Monitoring Bandwidth Usage: Cisco Switch Guide

Monitoring bandwidth usage on a Cisco switch is a crucial task for network administrators to ensure optimal performance and security. Cisco switches can often cause bottlenecks in a network, and if they malfunction or become overloaded, the entire network can suffer. By regularly checking bandwidth utilisation, administrators can proactively identify and address potential issues. The show controllers utilisation command is a popular method to view bandwidth utilisation for each port and the switch fabric itself. Additionally, tools like MRTG, which uses SNMP queries, can provide visual representations of traffic data. Cisco-specific monitoring solutions, such as Paessler PRTG, also offer comprehensive insights into network traffic, connections, and users, helping to maintain system health and performance.

Utilise the command 'show controllers utilisation' to view bandwidth usage on specific ports

Utilising the command "show controllers utilisation" is a great way to monitor bandwidth usage on specific ports of a Cisco switch. This command provides a detailed breakdown of bandwidth utilisation for each port, making it easy to identify potential bottlenecks or overloaded ports.

The output of the "show controllers utilisation" command includes both input and output load parameters, expressed as a fraction of 255. For example, if a port shows a load of 23/255 for input and 12/255 for output, it indicates that the port is utilising 9% of its input capacity and 5% of its output capacity.

Additionally, the "show controllers utilisation" command also provides information about the switch fabric itself, giving a comprehensive overview of the switch's performance. This command is particularly useful for fixed-configuration switches such as the Cisco 3560, 3750, 2950, and 2960 series.

It is important to note that the "show controllers utilisation" command is not available on all Cisco switches. For switches that do not support this command, alternative methods such as monitoring byte counters or using network monitoring tools like MRTG or PRTG may be used to monitor bandwidth usage on specific ports.

By regularly running the "show controllers utilisation" command and analysing the output, network administrators can ensure optimal performance and identify potential issues before they cause significant problems. This command is a valuable tool for managing and optimising Cisco switch performance.

Use SNMP and flow technologies like NetFlow and IPFIX

SNMP, NetFlow, and IPFIX are all technologies that can be used to monitor bandwidth usage on a Cisco switch.

SNMP (Simple Network Management Protocol) is a widely-used network management protocol that allows devices on an IP network to be managed and monitored remotely. SNMP can be used to monitor network traffic and bandwidth usage on Cisco switches by collecting and analysing data such as packet counts, byte counts, and interface statistics. It provides broad statistics like overall packet and bandwidth use, and network engineers can use it to identify potential issues and optimise network performance. SNMP is a simple and efficient protocol that minimises network and CPU loads, making it a good choice for basic network monitoring.

NetFlow is a Cisco technology designed to minimise bandwidth consumption by collecting and analysing data on bandwidth usage within a device. NetFlow provides more detailed information than SNMP, including per-protocol and per-IP address data, making it useful for troubleshooting and identifying security issues. NetFlow can be used to monitor traffic on Cisco switches by collecting and exporting flow records to a "flow collector", which can then be analysed by a "flow analyser" to provide insights and visualisations. NetFlow is a stateful protocol, capturing and aggregating metadata from a flow until the session is terminated, at which point it exports a complete record.

IPFIX (Internet Protocol Flow Information Export) is very similar to NetFlow and is based on the same technology. The main difference is that IPFIX is an open standard supported by multiple vendors, while NetFlow is a proprietary Cisco technology. IPFIX collects and exports flow records in a similar way to NetFlow and can be used with the same flow collectors and analysers.

By using SNMP, NetFlow, or IPFIX, network administrators can gain valuable insights into bandwidth usage and network performance on Cisco switches, enabling them to optimise their networks and quickly identify and resolve any issues.

Monitor Cisco switches to avoid network bottlenecks

Cisco switches can often cause bottlenecks in a network. If a Cisco switch malfunctions or becomes overloaded, the entire network can suffer. To avoid this, you can use professional switch monitoring tools that will automatically alert you if problems arise and help you maintain high performance.

One way to monitor bandwidth usage on a Cisco switch is to use the command "show controllers utilization". This will display the bandwidth utilisation for each port and for the switch fabric itself. However, this command is only valid on fixed-config switches like the 3560, 3750, 2950, and 2960.

Another option is to use SNMP (Simple Network Management Protocol) tools, such as Cacti, to graph device interfaces. These tools poll the interfaces at specific intervals (typically every 5 minutes) to collect data. However, this may not provide real-time information as desired.

To obtain more real-time data, you can use the "show interface" command, which will show statistics for a specific interface, including input and output rates. Additionally, you can use the "show interface [interface] load-interval 30" command to lower the sampling rate to 30 seconds, providing more accurate txload and rxload values.

You can also check the byte counters for input and output packets by running a command every hour to build a baseline. Tools like MRTG can be used to build traffic graphs that can be displayed on a web page.

Furthermore, you can use Cisco-specific NetFlow technology for traffic monitoring. NetFlow minimises bandwidth consumption by determining bandwidth usage within a device and transmitting it to monitoring tools. This provides a higher degree of detail than SNMP and is ideal for Cisco networks with high traffic volumes.

