Dashboard Device View


 

The Device view gives an at-a-glance view of all routers/switches present in the network. This helps you determine the traffic statistics of every NetFlow enabled device in the network.  You can choose to view the devices in an Interface view or grid view. 

 

Interface View

 

The Interface view shows all the routers and interfaces from which NetFlow exports have been received so far, along with specific details about each interface. The default view shows the first router's interfaces alone. The remaining routers' interfaces are hidden. Click the [Show All] link to display all routers' interfaces on the Dashboard. Click the [Hide All] link to hide all interfaces and show only the router names in the Router List.

 

You can click on the device name and drilldown to see the particular device-based 10 top interfaces based on utilization and speed, top protocols, top application, top source, top destination, top conversation, top DSCP. You can export this particular device based report as pdf by clicking on the pdf icon on the right top.

 

You can set filters on the Dashboard view to display only those interfaces whose incoming or outgoing traffic values exceed a specified percentage value. Click the [Filter] link to specify minimum percentage values for IN or OUT traffic. Click the Set button for the changes to take effect. The filter settings are then displayed beside the [Filter] link. Click the Cancel icon at any time to clear the filter settings and display all interfaces on the Dashboard again.

 

By clicking on the Select Period, the required time period for which the traffic details need to be seen can be selected from the drop-down. Reports corresponsing to the chosen time period is shown in the Dashboard View.

 

The purpose of icons and buttons in the Router List is explained below.

 

Icon/ Button Purpose
expand Click this icon, or on the router name, to view the interfaces corresponding to the router
collapse Click this icon to hide the interfaces corresponding to the router
edit
(after Router Name)
Click this icon to change the display name of the device, its SNMP community string, or its SNMP port. You can also choose to get the Interface Name details from one of 3 fields - IfDesc, IfName, or IfAlias.
edit
(after Interface Name)
Click this icon before the interface name to change the display name of the interface, or its link speed (in bps). You can also set the SNMP parameters of the router corresponding to an interface by clicking the link present in the Note included below the settings. You can also provide the V9 sampling rate for the particular interface (is "1" by default), which is taken ainto account for flow calculation.
Troubleshoot

Click this link to troubleshoot an interface. You can troubleshoot only one interface at a time.

Note: Troubleshooting results are shown directly from raw data. Hence results depend on the raw data retention time period set in Settings

calendar Click this icon to see a quick report for the respective interface. This report shows you all the details about the traffic across that interface for the past one hour
nbar-report Indicates that NBAR report is available for the interface
serial interface Indicates a serial interface
ethernet Indicates an ethernet interface
Indicates an unknown interface
Indicates FDDI Objects
Indicates a MPLS Tunnel Virtual Interface  
Indicates a Point-to-Point Protocol Interface
Indicates an ATM  interface
Indicatesan ISDN and X.25 interface
Indicates an Asymmetric Digital Subscriber Loop interface
Indicates a Symmetric Digital Subscriber Loop interface

 

 

 

The Interface Name column lists all the interfaces on a discovered device. Click on an interface to view the traffic details for that interface.

The Status column indicates the current status of that interface.

 

Icon Description
no snmp The Status of the interface is unknown and no flows have been received for the past 10 minutes. The interface is not responding to SNMP requests.
inactive The interface is responding to SNMP requests and the link is up, but no flows have been received for the past ten minutes.
active

The link is up, and flows are being received.

down

The interface is responding to SNMP requests and the link is down and no flows are being received.

 

The IN Traffic and OUT Traffic columns show the utilization of IN and OUT Traffic on the respective interfaces for the past one hour. You can click on the IN Traffic or OUT traffic bar to view the respective application traffic graph for that interface. Use the Custom Report link to generate custom reports. Set the value in Refresh this Page to inform the application how frequently the refresh has to be done to fetch the most recent data.

 

Grid View

 

The grid view lists the routers in a grid fashion. It gives details about the different routers in the network, the type of flows each router is exporting(v5 or v9), and the interfaces asscosiated with each routers. Click on the device name or number of interfaces listed to view the device/interface snapshot of the selected resource. The grid view also displays the " Most Viewed Devices"  "Most Viewed IP Groups".

 

Device Snapshot:

 

IP Group List

 

A set of 4 IP groups have already been defined and have been named as

Using IP group list search option you can search for IP groups that are defined. You can also add or remove IP groups to suit your requirement.

