Sometime ago, I was involved in a short project where a particular data-center was unavailable (or access was very slow). Our task was to find out what the problem was and fix it as soon as possible being a critical data-center. Since we could not access the devices, we could not perform on-the-spot troubleshooting.
Thankfully, the organization had been monitoring (and keeping logs of) all traffic going through the data-center and from their Cisco Devices. After combing through the logs, we found the problem (a denial of service attack) and restored access to the data-center.
Troubleshooting is one of the reasons to perform monitoring on your network as evident from that personal story. Other reasons include:
- Monitoring bandwidth Usage: Is your ISP being sneaky or is a worm is eating up your bandwidth?
- Performance monitoring: Monitoring can help you determine if your network is performing optimally or if there is network congestion (e.g. at certain times of the day).
- Intrusion Detection: If you keep getting failed login attempts, it could mean someone is trying to break into your network. Also, sudden spikes in network traffic can indicate an attack. You will only detect these attacks if you are monitoring your network.
- Network planning: By monitoring your network, you can determine what parts of your network to improve. For example, by keeping an accurate inventory, you will be prepared to change devices that are going obsolete (end-of-life). Also, you can better plan the quality of service (QoS) that should be applied to different kinds of traffic.
What must you monitor?
It is important to note that while you can monitor all the devices on your network (including workstations), you may not want to. For example, you may not have the capacity to manage all the data/logs generated by the numerous devices on your network.
Ideally, you should monitor the critical devices on your network e.g. the Internet Edge Router/Firewall. For example, it is common practice for banks with several branches/ATM points to monitor the edge devices at those branches to detect when something goes wrong and fix it promptly.
In this article, we are going to talk specifically about monitoring Cisco devices including routers (e.g. Cisco 2900 Series ISRs), switches (e.g. Cisco Catalyst 3650 switches), security devices (e.g. Cisco Adaptive Security Appliance (ASA) 5500-X series) and wireless devices (e.g. Cisco Aironet 1830 Series Access points).
There are various protocols that help in network monitoring including:
- SNMP: Simple Network Management Protocol operates using an agent-manager model. SNMP can be used to “get” and “set” information and is probably the most used monitoring protocol.
- ICMP: Internet Control Message Protocol is mostly used to determine the reachability of a network device i.e. using ping, although it can provide other information like delay.
- Syslog: Syslog is used to send logs (e.g. interface up/down) to a Syslog server.
- RADIUS and TACACS+: Even though these two protocols can be used for other things like authentication and authorization, they also provide good accounting (logs) features. RADIUS is an industry standard while TACACS+ is Cisco proprietary.
- NetFlow: NetFlow is a Cisco developed protocol used to collect information about traffic flows in a network. Even though it was developed by Cisco, it is also supported by other vendors and exists in other industry/vendor-specific variants like IPFIX and J-Flow.
- IP SLA: IP Service Level Agreement is a Cisco proprietary feature on Cisco IOS software that simulates various types of network data between multiple devices to measure performance such as jitter, delay, connectivity and packet loss.
- CDP: Cisco Discovery Protocol is a Cisco proprietary protocol used to gain information about directly connected devices.
- Telnet and SSH: By using Telnet or SSH, a network engineer or monitoring tool can remotely log into a device and execute monitoring commands (e.g. show interface on a Cisco router).
- HTTP or HTTPS: Some devices (e.g. Cisco IOS devices) allow information to be retrieved via HTTP/HTTPS.
Top Cisco Network Monitoring Tools of 2017:
While it is possible to monitor network devices manually (e.g. login using SSH and execute show/debug commands), it is usually preferable and easier to use tools that have been created for this very purpose. Not only will these tools do the heavy lifting for you (e.g. automatically run commands frequently), they also provide great reports and in some cases, offer resolution options.
In this article, we will look at some Cisco Network Monitoring tools that can be used by Network Engineers to monitor Cisco devices. The tools covered are as follows:
- Solarwinds Network Performance Monitor (NPM)
- PRTG Network Monitor
- ManageEngine OpManager
- WhatsUp Gold
- Cisco Network Assistant
1. Solarwinds NPM w/ Network Insights for ASA
The Solarwinds NPM is one of the most robust network monitoring tools available on the market and it supports Cisco devices (amongst other vendors). Some of the features it supports include:
- Availability, Performance and Health Monitoring: Determine if a device (interface) is up or down, view device performance (e.g. bandwidth utilization) and also get information about various health parameters like CPU utilization and temperature.
- Troubleshooting: Hop-by-hop analysis of devices and applications along the critical path.
- Network discovery: Dynamically discover network devices on a network.
- Event Reporting: Provides alerts on what is happening on the network.
Their latest release of NPM has included Network Insights for ASA, which gives you a deeper, detailed look into your ASA devices directly from the dashboard. Features of their updated version include:
- Total visibility into your ASA Environment and Infrastructure
- Monitor Health and Performance of ASA Devices including Network Intefaces (Wan, Lan, DMZ, etc), Contexts, ACL (access control lists), and more!
- Monitoring and Visibility of VPN infrastructure and connectivity to ensure uptime between locations and endpoints.
- Firewall Monitoring ensure Health, Security, HA and more.
Solarwinds uses various protocols to perform network monitoring but relies mostly on SNMP. It also uses ICMP for interface availability.
