Text Part Number OL-22617-01
Americas Headquarters
Page
N T E N T S
Span
Network Sites
URL
Nbar
System Administration Resources
Audit Trail
Understanding Traffic Patterns at the Network Layer
Chapter Overview
About This Guide
Boldface font
Audience
Conventions
Convention
Obtaining Documentation and Submitting a Service Request
Xiv
A P T E R
Introducing NAM Traffic Analyzer
Logical Site
Dashboards
Standards-Based NBI
New Application Classification Architecture
Historical Analysis
NetFlow v9 Data Export
WS-SVC-NAM-2-250S Cisco Branch Routers
Snmp v3 Support -- NAM to Router/Switch Support
Overview of the NAM Platforms
WS-SVC-NAM-1-250S
Menu Bar
Logging
Navigating the User Interface
Common Navigation and Control Elements
Detailed Views
Quick Capture
Context Menus
Interactive Report
Chart View / Grid View
Mouse-Over for Details
Zoom/Pan Charts
Statistics
Sort Grid
Bytes / Packets
Context-Sensitive Online Help
Understanding How the NAM Works
Ports VLANs
Configuration/guide/span.html
Configuration/guide/nde.html
Guide/span.html
Understanding How the NAM Uses Span
Understanding How the NAM Uses VACLs
Module Cisco IOS Software
Guide/vacl.html
Understanding How the NAM Uses NDE
Understanding How the NAM Uses Waas
Action Description GUI Location User Guide Location
Configuration Overview
Setup Alarms Actions
Administration System
Setup Data Export
Setup Network Sites
Capture/Decode
Configuring and Viewing Data
Administration Users
Capture Packet
Cisco Waas NAM Virtual Service Blade
Traffic Analysis
Default Functions
Analyze Media Voice Call Statistics
Voice Signaling/RTP Stream Monitoring
Application Response Time Metrics
SPAN, Data Sources, Hardware Deduplication,
Traffic
Traffic Usage Statistics
About Span Sessions
Supervisor portCopyTable Snmp
Switch CLI
Method Usage Notes
NAM Traffic Analyzer the NAM GUI
Column Description
State Description
Creating a Span Session
Field Description
Dialog Box
Choose Setup Traffic Span Sessions
Editing a Span Session
SPAN, ERSPAN, VACL, NetFlow, WAAS,
Data Sources
Deleting a Span Session
Data Port if it is a local physical port, or the IP address
Router or switch or WAE device
Or Disabled
Fields are explained in -7, NAM Data Sources
Click Setup Traffic NAM Data Sources
Enabling Auto-Creation of Erspan Data Sources Using the CLI
Creating Erspan Data Sources Using the Web GUI
Disabling Auto-Creation of Erspan Data Sources Using the CLI
Creating Erspan Data Sources Using the CLI
Enter the name you would like for the data source required
Deleting Erspan Data Sources Using the Web GUI
Enter the device ID from Step
Click the Delete button along the bottom of the window
Deleting Erspan Data Sources Using the CLI
Use the no data-sourcecommand to delete the data source
Sample Configuration of Erspan Destination
Configuring Erspan on Devices
Use the no device command to delete the device
Sample Configuration of Erspan Source
Sample Configuration
Configuring Vacl on a WAN Interface
NetFlow
Configuring Vacl on a LAN Vlan
Understanding NetFlow Flow Records
Understanding NetFlow Interfaces
Output Interface Are Flows Reported?