 

Enabling SNMP V3

 

SNMP V3 is the latest version of the Simple Network Management Protocol by Cisco. With SNMP V3, data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted and confidential information, for example, SNMP Set command packets that change a router's configuration, can be encrypted to prevent its contents from being exposed on the network.

 

For NetFlow Analyzer to be able to successfully poll the routers, users need to give the SNMP V3 credentials to NetFlow Analyzer.

In the "Interface view" tab, click on "set SNMP", which appears on the top left besides "router name".

 

1. In the pop-up that follows, you can select the "router name", for which you need to create / apply credentials,from the drop-down.

 

SNMP V3 configuration

 

2. Check the "Enable SNMP V3" box, and click on the "credential settings"

 

3. You can add a new credential or apply an aldready present credential from the credential list.

 

4. To add a new credential, click on "add new".

 

SNMP V3 Configuration

 

 

5. Once the "credential setting" pops up, users can key in the credentials as per the following table.

 

Parameters
Description
Credential name
Users can name it as they find necessary
Description
Write a brief description for ease of understanding
Username
Same as the one set in the router
Context name
Same as the one set in the router
Authentication protocol
Same as the one set in the router
Authentication password
Same as the one set in the router
Encryption protocol
Same as the one set in the router
Encryption password
Same as the one set in the router

 

 

SNMP V3 Security Models and Levels

 

Model
Level
Authentication
Encryption
What happens
v3
noAuthNoPriv
Username
No

Uses a username match for authentication.

v3
AuthNoPriv

MD5 or SHA

No

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.

v3
AuthPriv

MD5 or SHA

DES

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.

 

For more details on SNMP V3, you can also view the Cisco site.

 

 

More Reports

 

Click on More Reports to Compare Device(s) over various time period(s) and to Generate Report based on custom defined criterion.

 

Compare Devices

 

Compare Devices feature lets the user Compare multiple devices for the same time period or Compare the same Device over different time periods. eg: Every Day Report, Every Hour Report, Every Week Report, Every Month Report.

 

 

Field Purpose/Description
Report Type

The report type could be one of :

  • Compare Multiple Devices over the same time period ( or)
  • Compare same device over different time periods

as the case may be.

Select Period

When the Report Type is chosen as - Compare Multiple Devices over the same time period, the available Periods are Last Hour, Last 6 Hour, Today, Last 24 Hours, Yesterday, Last Week, Last Month, Last Quarter or Custom Selection. Custom Selection lets one choose the time period for which one desires the report to be generated.

 

When the Report Type is chosen as -Compare same device over different time periods, the available Periods are Every Day Report, Every Hour Report, Every Week Report, Every Month Report.

Select Device(s) This allows the user to select the device( if the same device is to be compared over various time periods) or the set of devices ( that are to be compared for a single time period). The Select Devices option allows the user to select the devices in terms of Interface or IP Group ( By default the top 10 interfaces or IP Group by utilization are chosen) which can be modified by clicking on the Modify button
Generate Report

The Generate Report invokes the report for the defined criteria.

 

Report Options: The Report Options could be chosen to be one of

  • Show Speed
  • Show Utilization
  • Show Packets
Maximize When the Generate Report option is invoked, the filter condition frame is minimized to offer a better view of the graph ( report ) without scrolling. The filter frame can be restored by using the Maximize button.
Minimize The Minimize button can be used to minimize the Filter Frame for a better view of the report (graph) generated without scrolling

 

Search Devices

 

The Search link lets you set criteria and view specific details about the traffic across the network on various interfaces. Data to generate this report is taken directly from aggregated data.

 

Upon clicking the Search link a pop-up with provision to Select Devices & set criteria comes up. In the pop-up window that opens up, click the Select Devices link to choose the interfaces on which the report should be generated.

 

Under Search Criteria, enter the criteria on which traffic needs to be filtered. You can enter any of the following criteria to filter traffic:

The From and To boxes let you choose custom time periods for the report. Use the IN/OUT box to display values based on IN traffic, OUT traffic, or both IN and OUT traffic. The View per page lets you choose how many results to display.

 

Once you select all the desired criteria, click the Generate Report button to display the corresponding traffic report. The default report view shows the IP addresses of the hosts. Click the Resolve DNS link to see the corresponding DNS values. You can also sort the data displayed either by Number of packets or Bytes.

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine