Cisco Pagent Example configuration

Cisco IOS Software, 3800 Software (C3845-TPGEN+IPBASE-M), Experimental Version 12.4(20100323:103320) [shgautam-v48-reg 116]
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 23-Mar-10 17:31 by shgautam

ROM: System Bootstrap, Version 12.3(11r)T2, RELEASE SOFTWARE (fc1)

Pagent uptime is 5 days, 13 hours, 9 minutes
System returned to ROM by power-on
System image file is “flash:c3845-tpgen_ipbase-mz.PAGENT.4.8.0”

Cisco 3845 (revision 1.0) with 225280K/36864K bytes of memory.
Processor board ID SEEERIALLLLL
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity enabled.
479K bytes of NVRAM.
126976K bytes of ATA System CompactFlash (Read/Write)

Configuration register is 0x2102

Pagent#tgn
gigabitEthernet0/1  <– Select Output interface
Add ICMP
on
rate 40000
length random 1000 to 1514
repeat 100 no-update
!
length random 500 to 1514
!
L2-encapsulation arpa
L2-dest-addr CCCC.3905.AAAA <– mac-address of SUT (manual config)
L2-src-addr BBBB.185B.DDDD <– mac-address of interface g0/1 (auto)
!
L3-src-addr random 1.0.0.1 to 223.255.255.254
L3-dest-addr random 1.0.0.1 to 223.255.255.254
L3-ttl 254
!
L4-type 8
!
data-length 1514
fill-pattern random with-update
!
Pagent(TGN:ON,Gi0/1:10/10)#start

 

Show command:

Pagent(TGN:ON,Gi0/1:10/10)#sh icmp

Pagent(TGN:ON,Gi0/1:10/10)#sh rate

Pagent(TGN:ON,Gi0/1:10/10)#sh ip

Cisco Nexus กับ feature acl-capture

เราสามารถทำการ SPAN เฉพาะ traffic ที่ตรงกับ access-list ได้โดยตัวอย่างจะเป็นการ capture เฉพาะ packet ที่มี destination tcp port 80

*ผมลองใช้ acl ที่ capture ที่เป็น icmp ไม่ได้ครับ (permit icmp any any capture session 1)

 

hardware access-list capture

interface Ethernet2/4
description ## HTTP capture traffic ##
switchport
switchport monitor
no shutdown

monitor session 1 type acl-capture
destination interface Ethernet2/4
no shut

ip access-list acl-capture-1
10 permit tcp any any eq www capture session 1
20 permit ip any any

interface Vlan15
ip access-group acl-capture-1 in

###

# sh monitor ses 1
session 1
—————
type : acl-capture
state : up
destination ports : Eth2/4

Note: Matching traffic sourced from the following interfaces
will not be captured to the destination port(s)
(source & destination on same replication engine):

Eth2/3 Eth2/4

 

Legend:
l = learning enabled
f = forwarding enabled
MCBE = multicast best effort
L3-TX = L3 Multicast Egress SPAN

# sh int e2/4 switchport

Name: Ethernet2/4
Switchport: Enabled
Switchport Monitor: Enabled
Operational Mode: access
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Allowed: 1-4094
FabricPath Topology List Allowed: 0
Administrative private-vlan primary host-association: none
Administrative private-vlan secondary host-association: none
Administrative private-vlan primary mapping: none
Administrative private-vlan secondary mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none

** ref: Cisco configuration guide

[Cisco] Catalyst6500 แสดงข้อมูลของ Hardware capacity

โดยใช้ Command
 #show platform hardware capacity
System Resources
  PFC operating mode: PFC3BXL
  Supervisor redundancy mode: administratively sso, operationally sso
  Switching resources: Module   Part number               Series      CEF mode
                       1        WS-X6704-10GE             CEF720           CEF
                       5        WS-SUP720-3BXL        supervisor           CEF
                       6        WS-SUP720-3BXL        supervisor           CEF
                       8        WS-X6148-GE-TX           classic           CEF
                       9        WS-X6748-GE-TX            CEF720           CEF

Power Resources
  Power supply redundancy mode: administratively redundant
                                operationally redundant
  System power: 2771W, 0W (0%) inline, 1864W (67%) total allocated
  Powered devices: 0 total, 0 Class3, 0 Class2, 0 Class1, 0 Class0, 0 Cisco

Flash/NVRAM Resources
  Usage: Module Device               Bytes:      Total          Used     %Used
         1      dfc#1-bootflash:              32768000             0        0%
         5  RP  bootflash:                    65536000             0        0%
         5  SP  disk0:                       512024576     184082432       36%
         5  SP  sup-bootdisk:                512073728     145973248       29%
         5  SP  const_nvram:                    129004           796        1%
         5  SP  nvram:                         1964024         67657        3%
         6      slavenvram:                    1964024         67657        3%
         6      slaveconst_nvram:               129004           796        1%
         6      slavedisk0:                  512024576     184082432       36%
         6      slavesup-bootdisk:           512073728     145973248       29%
         6      slavebootflash:               65536000             0        0%
         9      dfc#9-bootflash:              15990784             0        0%