Configuring NetFlow on Devices
Managing NetFlow Data Sources
For Devices Running Cisco IOS
For NAMs Located in a Device Slot
Creating NetFlow Data Sources Using the Web GUI
Enabling Auto-Creation of NetFlow Data Sources Using the CLI
Snmp Credentials
Creating NetFlow Data Sources Using the CLI
Security Level
Deleting NetFlow Data Sources Using the CLI
Deleting NetFlow Data Sources Using the Web GUI
Testing NetFlow Devices
Snmp read test result. For the local device only
Understanding Waas
Contact information for the device
Configure a Server WAN data source
Setting Description
Configure a Client data source
Point, configure a Client WAN data source
Server data source
Monitoring Client Data Sources
Monitoring WAN Data Sources
Monitoring Server Data Sources
Deployment Scenario
Managing Waas Devices
Deployment Scenarios
Adding Data Sources for New Waas Device
Choose Setup Traffic NAM Data Sources
Deleting a Waas Data Source
Editing Waas Data Sources
Auto Create of New Waas Devices
Choose Setup Traffic Hardware Deduplication
Hardware Deduplication
Alarm Actions, Thresholds, User Scenario,
Alarms
Alarm Actions
Alarm Action Configuration
Choose Setup Alarms Actions
Editing Alarm Actions
Deleting Alarm Actions
Site associated with this threshold
Thresholds
Name of the threshold
Application associated with this threshold
Field
Setting Host Thresholds
Alarm Summary dashboard Monitor Overview Alarm Summary
Choose Setup Alarms Thresholds
Setting Conversation Thresholds
Dashboard Monitor Overview Alarm Summary , where you
Setting Application Thresholds
Setting Response Time Thresholds
Chose a Dscp value from the list
Setting Dscp Thresholds
Give the Dscp Alarm Threshold a name
Dashboard Monitor Overview Alarm Summary, where you
Alarm actions
Setting RTP Stream Thresholds
Give the RTP Streams Alarm Threshold a name
High, Low, or High and Low alarms
Setting Voice Signaling Thresholds
Choose a data source from the list
Setting NDE Interface Thresholds
Dashboard Monitor Overview Alarm Summary , where you can
Give the NDE Interface Alarm Threshold a name
Deleting a NAM Threshold
Editing an Alarm Threshold
NetFlow, Scheduled Exports, Custom Export,
Data Export
User Scenario
NetFlow
NetFlow Exports screen appears shown in Figure
Viewing Configured NetFlow Exports
Choose Setup Data Export NetFlow
Valid characters 1-9. Length Min 1, Max
Configuring NetFlow Data Export
Description of the NetFlow Export
Port number of the device to be exported to
ART Client Server Application
Record types supported by NAM for NetFlow are
Application
Host
Click
Scheduled Exports
Editing NetFlow Data Export
Deleting a Scheduled Export
Choose Setup Data Export Scheduled Exports
Editing a Scheduled Export
Device Information
Managed Device
Custom Export
Name of the Snmp read-write community string configured on
Choose Setup Managed Device Device Information
Total time the switch has been running
Name of the network administrator for the router
Nbar Protocol Discovery
Sites, NDE Interface Capacity, Dscp Groups,
Network
Sites
Field / Operation Description
Definition Rules
Specifying a Site Using Subnets
Specifying a Site Using WAE devices Waas Data Sources
Resolving Ambiguity Overlapping Site Definitions
Specifying a Site Using Multiple Rules
Viewing Defined Sites
Description of what the site includes
Shows if the site is Enabled or Disabled
Defining a Site
Name of the site
Subnet Detection
See -7for an example
Unique text string for naming a site
Optional text string for describing site
Enter an IPv4 or IPv6 address
Editing a Site
Subnet Detection
Creating an NDE Interface
NDE Interface Capacity
Dscp Groups
Through Dscp AF/EF/CS Format Bit Field Format
Choose Setup Network Dscp Groups
Creating a Dscp Group
Field Description Usage Notes
Deleting a Dscp Group
Classification
Editing a Dscp Group
8shows an example of what the screen may look like
Applications
Creating a New Application
Choose Setup Classification Applications
Repeat through as many times as desired
Editing an Application
That list, highlight it and click the left arrow
Creating an Application Group
Choose Setup Classification Application Groups
Application Groups
Deleting a Protocol
To edit an application group
URL-based Applications
Editing an Application Group
Deleting an Application Group
Example
Choose Setup Classification URL-based Applications
Deleting a URL-based Application
Editing a URL-Based Application
Aggregation Intervals, Response Time, Voice, RTP Filter,
Choose Setup Classification Encapsulations
Monitoring
Encapsulations
URL, Waas Monitored Servers,
Choose Setup Monitoring Aggregation Intervals
