I Commands
Download this chapter
I CommandsI Commands
 Feedback

Table Of Contents

I Commands

ip access-list

ip dscp

ip flow monitor

ip ttl


I Commands

This chapter describes the Cisco NX-OS system management commands that begin with the letter I.

ip access-list

To configure an IP access-list, use the ip access-list command.

ip access-list [acl_name | match-local-traffic]

Syntax Description

acl_name

Name of the access control list (ACL).

match-local-traffic

(Optional) Enables access-list matching for locally generated traffic.


Defaults

None

Command Modes

config-acl

Supported User Roles

network-admin
VDC-admin

Command History

Release
Modification

5.1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure an IP access list: 

switch# configure terminal

switch(config)# ip access-list match_12_pkts 

switch(config-acl)# permit ip 12.0.0.0 0.255.255.255 any 

switch(config-acl)#

Related Commands

Command
Description

filter access-group

Applies an access control group to an Encapsulated Remote Switched Port Analyzer (ERSPAN) source session.


ip dscp

To configure the differentiated dervices code point (DSCP) value of the packets in the Encapsulated Remote Switched Port Analyzer (ERSPAN) traffic, use the ip dscp command.

ip dscp dscp_value

Syntax Description

dscp_value

Value of the DSCP of the packets in the ERSPAN traffic. The range is from 0 to 63.


Defaults

0

Command Modes

config-erspan-src

Supported User Roles

network-admin
network-operator

Command History

Release
Modification

5.1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the DSCP value of the packets in the ESRSPAN traffic: 

switch# configure terminal

switch(config)# monitor session 5 type erspan-source

switch(config-erspan-src)# ip dscp 10

switch(config-erspan-src)#

Related Commands

Command
Description

ip ttl

Configures the IP time-to-live (TTL) value of the ERSPAN traffic.

monitor-session

Enters the monitor configuration mode for configuring an ERSPAN or SPAN session for analyzing traffic between ports.


ip flow monitor

To enable a Flexible NetFlow flow monitor for traffic that the router is receiving or forwarding, use the ip flow monitor command. To disable a Flexible NetFlow flow monitor, use the no form of this command.

ip flow monitor monitor-name {input | output} [sampler sampler-name]

Syntax Description

monitor-name

Name of a flow monitor that you previously configured.

input

Monitors traffic that the routers are receiving on the interface.

output

Monitors traffic that the routers are transmitting on the interface.

sampler

(Optional) Specifies the name of a flow sampler for the flow monitor.

sampler-name

Flow sampler for this flow monitor using the name of a sampler that you previously configured.


Defaults

Disabled

Command Modes

Interface configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

You must have already created a flow monitor by using the flow monitor command before you can apply the flow monitor to an interface with the ip flow monitor command to enable traffic monitoring with Flexible NetFlow.

You must have already created a sampler by using the sampler command before you can enable a flow sampler for this flow monitor with the ip flow monitor command.

When adding a sampler to a flow monitor, only packets that are selected by the named sampler are entered into the cache to form flows. Each use of a sampler results in separate statistics being stored for that usage.

You cannot add a sampler to a flow monitor after the flow monitor has been enabled on an interface. You must remove the flow monitor from the interface before you enable the same flow monitor with a sampler. See the "Examples" section for more information.

Note The statistics for each flow needs to be scaled to give the expected true usage. For example, if you are using a 1 in 10 sampler, you must multiply the packet and byte counters by 10.

This command does not require a license.

Examples

This example shows how to enable a flow monitor for monitoring input traffic: 

switch(config)# vlan  configuration 2

switch(config-vlan-config)# ip flow monitor FLOW-MONITOR-1 input

NoteVLAN configuration mode enables you to configure VLANs independently of their creation, which is required for VTP client support.

