-
Software Configuration Guide (4.5)
-
Index - Software Config Guide, Cat 5000,4000,2926G,2926 (4.5)
-
About This Guide
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Supervisor Engine Software
-
Configuring Ethernet & Fast Ethernet Switching
-
Configuring Gigabit Ethernet Switching
-
Configuring Fast EtherChannel and Gigabit EtherChannel
-
Configuring Spanning Tree
-
Configuring Spanning-Tree PortFast, UplinkFast,& BackboneFast
-
Configuring VTP
-
Configuring VLANs
-
Configuring VLAN Trunks on Fast Ethernet and Gigabit Ethernet Ports
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Port Status and Connectivity
-
Administering the Switch
-
Controlling Access to the Switch Using Authentication
-
Using Redundant Supervisor Engines
-
Modifying the Switch Boot Configuration
-
Working With the Flash File System
-
Working With System Software Images
-
Working With Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring NTP
-
Configuring Broadcast/Multicast Suppression
-
Configuring Protocol Filtering
-
Configuring IP Permit List
-
Configuring Secure Port Filtering
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN
-
Using Switch TopN Reports
-
Configuring the Network Analysis Module
-
Configuring Multicast Services
-
Configuring ATM LAN Emulation
-
Configuring ATM PVCs and PVCs with Traffic Shaping
-
Configuring Multiprotocol Over ATM
-
Configuring the ATM Fabric Integration Module
-
Configuring InterVLAN Routing
-
Maintaining and Administering the RSM
-
Configuring the Layer 3 Fabric Integration Module
-
Configuring Multilayer Switching
-
Configuring NetFlow Data Export
-
Configuring FDDI/CDDI Switching
-
Configuring FDDI 802.10 Trunks
-
Configuring Token Ring Switching
-
Configuring Token Ring Filters
-
Table Of Contents
Configuring NetFlow Data Export
Understanding How NetFlow Data Export Works
Understanding NDE and Integrated MLS Management
Software and Hardware Requirements
Default NetFlow Data Export Configuration
Configuring NetFlow Data Export
Specifying a NetFlow Data Export Address
Specifying a NetFlow Data Export Collector
Specifying a Destination Host Filter
Specifying a Destination and Source Subnet Filter
Specifying a Destination TCP/UDP Port Filter
Specifying a Source Host and Destination TCP/UDP Port Filter
Specifying Protocols for Statistics Collection
Removing Protocols for Statistics Collection
Removing the NetFlow Data Export Address
Displaying the NDE Configuration
Configuring NetFlow Data Export
This chapter describes how to configure NetFlow Date Export (NDE) on the Catalyst 5000 and 2926G series switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Command Reference for your switch.
This chapter consists of these sections:
•
•
•
•
Understanding How NetFlow Data Export Works
These sections describe how NDE works:
•
Understanding NDE and Integrated MLS Management
You can use NDE to monitor all MLS intersubnet traffic through the NFFC or NFFC II and the RSM (or externally attached router). NDE complements the embedded Remote Monitoring (RMON) capabilities on the switch that allow you to see all port traffic.
Note
Integrated MLS management includes products, management utilities, and partner applications designed to gather flow statistics, export the statistics, collect and perform data reduction on the exported statistics, and forward them to applications for traffic monitoring, planning, and accounting. Flow collectors, such as the Cisco SwitchProbe and NetFlow FlowCollector, gather and classify flows. This flow information is then aggregated and fed to applications such as TrafficDirector, NetSys, or NetFlow Analyzer.
We recommend the Catalyst 5000 series Network Analysis Module (WS-X5380) or the Cisco SwitchProbe device as the flow collector for MLS. The Network Analysis Module provides extended RMON support and can analyze Ethernet VLAN traffic exported from the NFFC or NFFC II. For more information about the Network Analysis Module, see "." The SwitchProbe device supports the two versions of data (Versions 1 and 7) exported from the RSM and NFFC or NFFC II using NDE. SwitchProbe proxies the data to RMON2 for viewing from the TrafficDirector application. Support is also included for the RMON2 Management Information Base (MIB) group. Refer to the SwitchProbe Installation and Configuration Guide for information about SwitchProbe.
