Configuring Accounting for IPv6 Layer 2 Bridged Traffic
ErrorMessage : Error while constructing the Hinav

null
Downloads: This chapterpdf (PDF - 1.3MB) | Feedback

Configuring Accounting for IPv6 Layer 2 Bridged Traffic

Contents

Configuring Accounting for IPv6 Layer 2 Bridged Traffic

This document contains information about and instructions for configuring sampling to reduce the CPU overhead of analyzing traffic with Flexible NetFlow.

NetFlow is a Cisco technology that provides statistics on packets flowing through a router. NetFlow is the standard for acquiring IP operational data from IP networks. NetFlow provides data to support network and security monitoring, network planning, traffic analysis, and IP accounting.

Flexible NetFlow improves on original NetFlow by adding the capability to customize the traffic analysis parameters for your specific requirements. Flexible NetFlow faciltates the creation of more complex configurations for traffic analysis and data export through the use of reusable configuration components.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

Prerequisites for Monitoring IPv6 Bridged Flows

  • The networking device must be running a Cisco release release that supports Flexible NetFlow.

  • The networking device must be configured for IPv6 routing.

  • One of the following must be enabled on your router and on any interfaces on which you want to enable Flexible NetFlow: Cisco Express Forwarding IPv6 or distributed Cisco Express Forwarding IPv6.

  • You have configured a flow record, flow monitor, flow exporter, and flow sampler.

Information About Monitoring IPv6 Layer 2 Bridged Traffic

This feature expands the ipv6 flow monitor command to include a layer2-bridged keyword that enables you to configure Flexible Netflow to monitor IPv6 Layer 2 bridged traffic on both Switched Virtual Interfaces (SVIs) and VLANs, with or without flow samplers.

How to Configure the Monitoring of IPv6 Layer 2 Bridged Traffic

Only the keywords and arguments required for the Flexible NetFlow commands used in these tasks are explained in these tasks. For information about the other keywords and arguments available for these Flexible NetFlow commands, refer to the Cisco IOS Flexible NetFlow Command Reference .

Configuring a Flow Record, Flow Monitor, and Exporter to Monitor IPv6 Layer 2 Bridged Traffic

To configure a flow record, flow monitor, and exporter to monitor IPv6 Layer 2 bridged traffic, perform this task.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    flow record name

    4.    match datalink source-vlan-id

    5.    match flow cts destination group

    6.    match flow cts source group

    7.    match flow direction

    8.    match interface input

    9.    match interface input physical

    10.    match interface output

    11.    match ipv4 destination address

    12.    match ipv4 dscp

    13.    match ipv4 precedence

    14.    match ipv4 protocol

    15.    match ipv4 source address

    16.    match ipv4 tos

    17.    match transport destination-port

    18.    match transport source-port

    19.    collect counter bytes

    20.    collect counter packets

    21.    collect interface output

    22.    collect interface input

    23.    collect ipv4 destination mask

    24.    collect ipv4 destination prefix

    25.    collect ipv4 source mask

    26.    collect ipv4 source prefix

    27.    collect timestamp sys-uptime first

    28.    collect timestamp sys-uptime last

    29.    collect transport tcp flags

    30.    exit

    31.    flow exporter exporter-name

    32.    export-protocol netflow-v9

    33.    destination ip-address

    34.    exit

    35.    flow monitor name

    36.    record record-name

    37.    exporter exporter-name

    38.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 flow record name


    Example:
    Device(config)# flow record ipv6-bridged-traffic
     

    Configures a flow record to monitor IPv6 bridged Layer 2 traffic and enters Flexible NetFlow flow record configuration mode.

     
    Step 4 match datalink source-vlan-id


    Example:
    Device(config-flow-record)# match datalink source-vlan-id
     

    Configures the source VLAN ID as a key field.

     
    Step 5 match flow cts destination group


    Example:
    Device(config-flow-record)# match flow cts destination group
     

    Configures the flow CTS destination group as a key field.

     
    Step 6 match flow cts source group


    Example:
    Device(config-flow-record)# match flow cts source group
     

    Configures the flow CTS source group as a key field.

     
    Step 7 match flow direction


    Example:
    Device(config-flow-record)# match flow direction
     

    Configures the flow direction as a key field.