Egress NetFlow on VLAN is not supported

This example shows how to enable a flow monitor for monitoring output traffic: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 output

This example shows how to enable the same flow monitor on the same interface for monitoring input and output traffic: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

switch(config-if)# ip flow monitor FLOW-MONITOR-1 output

This example shows how to enable two different flow monitors on the same interface for monitoring input and output traffic: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

switch(config-if)# ip flow monitor FLOW-MONITOR-2 output

This example shows how to enable the same flow monitor on two different interfaces for monitoring input and output traffic: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

switch(config)# interface ethernet1/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 output

This example shows how to enable two different flow monitors on two different interfaces for monitoring input and output traffic: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

switch(config)# interface ethernet1/0

switch(config-if)# ip flow monitor FLOW-MONITOR-2 output

This example shows how to enable a flow monitor for monitoring input traffic with a sampler to limit the input packets that are sampled: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input sampler SAMPLER-1

This example shows how to enable a flow monitor for monitoring output traffic with a sampler to limit the output packets that are sampled: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 output sampler SAMPLER-1

This example shows how to enable two different flow monitors for monitoring input and output traffic with a sampler on the flow monitor that is monitoring input traffic to limit the input packets that are sampled: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input sampler SAMPLER-1

switch(config-if)# ip flow monitor FLOW-MONITOR-2 output

This example shows how to enable two different flow monitors for monitoring input and output traffic with a sampler on the flow monitor that is monitoring output traffic to limit the output packets that are sampled: 

switch(config)# interface ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-2 input

switch(config-if)# ip flow monitor FLOW-MONITOR-2 output sampler SAMPLER-1

This example shows what happens when you try to add a sampler to a flow monitor that has already been enabled on an interface without a sampler: 

switch(config)# interface Ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input sampler SAMPLER-1

% Flow Monitor: Flow Monitor 'FLOW-MONITOR-1' is already on in full mode and cannot be 
enabled with a sampler.

This example shows how to remove the flow monitor from the interface so that it can be enabled with the sampler: 

switch(config)# interface Ethernet0/0

switch(config-if)# no ip flow monitor FLOW-MONITOR-1 input

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input sampler SAMPLER-1

This example shows how to remove a sampler from a flow monitor on an interface by entering the flow monitor command again without the sampler sampler-name keyword and argument: 

switch(config)# interface Ethernet0/0

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

% Flow Monitor: Flow Monitor 'FLOW-MONITOR-1' is already on in sampled mode and cannot be 
enabled in full mode.

This example shows how to remove the flow monitor that was enabled with a sampler from the interface so that it can be enabled without the sampler: 

switch(config)# interface Ethernet0/0

switch(config-if)# no ip flow monitor FLOW-MONITOR-1 input sampler SAMPLER-1

switch(config-if)# ip flow monitor FLOW-MONITOR-1 input

Related Commands

Command
Description

flow exporter

Creates a flow exporter.

flow monitor

Creates a flow monitor.

flow record

Creates a flow record.

sampler

Creates a flow sampler.


ip ttl

To configure the IP time-to-live (TTL) value of the Encapsulated Remote Switched Port Analyzer (ERSPAN) traffic, use the ip ttl command.

ip ttl ttl_value

Syntax Description

ttl_value

Value of the IP TTL of the ERSPAN traffic. The range is from 1 to 255.


Defaults

255

Command Modes

config-erspan-src and config-erspan-dst

Supported User Roles

network-admin
network-operator

Command History

Release
Modification

5.1(1)

This command was introduced.


Usage Guidelines

This command does not require a license.

Examples

This example shows how to configure the IP TTL value of the ESRSPAN source: 

switch# configure terminal

switch(config)# monitor session 5 type erspan-source

switch(config-erspan-src)# ip ttl 30

switch(config-erspan-src)#


This example shows how to configure the IP TTL value of the ESRSPAN destination:

switch# configure terminal

switch(config)# monitor session 3 type erspan-destination

switch(config-erspan-dst)# ip ttl 35

switch(config-erspan-dst)#

Related Commands

Command
Description

ip dscp

Configures the DSCP value of the packets in the ERSPAN traffic.

monitor-session

Enters the monitor configuration mode for configuring an ERSPAN or SPAN session for analyzing traffic between ports.