Cisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.0 OL-14942-02 Revised Date: October 29, 2009 The Cisco Network Analysis Module (NAM) is an integrated module that enables network managers to understand, manage, and improve how applications and services are delivered to end-users.
Contents Table 1 Network Analysis Modules (continued) SKU Description NM-NAM Supports branch routers which include the 2600XM, 2800, 3660, 3700, and 3800 series multi-services and integrated services routers WS-SVC-NAM-1 Support the Cisco Catalyst 6500 switches and Cisco 7600 routers WS-SVC-NAM-2 WS-SVC-NAM-1-250S WS-SVC-NAM-1-250S Contents • Prerequisites for NME-NAM-120S, page 2 • Restrictions for the NME-NAM-120S, page 4 • NAM Software, page 5 • How to Install, Upgrade, or Downgrade NME-
Prerequisites for NME-NAM-120S Table 2 Note NME-NAM Supported Router Platforms (continued) Router Platform IOS Version (Minimum) NM Adapter Card Required? Cisco 3845 ISR Cisco IOS 12.4(9)T No Cisco 3825 ISR Cisco IOS 12.4(9)T Cisco 2851 ISR Cisco IOS 12.4(9)T Cisco 2821 ISR Cisco IOS 12.4(9)T Cisco 2811 ISR Cisco IOS 12.4(9)T Cisco 3745 MSR Cisco IOS 12.4(9)T Cisco 3725 MSR Cisco IOS 12.4(9)T The NM-NAM is not supported on ISR G2 platforms.
Restrictions for the NME-NAM-120S – slot—Number of the router chassis slot for the module. After you install the module, you can get this information from the router’s show running-config command output and look for interface Integrated-Service-Engine. Note You need this information for the “Setting Up Network Module Interfaces” section on page 7 and the “Closing a Session” section on page 11.
NAM Software Monitoring Traffic Through Internal Interface Note The following restriction applies only to traffic that is monitored through the internal NAM interface. The NAM Traffic Analyzer (web GUI) provides Layer 3 and higher layer information about the original packets. The Layer 2 header is modified by the router when it forwards the packets to the NAM, so the Layer 2 information that the NAM records is not applicable to the original packets.
NAM Software Hardware Interfaces The host router and network module use several interfaces for internal and external communication (see Figure 1). Each interface is configurable both from the router by using the Cisco IOS CLI and from the module by using the module's CLI. The NME-NAM-120S can monitor traffic on both the external and the internal interface at the same time. However, only one can be used for management traffic. Figure 1 Router and Network Module Interfaces On This Hardware Interface...
How to Install, Upgrade, or Downgrade NME-NAM-120S How to Install, Upgrade, or Downgrade NME-NAM-120S This section contains the following information: Note • Setting Up Network Module Interfaces, page 7 • Closing a Session, page 11 • Upgrading or Reinstalling NAM Software, page 12 • If you lose power or connection during any of the following procedures, the system usually detects the interruption and tries to recover. If it fails to do so, fully reinstall the system using the boothelper.
How to Install, Upgrade, or Downgrade NME-NAM-120S DETAILED STEPS Command or Action Purpose From the Host-Router CLI Step 1 enable Enters privileged EXEC mode on the host router. Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode on the host router. Example: Router# configure terminal Step 3 interface integrated-service-engine slot/0 Enters interface configuration mode for the slot and port where the network module resides.
How to Install, Upgrade, or Downgrade NME-NAM-120S Step 6 Command or Action Purpose service-module external ip address external-ip-address subnet-mask Specifies the IP address for the external LAN interface on the module. Arguments are as follows: Example: Router(config-if)# service-module external ip address 172.0.0.30 255.255.255.
How to Install, Upgrade, or Downgrade NME-NAM-120S Opening a Session This section describes how to open a session on the network module. Note • Before you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application. • You can conduct only one session at a time. SUMMARY STEPS From the Router CLI 1. enable 2. service-module integrated-service-engine slot/0 session clear 3.
How to Install, Upgrade, or Downgrade NME-NAM-120S Closing a Session This section describes how to close a session on the network module. Note • Before you install your application software, opening a session brings up the bootloader. After you install the software, opening a session brings up the application. • You can conduct only one session at a time. • In NAM 4.0, the CLI command exit automatically closes a session.
