|
|
This section is common to all the editions of IT360 - Professional Edition, Enterprise Edition - Probes only and MSP Edition - Probes only.
The Interface View tab [under Traffic tab] displays information on all interfaces from which NetFlow exports are received.
The default Router List shows all the routers and interfaces from which NetFlow exports have been received so far, along with specific details about each interface. The default view shows the first router's interfaces alone. The remaining routers' interfaces are hidden. Click the [Show All] link to display all routers' interfaces on the Dashboard. Click the [Hide All] link to hide all interfaces and show only the router names in the Router List.
You can click on the device name and drilldown to see the particular device-based 10 top interfaces based on utilization and speed, top protocols, top application, top source, top destination, top conversation, top DSCP. You can export this particular device based report as pdf by clicking on the pdf icon on the right top.
You can set filters on the Dashboard view to display only those interfaces whose incoming or outgoing traffic values exceed a specified percentage value. Click the [Filter] link to specify minimum percentage values for IN or OUT traffic. Click the Set button for the changes to take effect. The filter settings are then displayed beside the [Filter] link. Click the 
icon at any time to clear the filter settings and display all interfaces on the Dashboard again.
By clicking on the Select Period, the required time period for which the traffic details need to be seen can be selected from the drop-down. Reports corresponsing to the chosen time period is shown in the Dashboard View.
The purpose of icons and buttons in the Router List are explained below.
| Icon / Button |
Purpose |
 |
Click this icon, or on the router name, to view the interfaces corresponding to the router |
 |
Click this icon to hide the interfaces corresponding to the router |
|
(before Router Name)
|
Click this icon to change the display name of the device, its SNMP community string, or its SNMP port. You can also choose to get the Interface Name details from one of 3 fields - IfDesc, IfName, or IfAlias. |
|
(before Interface Name)
|
Click this icon before the interface name to change the display name of the interface, or its link speed (in bps). To set the SNMP parameters click on this icon against the router name. |
 |
Click this link to troubleshoot an interface. You can troubleshoot only one interface at a time. Note: Troubleshooting results are shown directly from raw data. Hence results depend on the raw data retention time period set in Settings |
 |
Click this icon to see a quick report for the respective interface. This report shows you all the details about the traffic across that interface for the past one hour |
The Interface Name column lists all the interfaces on a discovered device. Click on an interface to view the traffic details for that interface
The Status column indicates the current status of that interface.| Icon |
Description |
 |
The Status of the interface is unknown and no flows have been received for the past 10 minutes. The interface is not responding to SNMP requests. |
 |
The interface is responding to SNMP requests and the link is up, but no flows have been received for the past ten minutes. |
 |
The link is up, and flows are being received. |
 |
The interface is responding to SNMP requests and the link is down and no flows are being received. |
The IN Traffic and OUT Traffic columns show the utilization of IN and OUT Traffic on the respective interfaces for the past one hour. You can click on the IN Traffic or OUT traffic bar to view the respective application traffic graph for that interface. Use the Custom Report link to generate custom reports. Set the value in Refresh this Page to inform the application how frequently the refresh has to be done to fetch the most recent data.
IP Group List
A set of 4 IP groups have already been defined and have been named as
Users can also add/ remove other sites that they feel can under these predefined IP groups.
SNMP V3 is the latest version of the Simple Network Management Protocol by Cisco. With SNMP V3, data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted and confidential information, for example, SNMP Set command packets that change a router's configuration, can be encrypted to prevent its contents from being exposed on the network.
For NetFlow Analyzer to be able to successfully poll the routers, users need to give the SNMP V3 credentials to NetFlow Analyzer.
In the "Interface view" tab, click on "set SNMP", which appears on the top left besides "router name".
1. In the pop-up that follows, you can select the "router name", for which you need to create / apply credentials,from the drop-down.
2. Check the "Enable SNMP V3" box, and click on the "credential settings"
3. You can add a new credential or apply an aldready present credential from the credential list.
4. To add a new credential, click on "add new".
5. Once the "credential setting" pops up, users can key in the credentials as per the following table.
Parameters |
Description |
Credential name |
Users can name it as they find necessary |
Description |
Write a brief description for ease of understanding |
Username |
Same as the one set in the router |
Context name |
Same as the one set in the router |
Authentication protocol |
Same as the one set in the router |
Authentication password |
Same as the one set in the router |
Encryption protocol |
Same as the one set in the router |
Encryption password |
Same as the one set in the router |
SNMP V3 Security Models and Levels
Model |
Level |
Authentication |
Encryption |
What happens |
v3 |
noAuthNoPriv |
Username |
No |
Uses a username match for authentication. |
v3 |
AuthNoPriv |
MD5 or SHA |
No |
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. |
v3 |
AuthPriv |
MD5 or SHA |
DES |
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard. |
For more details on SNMP V3, you can also view the Cisco site
More Reports
Click on More Reports to Compare Device(s) over various time period(s) and to Generate Report based on custom defined criterion.
Compare Devices
Compare Devices feature lets the user Compare multiple devices for the same time period or Compare the same Device over different time periods. eg: Every Day Report, Every Hour Report, Every Week Report, Every Month Report.
| Field | Purpose/Description |
|---|---|
| Report Type | The report type could be one of :
as the case may be. |
| Select Period | When the Report Type is chosen as - Compare Multiple Devices over the same time period, the available Periods are Last Hour, Last 6 Hour, Today, Last 24 Hours, Yesterday, Last Week, Last Month, Last Quarter or Custom Selection. Custom Selection lets one choose the time period for which one desires the report to be generated. When the Report Type is chosen as -Compare same device over different time periods, the available Periods are Every Day Report, Every Hour Report, Every Week Report, Every Month Report. |
| Select Device(s) | This allows the user to select the device( if the same device is to be compared over various time periods) or the set of devices ( that are to be compared for a single time period). The Select Devices option allows the user to select the devices in terms of Interface or IP Group ( By default the top 10 interfaces or IP Group by utilization are chosen) which can be modified by clicking on the Modify button |
| Generate Report | The Generate Report invokes the report for the defined criteria. Report Options: The Report Options could be chosen to be one of
|
| Maximize | When the Generate Report option is invoked, the filter condition frame is minimized to offer a better view of the graph ( report ) without scrolling. The filter frame can be restored by using the Maximize button. |
| Minimize | The Minimize button can be used to minimize the Filter Frame for a better view of the report (graph) generated without scrolling |
Search Devices
The Search link lets you set criteria and view specific details about the traffic across the network on various interfaces. Data to generate this report is taken directly from aggregated data.
Upon clicking the Search link a pop-up with provision to Select Devices & set criteria comes up. In the pop-up window that opens up, click the Select Devices link to choose the interfaces on which the report should be generated.
Under Search Criteria, enter the criteria on which traffic needs to be filtered. You can enter any of the following criteria to filter traffic:
The From and To boxes let you choose custom time periods for the report. Use the 
icon to select the date and time easily. Use the IN/OUT box to display values based on IN traffic, OUT traffic, or both IN and OUT traffic. The View per page lets you choose how many results to display.
Once you select all the desired criteria, click the Generate Report button to display the corresponding traffic report. The default report view shows the IP addresses of the hosts. Click the Resolve DNS link to see the corresponding DNS values. You can also sort the data displayed either by Number of packets or Bytes.
|
|