MLS Data Collection
An external data collector gathers flow entries from the MLS cache of one or more switches or Cisco routers. The switch or router transmits data to the flow collector by grouping flow entries for expired flows from its MLS cache into a User Datagram Protocol (UDP) datagram, which consists of a header and a series of flow entries. illustrates the NDE process.
Figure 43-1 Integrated MLS Management
Using NDE Filters
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in nonvolatile RAM (NVRAM) and are not cleared when NDE is disabled.
If the flow mask is destination-ip mode and the NDE filter contains a filter on both source and destination, only the destination filter is effective. For example, in the filter specified in the following display if the flow mask is in destination-ip mode, all flows with destination address 9.1.2.15 are exported. The source filter for host 10.1.2.15 is not effective (it is ignored).
Console> (enable) set mls nde flow destination 9.1.2.15/32 source 10.1.2.15/32Netflow data export: destination filter set to 9.1.2.15/32Netflow data export: source filter set to 10.1.2.15/32Console> (enable)Software and Hardware Requirements
NDE requires these software and hardware versions:
•
•
•
•
•
Default NetFlow Data Export Configuration
shows the default NDE configuration.
Table 43-1 Default NetFlow Data Export Configuration
NDE
Disabled
NDE data collector address and UDP port
None specified1
NDE filters
None configured
1 With a Network Analysis Module installed, you do not need to specify an external data collector address.
Configuring NetFlow Data Export
These sections describe how to configure NDE:
•
•
•
•
•
•
•
•
•
•
•
Specifying a NetFlow Data Export Address
The MLS-RP and the MLS-SE use the NDE IP address when sending MLS statistics to a data collection application. You must configure the IP address on the MLS-RP so the data collection application can aggregate export data from both the MLS-RP and the MLS-SE for the same flow.
If you do not specify an NDE IP address for the MLS-RP, the MLS-RP automatically selects the IP address of one of its interfaces and uses that IP address as its NDE IP address and its MLS IP address.
If you manually specify an NDE IP address for the MLS-RP, the MLS-RP uses this IP address as its MLS IP address (as shown in the output of the show mls rp command), replacing the one that was automatically selected.
After specifying the NDE IP address for the MLS-RP, enter the show mls rp command and note the "mls ip address." You must add this address to the included MLS router list on the switch. For information on how to add a router to the list of routers participating in MLS, see the "Specifying Routers to Participate in MLS" section.
CautionWhen you enable MLS on the router, the MLS-RP automatically selects one of its interfaces as the NDE IP address. If you later enable NDE and you specify a different NDE IP address from the automatically selected address, you must include the new MLS IP address in the list of routers participating in MLS on the switch, as described in the "Specifying Routers to Participate in MLS" section.
To specify an NDE IP address for the MLS-RP, perform this task in global configuration mode:
This example shows how to specify an NDE IP address on the MLS-RP:
Router(config)#mls rp nde-address 170.170.2.1Router(config)#Specifying a NetFlow Data Export Collector
Before enabling NDE for the first time, you must specify an NDE collector and UDP port to receive the exported statistics. The collector address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the switch is power cycled.
Note
Note
To specify a NetFlow data export collector, perform this task in privileged mode:
This example shows how to specify a NetFlow data export collector:
Console> (enable) set mls nde Stargate 9996Netflow data export not enabled.Netflow data export to port 9996 on 172.20.15.1(Stargate)Console> (enable)Enabling NetFlow Data Export
To enable NDE, perform this task in privileged mode:
This example shows how to enable NDE on the switch:
Console> (enable) set mls nde enableNetflow data export enabled.Netflow data export to port 9996 on 172.20.15.1 (Stargate)Console> (enable)If you attempt to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enablePlease set host name and UDP port number with `set mls nde <collector_ip> <udp_port_number>'.Console> (enable)Specifying a Destination Host Filter
To specify a destination host filter, perform this task in privileged mode:
Specify a destination host filter for an NDE flow.