Aggregation Intervals
Normal Minimum
Choose Setup Monitoring Response Time
Response Time
Short-Term Long-Term
Field Appliance
Choose Setup Monitoring Voice
Monitor Setup Window
Voice
Enabling a URL Collection Changing a URL Collection
Choose Setup Monitoring RTP Filter
RTP Filter
10,000 500 1,750 000 1,000 250
Disabling a URL Collection
Choose Setup Monitoring URL
Enabling a URL Collection
URL page -10displays
Changing a URL Collection
Element Description Usage Notes
To change a URL collection
Adding a Waas Monitored Server
Choose Setup Monitoring URL Collection
Waas Monitored Servers
Disabling a URL Collection
To delete a Waas monitored server data source
Choose Setup Monitoring Waas Servers
Deleting a Waas Monitored Server
Analyze
Navigation,
Monitor
Interactive Report
Navigation
Saving Filter Information
Saving Filter Parameters
Traffic Summary
Response Time Summary
Site Summary
Alarm Summary
Top N Applications by Site and Alarm Count
Top N Sites by Alarm Count
Top N Hosts by Site and Alarm Count
Top N Applications by Alarm Count
Analyzing Traffic
Hosts Detail
Application
Applications Detail
Host
Traffic rate number of bytes per second
NDE Interface Traffic Analysis
Application group set of applications that can be
Monitored as a whole
Dscp value
Viewing Interface Details
Dscp Detail
Applicable site or Unassigned if no site
Application Groups Detail
Viewing Collected URLs Filtering a URL Collection List
URL Hits
Viewing Collected URLs
Filtering a URL Collection List
Top Application Traffic
Host Conversations
Network Conversation
Top Application Traffic
Top Talkers Detail
WAN Optimization
Application Traffic By Host
Conversation Multi-Segments
Application Performance Analysis
NAM Application Response Time Measurements
Response Time
Metric Description
7lists and describes the ART metrics measured by NAM
Metric Description
Network
Application Response Time
Network Response Time
Server Application Responses
Server Response Time
Client Response Time
Client-Server Response Time
Detailed Views Server Application Transactions
Server Application Transactions
Server Network Responses
Client-Server Application Responses
Client-Server Application Transactions
Packet as observed at NAM probing point
Client-Server Network Responses
Server-response packet, excluding retransmission time
Interface,
Health, NBAR,
Interface
Interfaces Stats Table
Interface Statistics Over Time
Switch Health
Health
Backplane Utilization
Chassis Health
Chassis Information
CPU usage
Crossbar Switching Fabric
Ternary Content Addressable Memory Information
Router Health
Router Health
Router Information
Time in hundredths of a second since the network management
Information on how to contact this person
Current state of the power supply being instrumented
Media
RTP Stream Stats Summary
RTP Streams
Purpose
RTP Stream Information
RTP Stream Stats Details
Voice Call Statistics
Monitoring RTP Streams
Calls Table
Calling number as it appears in the signaling protocol
Called number as it appears in the signaling protocol
Time when the call was detected to end
From inspecting the call signaling protocol
Inspecting call signaling protocol
Time when the call was detected to start
Field Purpose
RTP Conversation
Duration of the stream
Synchronization source number as it appear in the RTP
Header
NAM calculated score that takes into account
OL-22617-01
Quick Capture
Capturing and Decoding Packet Data
Sessions
Size of the session
Viewing Capture Sessions
Name of the capture session
Many times as necessary
Choose Capture Packet/Capture Decode Sessions
Configuring Capture Sessions
Operation Description
Name of the capture Enter a capture name
Configure Capture Session Window
Maximum Session NAM Platform Size
Administration System Capture Data Storage
Maximum Capture Session Sizes for NAM Platforms
300 MB
Software Filters
Maximum Session
NAM Platform Size
Software Filter Dialog -4 displays
Creating a Software Filter
Choose Capture Packet Capture/Decode Sessions
Hexadecimal number from 0 to 9 or a to f. The default is
IPv4 address in dotted-quad format n.n.n.n, where n is 0 to
Default if blank is
For MAC address, enter hh hh hh hh hh hh, where hh is a
Choose GTP.IPv6 for IPV6 address for tunneled packet over
To edit software capture filters
Editing a Software Capture Filter
Vlan and IP IP and TCP/UDP IP and Payload Data
Configuring a Hardware Filter
To cancel the changes, click Cancel
Hardware Assisted Filters
List is also shown in Figure
Vlan and IP
IP and Payload Data
IP and TCP/UDP
Payload Data
Files
Delete files
Display the packets in a file
Displays packets and bytes transferred for each protocol
