-
Catalyst 6500 Series Software Configuration Guide, 6.3 and 6.4
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch IP Address and Default Gateway
-
Configuring Ethernet, Fast Ethernet, and Gigabit Ethernet Switching
-
Configuring Ethernet VLAN Trunks
-
Configuring EtherChannel
-
Configuring IEEE 802.1Q Tunneling
-
Configuring Spanning Tree
-
Configuring Spanning Tree PortFast, UplinkFast, BackboneFast, and Loop Guard
-
Configuring VTP
-
Configuring VLANs
-
Configuring InterVLAN Routing
-
Configuring CEF for PFC2
-
Configuring MLS
-
Configuring NDE
-
Configuring Access Control
-
Configuring GVRP
-
Configuring Dynamic Port VLAN Membership with VMPS
-
Checking Port Status and Connectivity
-
Administering the Switch
-
Configuring Switch Access Using AAA
-
Configuring Redundancy
-
Modifying the Switch Boot Configuration
-
Working With the Flash File System
-
Working with System Software Images
-
Working with Configuration Files
-
Configuring System Message Logging
-
Configuring DNS
-
Configuring CDP
-
Configuring UDLD
-
Configuring NTP
-
Configuring Broadcast Suppression
-
Configuring Layer 3 Protocol Filtering
-
Configuring the IP Permit List
-
Configuring Port Security
-
Configuring SNMP
-
Configuring RMON
-
Configuring SPAN and RSPAN
-
Using Switch TopN Reports
-
Configuring Multicast Services
-
Configuring QoS
-
Configuring a VoIP Network
-
Configuring ASLB
-
Configuring the Switch Fabric Modules
-
Table Of Contents
Overview of NDE and Integrated Layer 3 Switching Management
Traffic Statistics Data Collection
Specifying an NDE Destination Address on the MSFC
Specifying an NDE Source Address on the MSFC
Specifying a Destination Host Filter
Specifying a Destination and Source Subnet Filter
Specifying a Destination TCP/UDP Port Filter
Specifying a Source Host and Destination TCP/UDP Port Filter
Specifying Protocols for Statistics Collection
Removing Protocols for Statistics Collection
Displaying the NDE Configuration
Configuring NDE
This chapter describes how to configure NetFlow Data Export (NDE) on the Catalyst 6000 family switches.
Note
For complete syntax and usage information for the commands used in this chapter, refer to the Catalyst 6000 Family Command Reference publication.
This chapter consists of these sections:
Understanding How NDE Works
These sections describe how NDE works:
•
•
Overview of NDE and Integrated Layer 3 Switching Management
Catalyst 6000 family switches provide Layer 3 switching with Cisco Express Forwarding for Policy Feature Card 2 (CEF for PFC2) or with Multilayer Switching (MLS). You can use NDE to monitor all Layer 3-switched traffic through the Multilayer Switch Feature Card (MSFC). NDE complements the embedded Remote Monitoring (RMON) capabilities on the switch that allow you to see all port traffic.
Note
Note
Note
Integrated Layer 3-switching management includes products, management utilities, and partner applications designed to gather flow statistics, export the statistics, collect and perform data reduction on the exported statistics, and forward them to applications for traffic monitoring, planning, and accounting. Flow collectors, such as the Cisco SwitchProbe and NetFlow FlowCollector, gather and classify flows. This flow information is then aggregated and fed to applications such as TrafficDirector, NetSys, or NetFlow Analyzer.
Traffic Statistics Data Collection
An external data collector gathers flow entries from the statistics cache of one or more switches or Cisco routers. The switch or router transmits data to the flow collector by grouping flow entries for expired flows from its statistics cache into a User Datagram Protocol (UDP) datagram, which consists of a header and a series of flow entries. See Figure 15-1.