How to Install, Upgrade, or Downgrade NME-NAM-120S Upgrading or Reinstalling NAM Software During software upgrades, you use the Bootloader, a small set of system software that runs when the system first powers up. The Bootloader loads and runs the NAM application. The bootloader might optionally load and run the helper image on flash memory. Reinstalling software involves installing, configuring, and starting a helper image.
How to Install, Upgrade, or Downgrade NME-NAM-120S Upgrading the NME-NAM-120S Application Image (Full Image) This section provides summary and detailed steps about how to upgrade, downgrade, or re-install the full NME-NAM-120S application image. SUMMARY STEPS From the Router CLI 1. Download the required software. 2. service-module integrated-service-engine slot/0 reload 3.
How to Install, Upgrade, or Downgrade NME-NAM-120S http://www.cisco.com/cgi-bin/tablebuild.pl/nme-nam b. Locate the following file: • nam-app.4.0.bin.gz NME-NAM-120S Application Image Release 4.0 for Cisco Branch Routers Note Most URL links are not usable during Early Field Trial. c.
How to Install, Upgrade, or Downgrade NME-NAM-120S • Default boot option is to boot the NAM 4.0 image from disk. • Default bootloader file to be used on subsequent boot: primary or secondary Note Primary causes the application to launch normally. Secondary causes the application to start the primary bootloader; the primary bootloader then checks the secondary bootloader location and, if it finds the secondary bootloader and if the checksum is correct, uses the secondary bootloader.
How to Install, Upgrade, or Downgrade NME-NAM-120S Example: Cisco Systems, Inc. Services engine helper utility for NME-NAM-120S Version 1.1(0.
How to Install, Upgrade, or Downgrade NME-NAM-120S DETAILED STEPS Command or Action Purpose Step 1 Follow the steps described in Opening a Session, page 10 to close the NAM console session. Initiate a console connection in the NME-NAM-120S. Log in to the NAM CLI. Step 2 patch ftp://user:password@host/full-path/filename Downloads and installs a software patch. • Use the first option, which includes the password, if the FTP server does not allow anonymous users.
How to Install, Upgrade, or Downgrade NME-NAM-120S DETAILED STEPS Command or Action Purpose Step 1 Download the NME-NAM-120S helper image from CCO and load it to a FTP server. Note Step 2 Follow the steps described in Opening a Session, page 10 to close the NAM console session. Initiate a console connection in the NME-NAM-120S. Log in to the NAM CLI. The FTP server must be reachable from NAM CLI.
How to Install, Upgrade, or Downgrade NME-NAM-120S Upgrading the NAM Helper Image This section describes how to upgrade the NAM helper image. SUMMARY STEPS 1. Download the NAM helper image from CCO and store it on an FTP server. From the Router Enable (exec) Mode Prompt 2. service-module integrated-service-engine slot/0 reload 3. service-module integrated-service-engine slot/0 session Note This will open a connection to the NAM console.
How to Install, Upgrade, or Downgrade NME-NAM-120S DETAILED STEPS Command or Action Purpose Step 1 Download the NME-NAM-120S helper image from CCO and load it to an FTP server. Note Step 2 From the router exec prompt, apply the IOS command: service-module integrated-service-engine slot/0 reload Reboot the NAM. The FTP server must be reachable from NAM CLI.
Configuring the NME-NAM-120S for Management Step 9 Command or Action Purpose Select 4, and follow the prompt to enter a FTP URL Download helper image from FTP server and write to NAM flash.
Configuring the NME-NAM-120S for Management 4. ip unnumber 5. no shutdown 6. service-module ip address 7. service-module ip default-gateway 8. exit 9. ip route 255.255.255.255 integrated-service-engine slot/0 10. end DETAILED STEPS Command or Action Purpose Step 1 enable Enter IOS exec mode. Step 2 configure terminal Enter IOS configuration from terminal mode.
Configuring the NME-NAM-120S for Management Step 9 Command or Action Purpose ip route 255.255.255.255 integrated-service-engine slot/0 (or for the NM-NAM) ip route 255.255.255.255 analysis-module slot/0 Setup a full 32-bit static route for the NAM management address. Example: Router(config)# ip route 209.165.200.226 255.255.255.255 integrated-service-engine 1/0 Step 10 Exit the router configuration mode.
