Question : Cisco Catalyst 2950 & MRTG per IP Traffic Monitoring

I have a cisco Catalyst 2950 set up behind my firewall. I have multiple web servers each one running multiple sites. I have 2 questions:

1) I need to monitor the traffic being generated by each IP. How do i set this up with MRTG if all the servers are using VLAN1. Monitoring the port will not help me since I need to know what each IP is doing. I have seen many sites and configurations for MRTG - I can't tell if it's something I need to filter in MRTG or set up something in the 2950 itself.

2) If i monitor the traffic behind the firewall - will it give me all traffic (even traffic from the web servers to the database servers) ?  -- I'm pretty sure it will, but I wouldn't really want to set up the switch outside the firewall.

Thanks!

Answer : Cisco Catalyst 2950 & MRTG per IP Traffic Monitoring

1.  The 2950 isn't a layer 3 switch so it has not sense of layer 3 (IP addresses).  You won't be able to track usage based on IP unless you are tracking it on a router or other layer 3 device.  Do you have a router in front of the switch you could collect stats from?  You could enable net flow on the router and send the flow traffic to a host running ntop.  It will track flows through the router using IP source and destination addresses.  To enable it on a router, you need to add the "ip route-cache flow" command to the in and out interfaces.  You can use "show ip cache flow" to view the flow statistics or as mentioned, send it to a host running ntop.

http://www.ntop.org/ntop.html

2.  You can use MRTG to monitor total bandwidth utilization on VLAN1 so yes, it would give you all traffic.