Figure 15-1 Integrated Layer 3 Switching Management
Using NDE Filters
By default, all expired flows are exported until you specify a filter. After specifying a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
If the flow mask is destination-ip mode and the NDE filter contains a filter on both source and destination, only the destination filter is effective. For example, in the filter specified in the following display if the flow mask is in destination-ip mode, all flows with destination address 9.1.2.15 are exported. The source filter for host 10.1.2.15 is not effective (it is ignored).
Console> (enable) set mls nde flow destination 9.1.2.15/32 source 10.1.2.15/32Netflow data export: destination filter set to 9.1.2.15/32Netflow data export: source filter set to 10.1.2.15/32Console> (enable)Default NDE Configuration
Table 15-1 shows the default NDE configuration.
Table 15-1 Default NDE Configuration
NDE
Disabled
NDE data collector address and UDP port
None specified
NDE filters
None configured
Configuring NDE
These sections describe how to configure NDE:
•
•
•
•
•
•
•
•
•
Usage Guidelines
If too many entries are added to the NetFlow table, follow these guidelines:
•
•
•
Layer 3 aging also increases. Try to use a flow mask with the minimum granularity required to get the data you need. With a full flow mask, you might need to decrease the MLS aging time because a full flow mask increases the number of flows per second. For information on setting the flow mask, see the "Setting the Minimum IP MLS Flow Mask" section in "Configuring MLS."•
•
Specifying an NDE Collector
Before enabling NDE for the first time, you must specify an NDE collector and UDP port to receive the exported statistics. The collector address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the switch is power cycled.
Note
To specify an NDE collector, perform this task in privileged mode:
Specify an NDE collector and UDP port for data export of hardware-switched packets.
set mls nde {collector_ip | collector_name} {udp_port_number}
This example shows how to specify an NDE collector:
Console> (enable) set mls nde Stargate 9996Netflow data export not enabled.Netflow data export to port 9996 on 172.20.15.1(Stargate)Console> (enable)Specifying an NDE Destination Address on the MSFC
To monitor data and statistics about Layer 3 traffic that is switched in software by the MSFC, you must specify the NDE collector and UDP port on the MSFC by entering the ip flow-export destination command on the MSFC.
To specify the NDE collector for Layer 3 traffic that is being switched by the MSFC, peform this task in privileged mode:
Specify an NDE collector and UDP port for data export of software-switched packets.
ip flow-export destination {hostname | ip_address} {udp_port_number}
This example shows how to specify the NDE collector from the MSFC:
Router(config)# ip flow-export destination Stargate 9996Router(config)#Specifying an NDE Source Address on the MSFC
The MSFC and the PFC use the NDE source address when sending statistics to the data collection application. You configure the source address on the MSFC so the data collection application can aggregate export data from both the MSFC and the PFC for the same flow by entering the ip flow-export source vlan command on the MSFC.
Note
To specify the NDE source address for Layer 3 traffic that is being switched by the MSFC, peform this task in privileged mode:
Specify an NDE source address for data export of software-switched packets.
ip flow-export source vlan {vlan_interface_number}
This example shows how to specify the NDE source address on the MSFC:
Router(config)# ip flow-export source vlan 10Router(config)#Enabling NDE
To enable NDE, perform this task in privileged mode:
This example shows how to enable NDE on the switch:
Console> (enable) set mls nde enableNetflow data export enabled.Netflow data export to port 9996 on 172.20.15.1 (Stargate)Console> (enable)If you attempt to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enablePlease set host name and UDP port number with `set mls nde <collector_ip> <udp_port_number>'.Console> (enable)Specifying a Destination Host Filter
To specify a destination host filter, perform this task in privileged mode:
Specify a destination host filter for an NDE flow.
set mls nde flow destination [ip_addr_spec]
This example shows how to specify a destination host filter so that only expired flows to host 171.69.194.140 are exported:
Console> (enable) set mls nde flow destination 171.69.194.140Netflow Data Export successfully setDestination filter is 171.69.194.140/255.255.255.255Filter type: includeConsole> (enable)Specifying a Destination and Source Subnet Filter
To specify a destination and source subnet filter, perform this task in privileged mode:
Specify a destination and source subnet filter for an NDE flow.