Solarwinds NPM can only be installed on Windows operating systems and is available as an online demo or a downloadable a free 30-day trial.
Download (Free Trial!):
2. PRTG Network Monitor
PRTG Network Monitor is one of the most user friendly network monitoring tools available on the market. Unlike other monitoring tools where you need different licenses or products to enable certain features like traffic analysis, PRTG Network Monitor is an all-in-one solution meaning that everything is included in the product.
PRTG Network Monitor supports all the features you will need from a network monitoring tool including availability and health monitoring, bandwidth utilization, network traffic analysis, alerting and so on. However, it does not support configuration management out of the box.
Like the first two monitoring tools we have discussed, PRTG Network Monitor uses SNMP heavily even though it also supports other protocols like NetFlow. It can only be installed on Windows Operating systems but there are also apps for iOS and Android.
PRTG Network Monitor is available as a free 30-day trial download (unlimited sensors). After 30 days, the product downgrades to the freeware version (free forever for up to 100 sensors). You can purchase PRTG Network Monitor starting at $1,600 for a 500-sensor license.
Download (Free up to 100 Sensors):
3. ManageEngine OpManager
ManageEngine OpManager is another network monitoring tool that can monitor devices from various vendors including Cisco. Like Solarwinds NPM, it also supports features like automatic network discovery, availability and performance monitoring, and various reporting capabilities. With additional licenses, network traffic analysis and configuration management can also be enabled. One of the really cool things about ManageEngine OpManager is its customizable dashboard feature, allowing you to configure the user interface with exactly what you will like to see.
Like Solarwinds NPM, ManageEngine OpManager also relies heavily on SNMP even though it supports other protocols/technologies like IP SLA and NetFlow. It also uses Telnet/SSH for configuration management. It can be installed on Windows and Linux operating systems.
There is a live demo of OpManager on their site to really get a feel for what it looks like and how it works. We highly recommend you can also download a free 30-day trial or a free-forever edition that allows you to monitor 10 devices with limited functionality. ManageEngine OpManager starts at $595 for monitoring 25 devices on an Essential license.
4. WhatsUp Gold 2017
WhatsUp Gold is one of the network monitoring tools that have been around for a long time even though interest in the product went down a couple of years ago. Like PRTG Network Monitor, WhatsUp Gold is an all-in-one monitoring tool and provides features like performance monitoring, traffic analysis and reporting. Unlike PRTG, WhatsUp Gold also offers configuration management.
To perform its monitoring function, WhatsUp Gold uses SNMP, Syslog and NetFlow among other protocols and it can only be installed on Windows Operating systems.
WhatsUp Gold uses Point-based licensing where different monitored elements are assigned points e.g. routers are 1 point while application performance monitoring is 10 points per application. They offer a free 30-day trial and prices start around $1,900 for 25 points on WhatsUp Gold BasicView.
5. Cisco Network Assistant
The Cisco Network Assistant is a freely available network management tool from Cisco to manage a range of Cisco devices including routers, switches, access points, IP phones and even the Cisco ASA. It supports the following features:
- Network device discovery: Uses HTTP/HTTPS to connect and manage devices and also CDP to get information about neighboring devices.
- Health monitoring: It can monitor health status including Bandwidth utilization, CPU Utilization, Memory Utilization, and so on.
- Event notification: It can alert on problems on network devices.
- Network Configuration: Supports configuration of devices through GUI or Telnet.
- Network device inventory: Can generate inventory reports on network devices including serial numbers, interfaces, IP addresses and so on.
The Cisco Network Assistant supports up to 80 devices and therefore, is targeted at small to medium sized businesses. The fact that it is free (you only need to login to download it) is also a bit surprising knowing that Cisco generally does not do free things. It can be installed on Windows and Mac operating systems.
Network Monitoring is a very important aspect of managing a network because not only can it alert you when something goes wrong, it can also help during troubleshooting and for network planning.
There are several protocols that help us perform network monitoring on Cisco devices including SNMP, ICMP and CDP. While these protocols can be used manually, there are tools that have been designed specifically to automate the network monitoring process, tools like Solarwinds NPM, ManageEngine OpManager, PRTG Network Monitor, WhatsUp Gold and Cisco Network Assistant.
The choice of the tool you use to monitor your Cisco devices will depend on factors like cost, complexity and robustness. Solarwinds NPM is a very robust solution and can provide a wealth of information, especially now that they have integrated Network Insights for ASA Devices.We recommend donwloading their 30 Day Unlimited Trial and starting monitoring within 10 minutes of installing. They have a Great Auto Discovery feature that will assist you in scanning your network for Cisco Devices and automatically add them to your inventory. NPM is one of the Top Cisco Monitoring Tools on the market as of 2017!
If you're looking for other options, PRTG Network Monitor is an all-in-one solution and might be less expensive for your network if you are on a budget. Moreover, if you are monitoring a small network, you can use the free version of PRTG Network Monitor up to 100 Sensors.
The Cisco Network Assistant is more fitting as a network management tool even though it also provide some monitoring capabilities (not at the same level as the other tools mentioned).
All the tools we discussed in this article are commercially available (even though Cisco Network Assistant is free). When compared against open source network monitoring tools, these commercial software have the advantage of being (to a more probable extent) supported and updated by their developers. These commercial vendors may also be able to provide expert engineers to assist with issues and troubleshooting if they arise.