set mls nde flow destination [ip_addr_spec]
This example shows how to set a destination host filter so that only expired flows to host 171.69.194.140 are exported:
Console> (enable) set mls nde flow destination 171.69.194.140Netflow data export: destination filter set to 171.69.194.140/32Console> (enable)Specifying a Destination and Source Subnet Filter
To specify a destination and source subnet filter, perform this task in privileged mode:
Specify a destination and source subnet filter for an NDE flow.
set mls nde flow destination [ip_addr_spec] source [ip_addr_spec]
This example shows how to specify a destination and source subnet filter so that only expired flows to subnet 171.69.194.0 from subnet 171.69.173.0 are exported (assuming the flow mask is set to source-destination-ip):
Console> (enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24Netflow data export: destination filter set to 171.69.194.0/24Netflow data export: source filter set to 171.69.173.0/24Console> (enable)Specifying a Destination TCP/UDP Port Filter
To specify a destination TCP/UDP port filter, perform this task in privileged mode:
Specify a destination TCP/UDP port filter for an NDE flow.
set mls nde flow dst_prt [port_number]
This example shows how to specify a destination TCP/UDP port filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Console> (enable) set mls nde flow dst_port 23Netflow data export: destination port filter set to 23.Console> (enable)Specifying a Source Host and Destination TCP/UDP Port Filter
To specify a source host and destination TCP/UDP port filter, perform this task in privileged mode:
Specify a source host and destination TCP/UDP port filter for an NDE flow.
set mls nde flow source [ip_addr_spec] dst_prt [port_number]
This example shows how to specify a source host and destination TCP/UDP port filter so that only expired flows from host 171.69.194.140 to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Console> (enable) set mls nde flow source 171.69.194.140 dst_port 23Netflow data export: destination port filter set to 23Netflow data export: source filter set to 171.69.194.140/32Console> (enable)Specifying a Protocol Filter
To specify a protocol filter, perform this task in privileged mode:
This example shows how to specify a protocol filter so that only expired flows from protocol 17 are exported:
Console> (enable) set mls nde flow protocol 17Netflow Data Export filter successfully set.Protocol filter is 17Console> (enable)Specifying Protocols for Statistics Collection
You can use the set mls statistics protocol protocol port command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be tcp, udp, icmp, or a decimal number for other protocol families. The port argument specifies the protocol port.
To specify protocols for statistics collection, perform this task in privileged mode:
This example shows how to specify a protocol for statistics collection:
Console> (enable) set mls statistics protocol 17 1934Protocol 17 port 1934 is added to protocol statistics list.Console> (enable)Removing Protocols for Statistics Collection
You can use the clear mls statistics protocol {protocol port | all} command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be tcp, udp, icmp, or a decimal number for other protocol families. The port argument specifies the protocol port. Use the all keyword to remove all protocols for statistics collection.
To remove protocols for statistics collection, perform this task in privileged mode:
Remove protocols for statistics collection.
clear mls statistics protocol {protocol port | all}
This example shows how to remove a protocol for statistics collection:
Console> (enable) clear mls statistics protocol 17 1934Protocol 17 port 1934 cleared from protocol statistics list.Console> (enable)Clearing an NDE Flow Filter
To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task in privileged mode:
This example shows how to clear the NDE flow filter so that all flows are exported:
Console> (enable) clear mls nde flowNetflow data export filter cleared.Console> (enable)Disabling NetFlow Data Export
Note
To disable NDE, perform this task in privileged mode:
This example shows how to disable NDE on the switch:
Console> (enable) set mls nde disableNetflow data export disabled.Console> (enable)Removing the NetFlow Data Export Address
To remove the NDE IP address from the MLS-RP, perform this task in global configuration mode:
Remove the NDE IP address for the router.
Router(config)#no mls rp nde-address [ip_addr]
This example shows how to remove the NDE IP addresses on the MLS-RP:
Router(config)#0no mls rp nde-address 170.170.2.1Router(config)#Displaying the NDE Configuration
To display the NDE configuration, perform this task in privileged mode:
This example shows how to display the NDE configuration on the switch:
Console> (enable) show mls ndeNetflow Data Export enabledNetflow Data Export configured for port 1098 on host 172.20.15.1Source filter is 171.69.194.140/255.255.255.0Destination port filter is 23Total packets exported = 26784Console> (enable)