     
    Step 8 match interface input


    Example:
    Device(config-flow-record)# match interface input
     

    Configures the input interface as a key field.

     
    Step 9 match interface input physical


    Example:
    Device(config-flow-record)# match interface input physical
     

    Configures the physical input interface as a key field.

     
    Step 10 match interface output


    Example:
    Device(config-flow-record)# match interface input
     

    Configures the output interface as a key field.

     
    Step 11 match ipv4 destination address


    Example:
    Device(config-flow-record)# match ipv4 destination address
     

    Configures the IPv4 destination address as a key field.

     
    Step 12 match ipv4 dscp


    Example:
    Device(config-flow-record)# match ipv4 dscp
     

    Configures the IPv4 DSCP as a key field.

     
    Step 13 match ipv4 precedence


    Example:
    Device(config-flow-record)# match ipv4 precedence
     

    Configures the IPv4 precedence as a key field.

     
    Step 14 match ipv4 protocol


    Example:
    Device(config-flow-record)# match ipv4 protocol
     

    Configures the IPv4 protocol as a key field.

     
    Step 15 match ipv4 source address


    Example:
    Device(config-flow-record)# match ipv4 source address
     

    Configures the IPv4 source address as a key field.

     
    Step 16 match ipv4 tos


    Example:
    Device(config-flow-record)# match ipv4 tos
     

    Configures the IPv4 TOS as a key field.

     
    Step 17 match transport destination-port


    Example:
    Device(config-flow-record)# match transport destination-port
     

    Configures the transport destination port as a key field.

     
    Step 18 match transport source-port


    Example:
    Device(config-flow-record)# match transport source-port
     

    Configures the transport source port as a key field.

     
    Step 19 collect counter bytes


    Example:
    Device(config-flow-record)# collect counter bytes
     

    Collects the total number of bytes.

     
    Step 20 collect counter packets


    Example:
    Device(config-flow-record)# collect counter packets
     

    Collects the total number of packets.

     
    Step 21 collect interface output


    Example:
    Device(config-flow-record)# collect interface output
     

    Collects the output interface.

     
    Step 22 collect interface input


    Example:
    Device(config-flow-record)# collect interface input
     

    Collects the input interface.

     
    Step 23 collect ipv4 destination mask


    Example:
    Device(config-flow-record)# collect ipv4 destination mask
     
     

    Collects the Ipv4 destination mask.

     
    Step 24 collect ipv4 destination prefix


    Example:
    Device(config-flow-record)# collect ipv4 destination prefix
     
     

    Collects the Ipv4 destination prefix.

     
    Step 25 collect ipv4 source mask


    Example:
    Device(config-flow-record)# collect ipv4 source mask
     
     

    Collects the Ipv4 source mask.

     
    Step 26 collect ipv4 source prefix


    Example:
    Device(config-flow-record)# collect ipv4 source prefix
     
     

    Collects the Ipv4 source prefix.

     
    Step 27 collect timestamp sys-uptime first


    Example:
    Device(config-flow-record)# collect timestamp sys-uptime first
     
     

    Collects the first timestamp of the system uptime.

     
    Step 28 collect timestamp sys-uptime last


    Example:
    Device(config-flow-record)# collect timestamp sys-uptime last
     
     

    Collects the last timestamp of the system uptime.

     
    Step 29 collect transport tcp flags


    Example:
    Device(config-flow-record)# collect transport tcp flags
     
     

    Collects the TCP transport flags.

     
    Step 30 exit


    Example:
    Device(config-flow-record)# exit
     

    Exits Flexible NetFlow flow record configuration mode.

     
    Step 31 flow exporter exporter-name


    Example:
    Device(config)# flow exporter my-flow-exporter
     

    Creates an FNF flow exporter and enters Flexible NetFlow flow exporter configuration mode.

     
    Step 32 export-protocol netflow-v9


    Example:
    Device(config-flow-exporter)# export-protocol netflow-v9
     

    Configures NetFlow Version 9 export as the export protocol.

     
    Step 33 destination ip-address


    Example:
    Device(config-flow-exporter)# destination 209.165.201.1
     

    Configures the IP address of the workstation to which you want to send the NetFlow information.

     
    Step 34 exit


    Example:
    Device(config-flow-exporter)# exit
     

    Exits Flexible NetFlow flow exporter configuration mode.

