Filter
Top Products
2-17
User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0
OL-22617-01
Chapter 2 Setting Up The NAM Traffic Analyzer
Traffic
• aa.bb.cc.dd is the IP address defined at the destination
You can now connect to the NAM to monitor and capture traffic of the Data Port 2 data source.
Sending ERSPAN Data Directly to the NAM Management Interface
To send the data directly to the NAM management IP address (management-port), configure the
ERSPAN source session. No ERSPAN destination session configuration is required. After performing
this configuration on the Catalyst 6500 switch or Cisco 7600 series router, when ERSPAN packets are
sent to the NAM, it will automatically create a data source for that packet stream. If the auto-create
feature is not enabled, you will have to manually create the data source for this ERSPAN stream of traffic
(see
Creating ERSPAN Data Sources Using the Web GUI, page 2-12).
Note This method causes the ERSPAN traffic to arrive on the NAM management port. If the traffic level is
high, this could have negative impact on the NAM’s performance and IP connectivity.
Sample Configuration
monitor session 1 type erspan-source
no shut
source interface Fa3/47
destination
erspan-id Y
ip address aa.bb.cc.dd
origin ip address ee.ff.gg.hh
Where:
• Interface fa3/47 is a local interface on the erspan-source switch to be monitored
• Y is any valid span session number
• aa.bb.cc.dd is the management IP address of the NAM
• ee.ff.gg.hh is the source IP address of the ERSPAN traffic
VACL
A VLAN access control (VACL) list can forward traffic from either a WAN interface or VLANs to a data
port on the NAM. A VACL provides an alternative to using SPAN; a VACL can provide access control
based on Layer 3 addresses for IP and IPX protocols. The unsupported protocols are access controlled
through the MAC addresses. A MAC VACL cannot be used to access control IP or IPX addresses.
Configuring VACL on a WAN Interface
Because WAN interfaces do not support the SPAN function, you must use the switch CLI to manually
configure a VACL in order to monitor WAN traffic with the NAM. This feature only works for IP traffic
over the WAN interface.
VACL can also be used of there is no available SPAN session to direct traffic to the NAM. In this case,
a VACL can be set up in place of a SPAN for monitoring VLAN traffic.
The following example shows how to configure a VACL on an ATM WAN interface and forward both
ingress and egress traffic to the NAM. These commands are for switches running Cisco IOS version
12.1(13)E1 or higher. For more information on using these features, see your accompanying switch
documentation.
Cat6509#config terminal
Cat6509(config)# access-list 100 permit ip any any