set mls nde flow destination [ip_addr_spec] source [ip_addr_spec]
This example shows how to specify a destination and source subnet filter so that only expired flows to subnet 171.69.194.0 from subnet 171.69.173.0 are exported (assuming the flow mask is set to source-destination-ip):
Console> (enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24Netflow Data Export successfully setSource filter is 171.69.173.0/24Destination filter is 171.69.194.0/24Filter type: includeConsole> (enable)Specifying a Destination TCP/UDP Port Filter
To specify a destination TCP/UDP port filter, perform this task in privileged mode:
Specify a destination TCP/UDP port filter for an NDE flow.
set mls nde flow dst_prt [port_number]
This example shows how to specify a destination TCP/UDP port filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Console> (enable) set mls nde flow dst_port 23Netflow Data Export successfully setDestination port filter is 23Filter type: includeConsole> (enable)Specifying a Source Host and Destination TCP/UDP Port Filter
To specify a source host and destination TCP/UDP port filter, perform this task in privileged mode:
Specify a source host and destination TCP/UDP port filter for an NDE flow.
set mls nde flow source [ip_addr_spec] dst_prt [port_number]
This example shows how to specify a source host and destination TCP/UDP port filter so that only expired flows from host 171.69.194.140 to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Console> (enable) set mls nde flow source 171.69.194.140 dst_port 23Netflow Data Export successfully setSource filter is 171.69.194.140/255.255.255.255Destination port filter is 23Filter type: includeConsole> (enable)Specifying a Protocol Filter
To specify a protocol filter, perform this task in privileged mode:
This example shows how to specify a protocol filter so that only expired flows from protocol 17 are exported:
Console> (enable) set mls nde flow protocol 17Netflow Data Export filter successfully set.Protocol filter is 17Filter type: includeConsole> (enable)Specifying Protocols for Statistics Collection
You can enter the set mls statistics protocol protocol port command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be ip, ipinip, icmp, igmp, tcp, and udp, or a decimal number for other protocol families. The port argument specifies the protocol port.
To specify protocols for statistics collection, perform this task in privileged mode:
This example shows how to specify a protocol for statistics collection:
Console> (enable) set mls statistics protocol 17 1934Protocol 17 port 1934 is added to protocol statistics list.Console> (enable)Removing Protocols for Statistics Collection
You can enter the clear mls statistics protocol {protocol port | all} command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be tcp, udp, icmp, or a decimal number for other protocol families. The port argument specifies the protocol port. Use the all keyword to remove all protocols for statistics collection.
To remove protocols for statistics collection, perform this task in privileged mode:
Remove protocols for statistics collection.
clear mls statistics protocol {protocol port | all}
This example shows how to remove a protocol for statistics collection:
Console> (enable) clear mls statistics protocol 17 1934Protocol 17 port 1934 cleared from protocol statistics list.Console> (enable)Clearing the NDE Flow Filter
To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task in privileged mode:
This example shows how to clear the NDE flow filter so that all flows are exported:
Console> (enable) clear mls nde flowNetflow data export filter cleared.Console> (enable)Disabling NDE
Note
To disable NDE on the switch, perform this task in privileged mode:
This example shows how to disable NDE on the switch:
Console> (enable) set mls nde disableNetflow data export disabled.Console> (enable)Removing the NDE IP Address
To remove the NDE IP address from the MSFC, perform this task in global configuration mode:
This example shows how to remove the NDE IP addresses from the MSFC:
Router(config)# no mls nde-address 170.170.2.1Router(config)#Displaying the NDE Configuration
To display the NDE configuration on the switch, perform this task in privileged mode:
This example shows how to display the NDE configuration on the switch:
Console> (enable) show mls ndeNetflow Data Export enabledNetflow Data Export configured for port 1098 on host 172.20.15.1Source filter is 171.69.194.140/255.255.255.0Destination port filter is 23Total packets exported = 26784Console> (enable)
