Easy to Deploy, Intuitive to Use

I deployed the NAM in our Chicago Neohapsis partner labs on one of our Catalyst 6509 switches. The NAM occupies one slot in the Catalyst chassis and appears to be based on the same hardware that drives the Cisco IDS blade.

Once the blade was installed in the switch, I was able to use the Catalyst's "session" command to perform the essential IP configuration tasks necessary to make the NAM accessible via the Web interface. The command-line NAM interface has a stripped down set of commands whose syntax differs from that of IOS. However, after a few minutes with the online help (use the "?" key!), I was able to figure it out. After I assigned the NAM an IP address and supplied a default route, I was ready to start using the Web interface. No software installation is required on the end user's workstation -- a pleasing feature.

The Cisco NAM (screen view) Click here to enlarge

The NAM's embedded Web server, which runs on the blade, can be used to configure the NAM, monitor real-time traffic, set capture options, and inspect captured traffic. I configured a few span ports on the switch using the NAM's Web interface and began capturing traffic immediately. Configuring span ports through the Web interface is a lot easier than using the normal Catalyst OS command-line routine, or maybe it's just that drop-down menus are a lot more fun.

Once traffic was captured, I used the built-in packet decoder to take a more detailed look at our packet dumps. I was pleasantly surprised at how useful an HTML-based packet decoder could be. While not as "graphically stimulating" as some Win32-based packet decoders, the NAM's packet-decode Web interface satisfied my decode needs nicely. The Web interface also will let you save your captured traffic to a file for downloading. For example, I pulled one of our capture sessions down to a local workstation and had no problems opening it up in the popular open-source protocol analyzer, Ethereal. This type of flexibility is incredibly powerful, and I'm thankful Cisco has committed to supporting open standards on this front.

Vendor Information Network Analysis Module (NAM) for Catalyst 6500 and 6000 Series, $14,995. Available: Now. Cisco Systems, (800) 326-1941, (408) 526-4000; fax (408) 526-4100. www.cisco.com

Going beyond basic monitoring, Cisco has introduced some VoIP (voice over IP) QoS monitoring options in version 2.1 of the NAM software. Using this version, network managers can analyze voice traffic for network utilization, track round-trip delay times, monitor quality degradation and measure general device-to-device latency. Using the Web interface, I was able to monitor latency levels between both network devices and VoIP phones.

Administrators also can view statistics, such as MAC (Media Access Control) history tables, application-utilization levels and network-utilization levels, broken down by application protocols (FTP versus HTTP, SSH, SMTP for example).

But the NAM can do more then simply monitor. Using the NAM's threshold alarm settings, I set alarm conditions for network jitter, H.323 latency and other possible problems. Alarms can be viewed from the Web interface or redirected to syslog servers. This redirect capability is incredibly helpful for getting a heads-up warning before the trouble begins, and tying these types of alerts into larger network frameworks should be a simple thing to do.

Finally, Cisco claims that because of the architecture behind the Catalyst 5000 and 6000 series switches the NAM has very little affect on the switch's processing overhead. While I was able to monitor CPU and memory utilization of the NAM blade, I ran out of time and was unable to test whether Cisco's "no impact" claims are indeed accurate.

If you have free slots in your Catalyst switches and are in need of a strong VoIP-aware network-analysis tool, it's going to be hard to find a more feature-rich, cost-effective solution than the Cisco NAM.