CPU Resources
  CPU utilization: Module             5 seconds       1 minute       5 minutes
                   1                   1% /  1%             1%              1%
                   5  RP               6% /  1%             7%              7%
                   5  SP              17% /  1%            19%             18%
                   6  RP               1% /  0%             1%              1%
                   6  SP               9% /  1%             6%              6%
                   9                   1% /  0%             1%              1%
  Processor memory: Module   Bytes:       Total           Used           %Used
                    1                 206486208       41116192             20%
                    5  RP             897485968      373996860             42%
                    5  SP             886289680      222767864             25%
                    6  RP             897466608      168651900             19%
                    6  SP             874521564      204020732             23%
                    9                 206486208       41128408             20%
  I/O memory: Module         Bytes:       Total           Used           %Used
              5  RP                    67108864       21605604             32%
              5  SP                    67108864       20823512             31%
              6  RP                    67108864       21605604             32%
              6  SP                    67108864       19021272             28%

EOBC Resources
  Module                     Packets/sec     Total packets     Dropped packets
  1          Rx:                      12        4248130956                   0
             Tx:                       6         464306499                   3
  5  RP      Rx:                      69        1732053305                1763
             Tx:                      69        1741759073                   0
  5  SP      Rx:                      30        1089260160                 953
             Tx:                      35        1203664866                   0
  6  RP      Rx:                       0          51723463                  18
             Tx:                       0          46963840                   0
  6  SP      Rx:                      11         263249819                 389
             Tx:                      11         259160696                   0
  9          Rx:                      23        2962811654                   0
             Tx:                      17         377120096                   3

VLAN Resources
  VLANs: 4094 total, 9 VTP, 0 extended, 42 internal, 4043 free

L2 Forwarding Resources
           MAC Table usage:   Module  Collisions  Total       Used       %Used
                              5                0  65536         55          1%
                              6                0  65536         55          1%

             VPN CAM usage:                       Total       Used       %Used
                                                    512          0          0%
L3 Forwarding Resources
             FIB TCAM usage:                     Total        Used       %Used
                  72 bits (IPv4, MPLS, EoM)     524288      359448         69%
                 144 bits (IP mcast, IPv6)      262144           8          1%

                     detail:      Protocol                    Used       %Used
                                  IPv4                      359446         69%
                                  MPLS                           1          1%
                                  EoM                            1          1%

                                  IPv6                           1          1%
                                  IPv4 mcast                     4          1%
                                  IPv6 mcast                     3          1%

            Adjacency usage:                     Total        Used       %Used
                                               1048576         244          1%

     Forwarding engine load:
                     Module       pps   peak-pps                     peak-time
                     5        1489697    5291191  13:30:40 GMT Wed Jan 19 2011
                     6        1491511    2462509  14:43:50 GMT Thu Mar 10 2011

Netflow Resources
          TCAM utilization:       Module       Created      Failed       %Used
                                  5                  0           0          0%
                                  6                  0           0          0%
          ICAM utilization:       Module       Created      Failed       %Used
                                  5                  0           0          0%
                                  6                  0           0          0%

                 Flowmasks:   Mask#   Type        Features
                      IPv4:       0   reserved    none
                      IPv4:       1   unused      none
                      IPv4:       2   unused      none
                      IPv4:       3   reserved    none

                      IPv6:       0   reserved    none
                      IPv6:       1   unused      none
                      IPv6:       2   unused      none
                      IPv6:       3   reserved    none

CPU Rate Limiters Resources
             Rate limiters:       Total         Used      Reserved       %Used
                    Layer 3           9            4             1         44%
                    Layer 2           5            3             3         60%

ACL/QoS TCAM Resources
  Key: ACLent - ACL TCAM entries, ACLmsk - ACL TCAM masks, AND - ANDOR,
       QoSent - QoS TCAM entries, QOSmsk - QoS TCAM masks, OR - ORAND,
       Lbl-in - ingress label, Lbl-eg - egress label, LOUsrc - LOU source,
       LOUdst - LOU destination, ADJ - ACL adjacency

  Module ACLent ACLmsk QoSent QoSmsk Lbl-in Lbl-eg LOUsrc LOUdst  AND  OR  ADJ
  5          1%     4%     1%     1%     1%     1%     0%     0%   0%  0%   1%
  6          1%     5%     1%     1%     1%     1%     0%     0%   0%  0%   1%

L3 Multicast Resources
  IPv4 replication mode: ingress
  IPv6 replication mode: ingress
  Bi-directional PIM Designated Forwarder Table usage: 4 total, 0 (0%) used
  Replication capability: Module                              IPv4        IPv6
                          1                                 egress      egress
                          5                                 egress      egress
                          6                                 egress      egress
                          8                                ingress     ingress
                          9                                 egress      egress
  MET table Entries: Module                             Total    Used    %Used
                     5                                  65516       6       1%
                     6                                  65516       0       0%

