How do I enter IP to name resolutions so that Scrutinizer doesn't have to use the DNS to resolve IPs?

Edit this file: C:\WINDOWS\system32\drivers\etc\hosts and enter the IP to name translations.

Overall utilization on the interface appears to be understated. Why would this be?

1.Make sure NetFlow is enabled on all physical interfaces of the device. Do not be concerned with the virtual interfaces, as they will auto-appear once NetFlow is enabled on the physical interface.

2.If the hardware can't keep up with sending the NetFlow packets, it will drop NetFlows before they even leave the device. To check to see if this is the problem, login to the Cisco device.

Command to type: Router_name>sh ip flow export

At the bottom of the export, look for something like "294503 export packets were dropped due to IPC rate limiting". If this counter is incrementing, the hardware cannot keep up with the export demands.

3.The command below breaks up long-lived flows into 1-minute segments. You can choose any number of minutes between 1 and 60; if you leave the default of 30 minutes you will get spikes in your utilization reports. Command to type: ip flow-cache timeout active 1

4.The command below ensures that flows that have finished are exported in a timely manner. The default is 15 seconds; you can choose any value between 10 and 600. Note however that if you choose a value that is longer than 250 seconds Scrutinizer may report traffic levels that appear low.

Command to type: ip flow-cache timeout inactive 15

NetFlow only exports IP traffic (i.e. no IPX, etc.) and no layer 2 broadcasts are exported by this version of NetFlow.

How do I setup my router to forward NetFlows to two destinations?

Type the "ip flow-export destination" command twice:

router-name#ip flow-export destination 10.1.1.8 2055

router-name#ip flow-export destination 10.1.1.9 2055

Why are my graphs reporting over 100% utilization?

1.The interface speed is not correct. Scrutinizer uses the speed specified in the SNMP OID. Login to the router or switch and fix the problem or in Scrutinizer go to Device Details and manually type in the correct speed.

2.The active timeout has not been set to 1 minute on the router. Login to the router or switch and fix the problem.

3.Non-dedicated burstable bandwidth, where the ISP allows you to use over the allocated bandwidth.

4.Both ingress and egress NetFlow collection have been enabled on the interface. This can work properly if the direction bit is set in the egress flows. Scrutinizer works ideal when only ingress NetFlow collection is configured on all interfaces. Only egress on all interfaces is also possible.

5.Do you have any encrypted tunnels on the interface?

◦47 - GRE, General Routing Encapsulation.

◦50 - ESP, Encapsulating Security Payload.

◦94 - IP-within-IP Encapsulation Protocol.

◦97 - EtherIP.

◦98 - Encapsulation Header.

◦99 - Any private encryption scheme.

This can cause traffic to be counted twice on an interface. In Scrutinizer, go to Admin Tab > Definitions > Manage Exporters. Click on the round icon with the '-'. When you mouse over the icon, the ALT will display "View the current protocol exclusions of this device." Click on this and make sure the above protocols are being excluded.

SonicWALL Scrutinizer 9.0.1 Release Notes

P/N 232-000861-00 Rev A

21

Page 21
Image 21
SonicWALL 232-000861-00 manual Command to type ip flow-cache timeout inactive