Error Scan
Analyzing Capture Files
Displays a graphic image of network traffic KB/second
Choose Capture Packet Capture/Decode Files
Downloading Capture Files
Deleting Multiple Files
Deleting a Capture File
Load and decode the next block of packets from the NAM
Viewing Packet Decode Information
Stop packet loading
Load and decode the previous block of packets from the NAM
Choose an Address Filter
Choose a Filter Mode
Browsing Packets in the Packet Decoder
Filtering Packets Displayed in the Packet Decoder
Define a Protocol Filter
Viewing Detailed Protocol Decode Information
To create custom display filters
Using Alarm-Triggered Captures
Custom Display Filters
Creating Custom Display Filters
Custom Decode Filter Dialog Box
Format
Tips for Creating Custom Decode Filter Expressions
See Tips for Creating Custom Decode Filter Expressions
Operator Meaning
Choose Capture Packet Capture/Decode Display Filters
Editing Custom Display Filters
Field Filter By Format
Examples of Custom Decode Filter Expressions
To delete custom display filters
Deleting Custom Display Filters
OL-22617-01
System Administration
User and System Administration
Network Parameters
Choose Administration System Network Parameters
Resources
Snmp Agent
Snmp Agent Dialog Box displays
Choose Administration System Snmp Agent
Working with NAM Community Strings
Creating NAM Community Strings
To delete the NAM community strings
Testing the Router Community Strings
System Time
Deleting NAM Community Strings
Clock set hhmmss mm/dd/yyyy
Synchronizing the NAM System Time with the Switch or Router
Choose Administration System System Time
Synchronizing the NAM System Time Locally
Choose Administration System E-Mail Setting
Mail Setting
Configuring the NAM System Time with an NTP Server
Capture Data Storage
To enable Web Data Publishing
Choose Administration System Web Data Publication
Web Data Publication
Creating NFS Storage Locations
Configuring the NFS Server
Configuring the NFS Storage Location on the NAM
Editing NFS Storage Locations
Name of the remote storage entry
ISCSI target name configured on the remote iSCSI server
Creating iSCSI Storage Locations
Editing iSCSI Storage Locations
Choose Administration System Snmp Trap Setting
Syslog Setting
Snmp Trap Setting
Choose Administration System Syslog Setting
Deleting a NAM Trap Destination
Preferences
Editing a NAM Trap Destination
System Alerts, Audit Trail, Tech Support,
Diagnostics
System Alerts
Audit Trail
Downloading Core Files
Choose Administration Diagnostics Audit Trail
Choose Administration Diagnostics Tech Support
Tech Support
Local Database
User Administration
Recovering Passwords
Privilege Access Level
To create a new user
Choose Administration Users Local Database
Creating a New User
Deleting a User
Choose the Administration Users Local Database
Editing a User
Field Usage Notes
Establishing TACACS+ Authentication and Authorization
Click Submit/Restart
Configuring a Cisco ACS TACACS+ Server
Click Network Configuration Click Add Entry
For Windows NT and 2000 Systems
Adding a NAM User or User Group
Configuring a Generic TACACS+ Server
Parameter Enter
Current User Sessions
NAM Traffic Analyzer 5.0 Usage Scenarios
Deploying NAMs for WAN Optimization
Deployment
Deploying NAMs in the Branch
Deploying NAMs for Voice/Video applications
Integrating NAM with Third Party Reporting Tools
Autodiscovery Capabilities of NAM
Creating Custom Applications
See Application Response Time, See Thresholds,
Integrating NAM with LMS
Understanding Traffic Patterns at the Network Layer
See Dscp Groups,
Using NAM for Problem Isolation
Troubleshooting
Using NAM for SmartGrid Visibility
General NAM Issues
Troubleshooting
NAM Not Responding
Error Messages
Does the session from the switch/router work?
Packet Drops
NAM Behavior
Waas Troubleshooting
OL-19530-02
Module Object Identifier OID and Description Source
Supported MIBs
Mib-21.rmon16.tokenRing10.ringStation RFC OrderTable3
Mib-21.rmon16.tokenRing10.ringStationConfig RFC
Objects10 Power, Temperature and Fan Status
Mib-21.rmon16.tokenRing10.ringStation RFC
Crossbar statistics
Cisco9.workgroup5.ciscoStackMIB1.ciscoStatck
CiscoMgmt9.ciscoCat6kCrossbarMIB217.cisco
Cat6kXbarMIBObjects1
OL-22617-01
Creating
Capture settings, configuring
Downloading to a file
Custom display filters
IN-2
Configuring as datasource
Ipesp IPIP4
Alarm thresholds
IN-4
Creating Deleting Editing Spanning, directing traffic for
Server, configuring to support NAM
Authentication and authorization, establishing
See Virtual Switch Software Waas data sources
Voice data Collecting Viewing Voice signaling thresholds
