices.
Netflow has nothing to to with checking device for upgrade recommendations or security risks. It is used to analyze traffic flows through the device.
05-18-2016 06:41 AM
Thanks for your input.
I didn't even know CAA existed so will definitely take a look but looks like I just need to grab the SN numbers off the router?
I've only ever worked with pre-prepared materials hence my lack of knowledge in real world existing networks so apologies for being extra thick.
As for Netflow, my teacher suggested it so that I could have some numbers to show clients in regards to how their current hardware is handling their traffic but happy to consider anything else if I'm wasting my time with netflow?
05-18-2016 09:48 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Netflow isn't going to help you much telling you that the router is struggling with its load.
You might want to use a show proc cpu h, and see what's the CPU loading has been. If your average has pushing around 75% or more, or lots of 100% CPU spikes, current router might be undersized.
Besides capacity issues, as Marvin notes, there are other good reasons to look at an upgrade, such as the device is or has gone end-of-support.
Don't overlook, even if the device physically doesn't need an upgrade, its IOS might.
05-18-2016 07:17 PM
Awesome. That's the sort of command I have been looking for but didn't know what keywords to search for!
Definitely important to keep the OS up to date so will try and do what Marvin has noted down.
05-19-2016 01:22 AM
Got the following when executing the command you provided. Looks like it has capped at 100% usage a couple times over the past few days, although I wonder what the random numbers are up top?
05-19-2016 02:46 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
The numbers at the top, are the peak CPU usage percentage, for that column.
From a CPU perspective, the device doesn't look over taxed.
05-18-2016 07:12 PM
CAA is more than just getting serial numbers. It will log into the devices using the credentials you supply and pull inventory, version and other information. It will correlate that information online with Cisco's internal databases and present the information in your browser. It requires you be online in the network with both access to the devices as well as Internet access and a cisco.com userid.
05-18-2016 07:15 PM
Hmm... as mentioned, they've only given me access to solely the router - no PCs with internet access within the network...
I guess I will ask them again if they would allow me to connect to one of the PC's connected to the router, but they aren't being very helpful so will see how it goes.
05-18-2016 07:45 PM
To do this with an "offline" tool (no Internet connectivity) is much more challenging.
You could take the output of things like "show inventory" and look for end of sale notices afterwards manually.
I'd just take a full "show tech" output and then go outside their network to analyze that output for useful information. It will include the "show proc cpu history" that Joseph suggested (along with lots of other information).
05-19-2016 01:18 AM
Many thanks for the replies. I ended up asking several of the clients again for permission. Two of them have given me access to one of their server PCs which are connected to the router I'm testing.
CAA picked one up network right away and is now in the middle of loading up the warnings, advisories etc (will read through these once it finishes).
As I wait, I connected to the other network and tried doing the same but keep getting authentication error. I can remote to the router okay with the credentials I provided so it shouldn't be failing.
The only thing I can think of that would cause this is because the device and enable passwords are different (on the first network these passwords were identical). I tried clicking the + and adding "enable" as username and the password because I don't see another place to put this, but it is still failing.
Am I doing this wrong?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide