|
Command or Action |
Purpose |
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
-
Enter your password if prompted.
|
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode. |
|
flow-sampler-map sampler-map-name
Example:
Router(config)# flow-sampler-map icmp-dos-fs-map
|
Defines a statistical sampling NetFlow export flow sampler map.
-
The sampler-map-name argument is the name of the flow sampler map to be defined.
Entering the flow-sampler-map command enables the flow sampler configuration mode. |
|
mode random one-out-of packet-interval
Example:
Router(config-sampler-map)# mode random one-out-of 2
|
Specifies a statistical sampling NetFlow export random sampling mode and a packet interval.
-
The random keyword specifies that sampling uses the random sampling mode.
-
The one-out-of packet-interval argument-keyword pair specifies the packet interval (one out of every npackets) from which to sample. For n, you can specify from 1 to 65535 (packets).
|
|
exit
Example:
Router(config-sampler-map)# exit
|
Exits back to global configuration mode. |
|
class-map class-map-name [match-all | match-any]
Example:
Router(config)# class-map match-any icmp-dos-class-map
|
Creates a class map to be used for matching packets to a specified class.
-
The class-map-name argument is the name of the class for the class map. The name can be a maximum of 40 alphanumeric characters. The class name is used for both the class map and for configuring policy for the class in the policy map.
-
The match-all | match-anykeywords determine how packets are evaluated when multiple match criteria exist. Packets must either meet all of the match criteria (match-all) or only one of the match criteria (match-any) to be considered a member of the class.
Entering the class-mapcommand enables class-map configuration mode, in which you can enter one of the match commands to configure the match criteria for this class. |
|
match access-group access-group
Example:
Router(config-cmap)# match access-group 101
|
Configures the match criteria for a class map on the basis of the specified access control list (ACL).
-
The access-group argument is a numbered ACL whose contents are used as the match criteria against which packets are checked to determine if they belong to this class. An ACL number can be a number from 1 to 2699.
|
|
exit
Example:
Router(config-cmap)# exit
|
Exits back to global configuration mode. |
|
policy-map policy-map-name
Example:
Router(config)# policy-map icmp-dos-policy-map
|
Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
-
The policy-map-name argument is the name of the policy map. The name can be a maximum of 40 alphanumeric characters.
Entering the policy-mapcommand enables quality of service (QoS) policy-map configuration mode, in which you can configure or modify the class policies for that policy map |
|
class { class-name | class-default}
Example:
Router(config-pmap)# class icmp-dos-class-map
|
Specifies the name of the class whose policy you want to create or change or specifies the default class (commonly known as the class-default class) before you configure its policy.
-
The class-name argument is the name of the class for which you want to configure or modify policy.
-
The class-default keyword specifies the default class so that you can configure or modify its policy.
Entering the class command enables QoS policy-map class configuration mode. |
|
netflow-sampler sampler-map-name
Example:
Router(config-pmap-c)# netflow-sampler icmp-dos-fs-map
|
Enables a NetFlow input filter sampler.
-
The sampler-map-name argument is the name of the NetFlow sampler map to apply to the class.
You can assign only one NetFlow input filter sampler to a class. Assigning another NetFlow input filter sampler to a class overwrites the previous one. |
|
exit
Example:
Router(config-pmap-c)# exit
|
Exits back to policy-map configuration mode. |
|
exit
Example:
Router(config-pmap# exit
|
Exits back to global configuration mode. |
|
interface interface-type interface-number [.subinterface number]
Example:
Router(config)# interface Ethernet0/0.1
|
Specifies the interface and enters subinterface configuration mode.
-
The interface-type argument is the type of interface to be configured.
-
The interface-numberargument is the number of the interface. Refer to the appropriate hardware manual for slot and port information.
|
|
no [ip route-cache flow | ip flow ingress]
Example:
Router(config-subif)# no ip flow ingress
|
Removes the existing NetFlow command from the interface.
Note |
NetFlow sampling and filtering can not start if there is another command on the interface that is enabling NetFlow. |
|
|
service-policy {input | output} policy-map-name
Example:
Router(config-subif)# service-policy input icmp-dos-policy-map
|
Attaches a policy map to an input interface or virtual circuit (VC), or an output interface or VC, to be used as the service policy for that interface or VC.
-
The input keyword attaches the specified policy map to the input interface or input VC.
-
The output keyword attaches the specified policy map to the output interface or output VC.
-
The policy-map-name is the name of a service policy map (created through use of the policy-map command) to be attached. The name can be a maximum of 40 alphanumeric characters.
|
|
exit
Example:
Router(config-subif)# exit
|
Exits back to global configuration mode. |
|
ip flow-top-talkers
Example:
Router(config)# ip flow-top-talkers
|
Enters NetFlow top talkers configuration mode. |
|
top number
Example:
Router(config-flow-top-talkers)# top 50
|
Specifies the maximum number of top talkers that will be retrieved by a NetFlow top talkers query. |
|
sort-by packets
Example:
Router(config-flow-top-talkers)# sort-by packets
|
Specifies the sort criterion for the top talkers.
-
The top talkers can be sorted either by the total number of packets of each top talker or the total number of bytes of each top talker.
|
|
match class-map claas-name
Example:
Router(config-flow-top-talkers)# match class-map icmp-dos-class-map
|
Specifies that the match criteria should be obtained from the class-map. |
|
no match destination address ip-address /prefix-mask
Example:
Router(config-flow-top-talkers)# no match destination address 172.16.10.2/32
|
(Optional) If you still have a match entry for the destination address you should remove it so that only the class-name match criteria is used. |
|
exit
Example:
Router(config-sampler-map)# exit
|
Exits back to global configuration mode. |
|
access-list access-list-number permit icmp source destination
Example:
Router(config)# access-list 101 permit icmp any host 172.16.10.2
|
Creates an extended access list that is used to track any host that is sending ICMP traffic to 172.16.10.2. |
|
end
Example:
Router(config)# end
|
Exits to privileged EXEC mode. |