Re: Traffic Inspection on IOS Firewall

p.holley · ‎08-07-2008

I have a Cisco IOS firewall configured and customer would like to know what traffic inbound is using the most traffic.

Customer received report from service provider that shows high traffic utilization on their internet connection and customer wants to know what traffic is mostly using their bandwidth.

What commands can I run on the IOS firewall to get an idea what protocol/traffic is maximizing their internet bandwidth?

dhananjoy chowdhury · ‎08-07-2008

Hi,

Enable Netflow on the router and use Netflow analyser tool to get the reports.

http://manageengine.adventnet.com/products/netflow/index.html

http://manageengine.adventnet.com/products/netflow/help/cisco-netflow/setup-cisco-netflow.html

jmtorne · ‎08-11-2008

Hi,

as mentioned by the other poster, the best and more complete solution is netflow. Although netflow support is included in IOS and is easy to configure, unfortunately netflow collectors and analyzers are mostly commercial.

There is also some open source netflow products though, but they tend to be more complicated to use & configure. You can try for example ntop, but just google around a little bit and you'll find some more.

On the other, for a quick snapshot of protocol use in your router, if you have NBAR protocol discovery activated in your interfaces, just issue the following command:

# sh ip nbar protocol-discovery int YOUR_INTEFACE_GOES_HERE

That should show a traffic summary by protocol (last 5min I think) for protocols recognized by NBAR.

Jut remember, NBAR has to be activated on the corresponding interface prior to issuing the command above!

Cheers,