Monitor Cisco routers using NetFlow or SNMP

Cisco routers are known for their stability and high-security features, making them a popular choice for network administrators. Monitoring Cisco routers can be done using NetFlow or SNMP.

NetFlow

NetFlow is a Cisco technology that provides highly granular per-flow statistics on traffic in a Cisco router. It is a flexible and extensible way to carry NetFlow records from a network node to a collector. NetFlow has been used for various applications, including traffic engineering, usage-based billing, and denial-of-service (DoS) attack monitoring.

SNMP

SNMP (Simple Network Management Protocol) is a widely used network management protocol that allows for the monitoring and control of network devices, as well as the management of configurations, statistics collection, performance, and security. SNMP has been historically used to collect network information from devices such as routers and switches.

Monitoring Cisco Routers with NetFlow or SNMP

To monitor Cisco routers, you can use tools like Paessler PRTG, which supports both NetFlow and SNMP. PRTG provides preconfigured sensors designed specifically for Cisco device integration, making it easy to monitor Cisco routers and switches.

With PRTG, you can monitor Cisco routers using NetFlow or SNMP. NetFlow offers a higher degree of detail than SNMP, as it can provide information per network protocol/IP address. This makes it ideal for Cisco networks with high traffic volumes.

By using SNMP, you can remotely monitor various aspects of NetFlow, including flow cache configuration, NetFlow export, and general NetFlow statistics. This allows for the retrieval of critical information from network devices, such as routers and switches.

In summary, monitoring Cisco routers using NetFlow or SNMP can be achieved through tools like PRTG, which offers preconfigured sensors and supports both protocols. NetFlow provides detailed traffic statistics, while SNMP is a widely used network management protocol that collects critical network information.

Check input and output statistics for the last 5 minutes with the command 'show interface [interface]'

To check the input and output statistics for the last 5 minutes, you can use the "show interface" command followed by the specific interface you want to monitor. This will provide you with detailed information about the selected interface on your Cisco switch. Here's an example of the output you might see:

Switch#show interface FastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is c201.1d00.0000 (bia c201.1d00.0000)

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:02, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

2 packets output, 403 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

In this output, you can see various statistics and parameters related to the FastEthernet 0/0 interface. Let's go through some of the key metrics:

• "FastEthernet0/0 is up, line protocol is up": This indicates that the interface is up and operational.
• "MTU 1500 bytes": The Maximum Transmission Unit (MTU) is set to 1500 bytes.
• "BW 100000 Kbit/sec": The bandwidth is 100000 Kbit/sec (100 Mbit).
• "DLY 1000 usec": The propagation delay is 1000 microseconds.
• "reliability 255/255": The reliability counter, which is calculated every 5 minutes, is currently at its maximum value of 255, indicating high reliability.
• "txload 1/255" and "rxload 1/255": These values indicate the transmission and reception load on the interface, respectively.
• "Encapsulation ARPA": The layer 2 protocol used is ARPA (Advanced Research Projects Agency), which is Ethernet version 2 encapsulation.
• "Keepalive set (10 sec)": Keepalive packets are sent every 10 seconds to check end-to-end connectivity.
• "Full-duplex, 100Mb/s, 100BaseTX/FX": The interface is using full-duplex mode with a bandwidth of 100 Mbit/s.
• "ARP type: ARPA, ARP Timeout 04:00:00": The ARP type is ARPA, and the ARP cache timeout is set to 4 hours.
• "Last input never, output 00:00:02, output hang never": This shows the last time the interface received or sent any data.
• "Input queue: 0/75/0/0": The input queue has a size of 0 and a maximum size of 75, with no drops or flushes.
• "Output queue: 0/40 (size/max)": The output queue has a size of 0 and a maximum size of 40.
• "5 minute input rate 0 bits/sec, 0 packets/sec": The average input rate for the last 5 minutes is 0 bits/sec and 0 packets/sec.
• "5 minute output rate 0 bits/sec, 0 packets/sec": The average output rate for the last 5 minutes is 0 bits/sec and 0 packets/sec.
• "0 packets input, 0 bytes": No packets have been received, and the number of bytes received is 0.
• "Received 0 broadcasts, 0 runts, 0 giants, 0 throttles": No broadcast frames, runts, giants, or throttles have been received.
• "0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored": There are no input errors, CRC errors, frame errors, overrun errors, or ignored packets.
• "0 watchdog": The watchdog timer has not expired.
• "2 packets output, 403 bytes, 0 underruns": 2 packets have been sent, with a total of 403 bytes, and there are no underruns.
• "0 output errors, 0 collisions, 1 interface resets": There are no output errors or collisions, but there has been 1 interface reset.
• "0 unknown protocol drops, 0 babbles, 0 late collision, 0 deferred": There are no unknown protocol drops, babbles, late collisions, or deferred packets.
• "0 lost carrier, 0 no carrier": There are no issues with the carrier signal.
• "0 output buffer failures, 0 output buffers swapped out": There are no output buffer failures or output buffer swaps.

These statistics provide valuable insights into the performance and health of the specific interface on your Cisco switch. By monitoring these metrics, you can identify potential issues, troubleshoot problems, and optimize your network configuration.

Frequently asked questions