A network engineer is troubleshooting intermittent packet loss on a WAN link connecting two data centers. The engineer suspects that certain traffic types are being dropped but needs to confirm this without impacting production. The engineer has access to Cisco IOS-XE routers at both ends. Which approach should the engineer use to identify the specific flows being dropped?
Trap 1: Enable SNMP polling of interface counters to identify the total…
Incorrect because SNMP polling shows aggregate drops but does not provide per-flow granularity needed to identify specific traffic types.
Trap 2: Use Embedded Event Manager (EEM) to trigger on interface drops and…
Incorrect because EEM can trigger on events but does not inherently capture per-flow drop details; packet capture would be needed separately.
Trap 3: Deploy IP SLA probes to measure latency and jitter, and correlate…
Incorrect because IP SLA measures performance metrics but does not identify which specific flows are being dropped.
- A
Configure Flexible NetFlow on the routers with a flow monitor that includes the 'drop' keyword to capture dropped packets per flow.
Correct because Flexible NetFlow with the 'drop' keyword allows per-flow drop monitoring, directly identifying which flows are being dropped.
- B
Enable SNMP polling of interface counters to identify the total number of dropped packets on the WAN interface.
Why wrong: Incorrect because SNMP polling shows aggregate drops but does not provide per-flow granularity needed to identify specific traffic types.
- C
Use Embedded Event Manager (EEM) to trigger on interface drops and capture a packet trace.
Why wrong: Incorrect because EEM can trigger on events but does not inherently capture per-flow drop details; packet capture would be needed separately.
- D
Deploy IP SLA probes to measure latency and jitter, and correlate with drop events.
Why wrong: Incorrect because IP SLA measures performance metrics but does not identify which specific flows are being dropped.