Cisco Systems 5, NAM NetFlow

2-18

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 2 Setting Up The NAM Traffic Analyzer

Traffic

Cat6509(config)# vlan access-map wan 100

Cat6509(config-access-map)# match ip address 100

Cat6509(config-access-map)# action forward capture

Cat6509(config-access-map)# exit

Cat6509(config)# vlan filter wan interface AM6/0/0.1

Cat6509(config)# analysis module 3 data-port 1 capture allowed-vlan 1-4094

Cat6509(config)# analysis module 3 data-port 1 capture

Cat6509(config)# exit

To monitor egress traffic only, get the VLAN ID that is associated with the WAN interface by using the

following command:

Cat6509#show cwan vlan

Hidden VLAN swidb->i_number Interface

1017 94 ATM6/0/0.1

Once you have the VLAN ID, configure the NAM data port using the following command:

Cat6509(config)# analysis module 3 data-port 1 capture allowed-vlan 1017

To monitor ingress traffic only, replace the VLAN number in the capture configuration with the native

VLAN ID that carries the ingress traffic. For example, if VLAN 1 carries the ingress traffic, you would

use the following command:

Cat6509(config)# analysis module 3 data-port 1 capture allowed-vlan 1

Configuring VACL on a LAN VLAN

For VLAN Traffic monitoring on a LAN, traffic can be sent to the NAM by using the SPAN feature of

the switch. However, in some instances when the traffic being spanned exceeds the monitoring capability

of the NAM, you might want to pre-filter the LAN traffic before it is forwarded. This can be done by

using VACL.

The following example shows how to configure VACL for LAN VLAN interfaces. In this example, all

traffic directed to the server 172.20.122.226 on VLAN 1 is captured and forwarded to the NAM located

in slot 3.

Cat6509#config terminal

Cat6509#(config)#access-list 100 permit ip any any

Cat6509#(config)#access-list 110 permit ip any host 172.20.122.226

Cat6509#(config)#vlan access-map lan 100

Cat6509#(config-access-map)match ip address 110

Cat6509#(config-access-map)#action forward capture

Cat6509#(config-access-map)#exit

Cat6509#(config)#vlan access-map lan 200

Cat6509#(config-access-map)#match ip address 100

Cat6509#(config-access-map)#action forward

Cat6509#(config-access-map)#exit

Cat6509#(config)#vlan filter lan vlan-list 1

Cat6509#(config)#analysis module 3 data-port 1 capture allowed-vlan 1

Cat6509#(config)#analysis module 3 data-port 1 capture

Cat6509#(config)#exit

NetFlow

The NAM can function as a NetFlow consumer, or a NetFlow producer (new in NAM Traffic Analyzer

5.0), or both. For information about NAM as an NDE producer, see Configuring NetFlow Data Export,

page 2-51.