     
    Step 35 flow monitor name


    Example:
    Device(config)# flow monitor ipv6-bridged-traffic
     

    Configures a flow monitor for IPv6 bridged traffic and enters Flexible NetFlow flow monitor configuration mode.

     
    Step 36 record record-name


    Example:
    Device(config-flow-monitor)# record ipv6-bridged-traffic
     

    Specifies the name of a user-defined flow record that was previously configured.

     
    Step 37 exporter exporter-name


    Example:
    Device(config-flow-monitor)# exporter my-flow-exporter
     

    Specifies the name of a flow exporter that was previously configured.

     
    Step 38 end


    Example:
    Device(config-flow-monitor)# end
     

    Exits Flexible NetFlow flow monitor configuration mode and returns to privileged EXEC mode.

     

    Applying a Flow Monitor to a Switched Virtual Interface to Monitor IPv6 Layer 2 Bridged Traffic

    To configure Flexible Netlflow to monitor IPv6 Layer 2 Bridged Traffic on a SVI, perform this task:

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface vlan number

      4.    ipv6 flow monitor monitor-name [sampler monitor-name ] layer2-bridged input

      5.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Device> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.

       
      Step 2 configure terminal


      Example:
      Device# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface vlan number


      Example:
      Device(config)# interface vlan 100
       

      Configures an interface type and enters interface configuration mode.

       
      Step 4 ipv6 flow monitor monitor-name [sampler monitor-name ] layer2-bridged input


      Example:
      Device(config-if)# ipv6 flow monitor ipv6-bridged-traffic sampler S1 layer2-bridged input
       

      Applies the monitor to the interface.

       
      Step 5 end


      Example:
      Device(config-if)# end
       

      Exits interface configuration mode and returns to privileged EXEC mode.

       

      Applying a Flow Monitor to a VLAN to Monitor IPv6 Layer 2 Bridged Traffic

      To configure Flexible Netlflow to monitor IPv6 Layer 2 Bridged Traffic on a VLAN, perform this task:

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface vlan number

        4.    ipv6 flow monitor monitor-name [sampler monitor-name ] layer2-bridged input

        5.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Device> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.

         
        Step 2 configure terminal


        Example:
        Device# configure terminal
         

        Enters global configuration mode.

         
        Step 3 interface vlan number


        Example:
        Device(config)# vlan configuration 100
         

        Configures a VLAN and enters VLAN configuration mode.

         
        Step 4 ipv6 flow monitor monitor-name [sampler monitor-name ] layer2-bridged input


        Example:
        Device(config-vlan)# ipv6 flow monitor ipv6-bridged-traffic sampler S1 layer2-bridged input
         

        Applies the monitor to the VLAN.

         
        Step 5 end


        Example:
        Device(config-vlan)# end
         

        Exits VLAN configuration mode and returns to privileged EXEC mode.

         

        Configuration Examples for Monitoring IPv6 Layer 2 Bridged Traffic

        You can configure Flexible Netflow to monitor IPv6 Layer 2 bridged traffic on both Switched Virtual Interfaces (SVIs) and VALNs, with or without flow samplers.

        Example Configuration for SVI-based Monitoring IPv6 Layer 2 Bridged Traffic

        The following example is designed to monitor IPv6 Layer 2 bridged traffic on an SVI. An exporter is not configured because this example is intended to be used to capture additional data for analysis on the router using the show flow monitorcommand.

        This sample starts in global configuration mode:

        !
        !
        flow record bridged-flow-record
         description bridged flow record
         match ipv6 destination address
         match ipv6 source address
         match interface input
         collect counter bytes long
         collect counter packets long
         exit
        !
        flow monitor bridged-flow-monitor	
         description bridged flow monitor
         record bridged-flow-record
         exit
        !
        interface vlan 100
         ipv6  flow monitor bridged-flow-monitor layer2-bridged input
         exit
        !

        Example Configuration for VLAN-Based Monitoring of IPv6 Layer3 Bridged Traffic

        The following example is designed to monitor IPv6 Layer 2 bridged traffic on a VLAN. An exporter is not configured because this example is intended to be used to capture additional data for analysis on the router using the show flow monitorcommand.