Configuring the NME-NAM-120S for Management Figure 2 NAM Management Interface Is Internal and Integrated-Service-Engine Interface Is IP Unnumbered: Sample Topology Callout Interface Location 1 Integrated-Service-Engine interface Router internal 2 Internal NAM interface (Management) NME-NAM-120S internal 3 External NAM interface NME-NAM-120S faceplate 4 Serial interface WAN interface card (WIC) 5 GigabitEthernet interface Router rear panel Router Configuration (Cisco IOS Software) ! inte
Configuring the NME-NAM-120S for Management NAM Configuration (NAM Software) root@myNAM.company.com# show ip IP address: 209.165.200.226 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.200.255 IP Interface: Internal DNS Name: myNAM.company.com Default Gateway: 209.165.200.225 Nameserver(s): 171.69.2.
Configuring the NME-NAM-120S for Management Step 3 Command or Action Purpose interface integrated-service-engine slot/0 Enter the IOS interface configuration mode for the integrated-service-engine interface. Or for NM-NAM devices: interface analysis-module slot/0 Step 4 ip address Set a routable address to the integrated-service-engine interface. Example: Router (config-if)# ip address 209.165.200.225 255.255.255.
Configuring the NME-NAM-120S for Management Figure 3 NAM Management Interface Is Internal and Integrated-Service-Engine Interface Is Assigned an IP Address: Sample Topology Callout Interface Location 1 Integrated-Service-Engine interface Router internal 2 Internal NAM interface (Management) NME-NAM-120S internal 3 External NAM interface NME-NAM-120S faceplate 4 Serial interface WAN interface card (WIC) 5 Fast Ethernet interface Router rear panel Router Configuration (Cisco IOS Software)
Configuring the NME-NAM-120S for Management NAM Configuration (NAM Software) root@myNAM.company.com# show ip IP address: 209.165.200.226 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.200.255 IP Interface: Internal DNS Name: myNAM.company.com Default Gateway: 209.165.200.225 Nameserver(s): 171.69.2.
Configuring the NME-NAM-120S for Management DETAILED STEPS Command or Action Purpose Step 1 enable Enter IOS exec mode. Step 2 configure terminal Enter IOS configuration from terminal mode. Step 3 interface loopback Create a loopback interface 0 on the router. Router (config)# interface loopback 0 Router (config-if)# Step 4 Example: Router(config-if)# ip address 10.1.1.1 255.255.255.0 Set a bogus address on the loopback interface.
Configuring the NME-NAM-120S for Management Step 11 Command or Action Purpose service-module ip default-gateway (or for the NM-NAM) analysis-module ip default-gateway Setup the NAM default gateway address. Router (config-if)# service-module ip default-gateway 209.165.201.222 (or for the NM-NAM) Router (config-if)# analysis-module ip default-gateway 209.165.201.222 Step 12 Exit the router configuration mode.
Configuring the NME-NAM-120S for Management Figure 4 NAM Management Interface Is External and Integrated-Service-Engine Interface Is IP Unnumbered: Sample Topology Callout Interface Location 1 Integrated-Service-Engine interface Router internal 2 Internal NAM interface NME-NAM-120S internal 3 External NAM interface (Management) NME-NAM-120S faceplate 4 Loopback interface Router internal 5 Serial interface WAN interface card (WIC) 6 Fast Ethernet interface Router rear panel Cisco Bran
Configuring the NME-NAM-120S for Management Router Configuration (Cisco IOS Software) ! interface loopback 0 ip address 10.1.1.1 255.255.255.0 ! ! interface Integrated-Service-Engine3/0 ip unnumbered loopback 0 no shutdown ! NAM Configuration (NAM software) root@myNAM.company.com# show ip IP address: 209.165.201.2 Subnet mask: 255.255.255.224 IP Broadcast: 209.165.201.223 IP Interface: External DNS Name: myNAM.company.com Default Gateway: 209.165.201.222 Nameserver(s): 171.69.2.
Configuring the NME-NAM-120S for Management DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 configure terminal Enters global configuration mode. Example: Router# configure terminal Step 3 aaa authentication login list-name none Creates a local authentication list. • Example: The none keyword specifies no authentication for this list.
Configuring the NME-NAM-120S For Network Connectivity Configuring the NME-NAM-120S For Network Connectivity This section describes how to configure the NME-NAM-120S to establish network connectivity and configure IP parameters. This task must be performed from the NAM CLI. For more advanced NAM configuration, use the NAM Traffic Analyzer (web GUI) or see the Network Analysis Module Command Reference for your NAM software release. Prerequisites Before doing this procedure, access the NAM console.