QoS Policer Resources
  Aggregate policers: Module                      Total         Used     %Used
                      5                            1024            4        1%
  Microflow policer configurations: Module        Total         Used     %Used
                                    5                64            1        1%

Switch Fabric Resources
  Bus utilization: current: 13%, peak was 30% at 11:53:24 GMT Mon Dec 27 2010
  Fabric utilization:     Ingress                    Egress
    Module  Chanl  Speed  rate  peak                 rate  peak
    1       0        20G   19%   35% @16:42 24Jan11    8%   24% @14:43 10Mar11
    1       1        20G    8%   24% @14:43 10Mar11   19%   33% @16:42 24Jan11
    5       0        20G    0%    9% @09:16 22Sep10    1%   12% @13:23 19Oct10
    6       0         8G    0%    3% @06:09 12Mar11    0%   13% @15:07 21Sep10
    9       0        20G    0%    0%                   0%    1% @15:30 13Mar11
    9       1        20G    8%   13% @14:10 14Mar11    7%   14% @16:42 24Jan11
  Switching mode: Module                                        Switching mode
                  1                                                       acef
                  5                                                        bus
                  6                                                   crossbar
                  9                                                       acef

Interface Resources
  Interface drops:
    Module    Total drops:    Tx            Rx      Highest drop port:  Tx  Rx
    1                          0        104569                           0   1
    5                    1677977             0                           1   0
    8                 1470024353             0                           1   0
    9                   11438542           303                          15   9

  Interface buffer sizes:
    Module                            Bytes:     Tx buffer           Rx buffer
    1     (asic-1)                                14622592             2064768
    8     (asic-1)                                 1081344              147456
    9     (asic-1)                                 1221120              173504
IBC Resources
  Module                     Packets/sec     Total packets     Dropped packets
  5  RP      Rx:                      84       30840270998                   0
             Tx:                      79       30697177109                   0
  5  SP      Rx:                       2          55443200                   0
             Tx:                      13         263401704                   0
  6  RP      Rx:                       0           1258984                   0
             Tx:                       0           1258984                   0
  6  SP      Rx:                       0           1484137                   0
             Tx:                       0           1259144                   0

SPAN Resources
  Source sessions: 16 maximum, 0 used
    Type                             Max      Used
    Local                              2(*)      0
    Local-tx                          14         0
    RSPAN source                       2(*)      0
    ERSPAN source                      2(*)      0
    Capture                            1(*)      0
    Service module                     1(*)      0
    OAM loopback                       1(*)      0
      * - shared source sessions and the total can not exceed 2
  Destination sessions: 64 maximum, 0 used
    Type                             Max      Used
    RSPAN destination                 64(*)      0
    ERSPAN destination                23(*)      0
      * - shared destination sessions and the total can not exceed 64

Multicast LTL Resources
  Usage:   30656 Total, 640 Used

[Cisco] IOS Order of Operations

Interface input/output oder-of-operation

Ingress Features Egress Features
1. Virtual Reassembly * 1. Output IOS IPS Inspection
2. IP Traffic Export (RITE) 2. Output WCCP Redirect
3. QoS Policy Propagation through BGP (QPPB) 3. NM-CIDS
4. Ingress Flexible NetFlow * 4. NAT Inside-to-Outside or NAT Enable *
5. Network Based Application Recognition (NBAR) 5. Network Based Application Recognition (NBAR)
6. Input QoS Classification 6. BGP Policy Accounting
7. Ingress NetFlow * 7. Lawful Intercept
8. Lawful Intercept 8. Check crytpo map ACL and mark for encryption
9. IOS IPS Inspection (inbound) 9. Output QoS Classification
10. Input Stateful Packet Inspection (IOS FW) * 10. Output ACL check (if not marked for encryption)
11. Check reverse crypto map ACL 11. Crypto outbound ACL check (if marked for encryption)
12. Input ACL (unless existing NetFlow record was found) 12. Output Flexible Packet Matching (FPM)
13. Input Flexible Packet Matching (FPM) 13. DoS Tracker
14. IPsec Decryption (if encrypted) 14. Output Stateful Packet Inspection (IOS FW) *
15. Crypto inbound ACL check (if packet had been encrypted) 15. TCP Intercept
16. Unicast RPF check 16. Output QoS Marking
17. Input QoS Marking 17. Output Policing (CAR)
18. Input Policing (CAR) 18. Output MAC/Precedence Accounting
19. Input MAC/Precedence Accounting 19. IPsec Encryption
20. NAT Outside-to-Inside * 20. Output ACL check (if encrypted)
21. Policy Routing 21. Egress NetFlow *
22. Input WCCP Redirect 22. Egress Flexible NetFlow *
23. Egress RITE
24. Output Queuing (CBWFQ, LLQ, WRED)

* A note about virtual-reassembly

Credit h**p://http://etherealmind.com/cisco-ios-order-of-operation/