        This sample starts in global configuration mode:

        !
        !
        flow record bridged-flow-record
         description bridged flow record
         match ipv6 destination address
         match ipv6 source address
         match interface input
         collect counter bytes long
         collect counter packets long
         exit
        !
        flow monitor bridged-flow-monitor	
         description bridged flow monitor
         record bridged-flow-record
         exit
        !
        vlan configuration 100
         ipv6  flow monitor bridged-flow-monitor layer2-bridged input
         exit
        !

        Example Configuration for SVI-based Monitoring IPv6 Layer 2 Bridged Traffic Using a Flow Sampler

        The following example is designed to monitor IPv6 Layer 2 bridged traffic on an SVI using a sampler. An exporter is not configured because this example is intended to be used to capture additional data for analysis on the router using the show flow monitorcommand.

        This sample starts in global configuration mode:

        !
        !
        flow record bridged-flow-record
         description bridged flow record
         match ipv6 destination address
         match ipv6 source address
         match interface input
         collect counter bytes long
         collect counter packets long
         exit
        !
        flow monitor bridged-flow-monitor	
         description bridged flow monitor
         record bridged-flow-record
         exit
        !
        sampler S1
         mode deterministic 1 out-of 2
         exit
        !
        interface vlan 100
         ipv6  flow monitor bridged-flow-monitor sampler S1 layer2-bridged input
         exit
        !

        Example Configuration for VLAN-Based Monitoring of IPv6 Layer3 Bridged Traffic Using a Flow Sampler

        The following example is designed to monitor IPv6 Layer 2 bridged traffic on a VLAN using a flow sampler. An exporter is not configured because this example is intended to be used to capture additional data for analysis on the router using the show flow monitorcommand.

        This sample starts in global configuration mode:

        !
        !
        flow record bridged-flow-record
         description bridged flow record
         match ipv6 destination address
         match ipv6 source address
         match interface input
         collect counter bytes long
         collect counter packets long
         exit
        !
        flow monitor bridged-flow-monitor	
         description bridged flow monitor
         record bridged-flow-record
         exit
        !
        sampler S1
         mode deterministic 1 out-of 2
         exit
        !
        vlan configuration 100
         ipv6  flow monitor bridged-flow-monitor sampler S1 layer2-bridged input
         exit
        !

        Additional References

        Related Documents

        Related Topic

        Document Title

        Cisco IOS commands

        Cisco IOS Master Commands List, All Releases

        Overview of Flexible NetFlow

        "Cisco IOS Flexible NetFlow Overview"

        Flexible NetFlow Feature Roadmap

        "Cisco IOS Flexible NetFlow Features Roadmap"

        Emulating original NetFlow with Flexible NetFlow

        "Getting Started with Configuring Cisco IOS Flexible NetFlow"

        Configuring flow exporters to export Flexible NetFlow data.

        "Configuring Data Export for Cisco IOS Flexible NetFlow with Flow Exporters"

        Configuring flow sampling to reduce the overhead of monitoring traffic with Flexible NetFlow

        "Using Cisco IOS Flexible NetFlow Flow Sampling to Reduce the CPU Overhead of Analyzing Traffic"

        Configuring Flexible NetFlow using predefined records

        "Configuring Cisco IOS Flexible NetFlow with Predefined Records"

        Using Flexible NetFlow Top N Talkers to analyze network traffic

        "Using Cisco IOS Flexible NetFlow Top N Talkers to Analyze Network Traffic"

        Configuring IPv4 multicast statistics support for Flexible NetFlow

        "Configuring IPv4 Multicast Statistics Support for Cisco IOS Flexible NetFlow"

        Configuration commands for Flexible NetFlow

        Cisco IOS Flexible NetFlow Command Reference

        Standards

        Standard

        Title

        None

        --

        MIBs

        MIB

        MIBs Link

        None

        To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFC

        Title

        RFC 3954

        Cisco Systems NetFlow Services Export Version 9

        Technical Assistance

        Description

        Link

        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for Configuring Accounting for IPv6 Layer 2 Bridged Traffic

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for Flexible Netflow IPv6 Bridged Flows Feature

        Feature Name

        Releases

        Feature Information

        Flexible Netflow - IPv6 bridged flows

        15.1(1)SY

        Flexible Netflow has been enhanced to enable the accounting of Layer 2 switched or bridged IPv6 traffic, for both SVIs and pure VLANs.