Configuring the NME-NAM-120S For Network Connectivity DETAILED STEPS Step 1 Command or Action Purpose ip interface {internal | external} Specifies which NAM interface will handle management traffic. Example: root@localhost# ip interface internal Example: root@localhost# ip interface external Step 2 ip address ip-address subnet-mask Configures the NAM system IP address. Example: root@localhost# ip address 172.20.104.126 255.255.255.
Configuring the NME-NAM-120S For Network Connectivity Step 7 Command or Action Purpose ip host name (Optional) Sets the NAM system hostname. Example: root@localhost# ip host nam1 Step 8 ip nameserver ip-address [ip-address][ip-address] (Optional) Sets one or more NAM system name servers. • Example: We recommend that you configure a name server for the NAM system to resolve Domain Name System (DNS) requests. root@nam1# ip nameserver 209.165.201.
Configuring the NME-NAM-120S For Network Connectivity Checking Network Connectivity with Ping root@myNAM.company.com# ping 172.20.98.129 PING 172.20.98.129 (172.20.98.129) 56(84) bytes 64 bytes from 172.20.98.129: icmp_seq=1 ttl=254 64 bytes from 172.20.98.129: icmp_seq=2 ttl=254 64 bytes from 172.20.98.129: icmp_seq=3 ttl=254 64 bytes from 172.20.98.129: icmp_seq=4 ttl=254 64 bytes from 172.20.98.129: icmp_seq=5 ttl=254 of data. time=1.27 time=1.13 time=1.04 time=1.08 time=1.11 ms ms ms ms ms --- 172.
Configuring the NME-NAM-120S For Network Connectivity SUMMARY STEPS 1. enable 2. configure terminal 3. ip cef 4. interface type slot/port or interface type slot/wic-slot/port 5. analysis-module monitoring 6. Repeat Step 4 and Step 5 for each interface that you want the NAM to monitor. 7. end 8. show running-config DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted.
Configuring the NME-NAM-120S For Network Connectivity Step 7 Command or Action Purpose end Returns to privileged EXEC mode. Example: Router(config-if)# end Router# Step 8 show running-config Displays the contents of the currently running configuration file. • Example: Router# show running-config Verify that you enabled the Cisco Express Forwarding switching path and enabled packet monitoring on the correct interfaces.
Configuring the NME-NAM-120S For Network Connectivity Enabling and Accessing the NAM Traffic Analyzer This section describes how to enable and access the NAM Traffic Analyzer (web GUI). Prerequisites • Ensure that your web browser supports your NAM software release. For a list of supported browsers, see the Release Notes for the Network Analysis Module Software, Release 4.0 at the following location: To be supplied prior to FCS.
Configuring the NME-NAM-120S For Network Connectivity DETAILED STEPS Command or Action Step 1 Purpose Open a NAM console session from the router. See the Accesses the NAM CLI. “Closing a Session” section on page 11. or Open a Telnet or SSH session to the NAM. See the “Opening and Closing a Telnet or SSH Session to the NAM” section on page 45. Step 2 ip http server enable Enables the HTTP server. or or ip http secure server enable Enables the HTTP secure server (HTTPs).
Configuring the NME-NAM-120S For Network Connectivity Command or Action Purpose Step 6 On your PC, open a web browser. — Step 7 In the web browser, enter the NAM system IP address Opens the NAM Traffic Analyzer in your web browser. or hostname as the URL. • You are automatically redirected to the NAM Traffic Analyzer login page. Example: http://172.20.105.215/ Example: https://172.20.105.
Configuring the NME-NAM-120S For Network Connectivity What to Do Next For information on the NAM Traffic Analyzer, see the User Guide for the Network Analysis Module Traffic Analyzer for your NAM software release. This document is available as online help within the NAM Traffic Analyzer application and on Cisco.com at the following URL: http://www.cisco.com/en/US/products/sw/cscowork/ps5401/products_user_guide _book09186a00807ed53e.
Configuring the NME-NAM-120S For Network Connectivity Examples This section provides the following examples: • Changing the NAM Root Password, page 44 • Verifying the NAM Root Password, page 44 Changing the NAM Root Password root@nam1.company.com# password root Changing password for user root New UNIX password: Retype new UNIX password: passwd:all authentication tokens updated successfully root@nam1.company.com# root@nam1.company.com# exit Verifying the NAM Root Password nam1.
Configuring the NME-NAM-120S For Network Connectivity DETAILED STEPS Step 1 Command or Action Purpose enable Enables privileged EXEC mode. • Enter your password if prompted. Example: Router> enable Step 2 service-module integrated-service-engine slot/0 password-reset Reloads the software on the NME-NAM-120S.
Configuring the NME-NAM-120S For Network Connectivity – From the NAM CLI, ping the NAM system default gateway. Telnet Prerequisites • Enter the exsession on NAM CLI command. See Step 5 of the “Configuring the NME-NAM-120S For Network Connectivity” section on page 34. SSH Prerequisites • Install the NAM software K9 cryptographic patch, which you can download from Cisco.com. • Enter the exsession on ssh NAM CLI command.
Configuring the NME-NAM-120S For Network Connectivity Step 3 Command or Action Purpose At the password prompt, enter your password. — or If you have not changed the password from the factory-set default, enter root as the root password. Example: Password: root Step 4 Perform the tasks that you need to perform in the NAM For help using NAM CLI commands, see the “Configuring CLI. When you want to end the Telnet or SSH session the NME-NAM-120S for Management” section on page 21.
Configuring the NME-NAM-120S For Network Connectivity Opening and Closing an SSH Session to the NAM Using the NAM System Hostname host [/home/user] ssh -l root nmnam2 root@nmnam2’s password: Terminal type: vt100 Cisco Network Analysis Module (NME-NAM-120S) Console, 4.0 Copyright (c) 1999-2008 by Cisco Systems, Inc. WARNING! Default password has not been changed! root@nmnam2.company.com# root@nmnam2.company.com# logout Connection to nmnam2 closed.
Configuring the NME-NAM-120S For Network Connectivity Table 3 Configuration Mode Router# Common Shutdown and Startup Commands Command Purpose service-module integrated-service-engine slot/0 reload Shuts down the network module operating system gracefully, then restarts it from the bootloader. (or for the NM-NAM) service-module analysis-module slot/0 reload Router# service-module integrated-service-engines slot/0 reset Resets the hardware on a module.
Configuring the NME-NAM-120S For Network Connectivity Verifying System Status To verify the status of an installation, upgrade, or downgrade or to troubleshoot problems, use commands as needed from the following list of common router and network module commands (Table 4). Note Among keyword options for many show commands is provision to display diagnostic output on your screen or to pipe it to a file or a URL.
Configuring the NME-NAM-120S For Network Connectivity Table 4 Common Verification and Troubleshooting Commands (continued) Configuration Mode Command Purpose Router# show version Displays information about the loaded router, software or network module bootloader version, and also hardware and device information. Router# test scp ping Pings the network module to check network connectivity. Router# verify Displays version information for installed hardware and software.
Additional References Table 6 Common Trace Commands (continued) Configuration Mode Command Purpose show trace buffer Displays the contents of the trace buffer. show trace store Displays the contents of the traced messages that are stored. trace Enables tracing (that is, generates error reports) for specified modules, entities, or activities. Additional References The following sections provide references related to the NME-NAM-120S features.
Additional References MIBs MIBs MIBs Link Router MIBs: To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: • CISCO-ENTITY-VENDORTYPE-OID-MIB Network Analysis Module (NAM) MIBs: • ART-MIB • DSMON-MIB • HC-RMON-MIB • MIB-II • RMON-MIB • RMON2-MIB • SMON-MIB http://www.cisco.
Additional References Technical Assistance Description Link http://www.cisco.com/techsupport The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and technical documentation. Registered Cisco.com users can log in from this page to access even more content.
Glossary Glossary AAA Authentication, authorization, and accounting, pronounced triple A. access list A list kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router). AIM Asynchronous interface module. Type of network module. appliance Alternate term for network module. ARP Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address.
Glossary MIB Management Information Base. Database of network management information that is used and maintained by a network management protocol, such as SNMP or Common Management Information Protocol (CMIP). The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches. NAT Network Address Translation.
Glossary Note syslog Industry-standard protocol for capturing log information for devices on a network. TCP Transmission Control Protocol. Connection-oriented transport-layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack. TFTP Trivial File Transfer Protocol.
Glossary Cisco Branch Routers Series Network Analysis Module (NME-NAM-120S) Installation and Configuration Note, 4.
