Catalyst 6500 Series Software Configuration Guide, 8.7 - Configuring NDE [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Configuring NDE

Understanding How NDE Works

Overview of NDE and Integrated Layer 3 Switching Management

Traffic Statistics Data Collection

Using NDE Filters

Using Bridged-Flow Statistics

NDE Versions

Default NDE Configuration

Configuring NDE on the Switch

NDE Configuration Guidelines

Specifying an NDE Collector

Clearing an NDE Collector

Configuring NetFlow on the MSFC

Enabling NetFlow

Configuring the MSFC NDE Source Interface

Configuring the NDE Destination

Enabling NDE

Enabling and Disabling Bridged-Flow Statistics on VLANs

Specifying a Destination Host Filter

Specifying a Destination and Source Subnet Filter

Specifying a Destination TCP/UDP Port Filter

Specifying a Source Host and Destination TCP/UDP Port Filter

Specifying a Protocol Filter

Specifying Protocols for Statistics Collection

Removing Protocols for Statistics Collection

Clearing the NDE Flow Filter

Disabling NDE

Removing the NDE IP Address

Displaying the NDE Configuration

Configuring NDE

This chapter describes how to configure NetFlow Data Export (NDE) on the Catalyst 6500 series switches.

Note For complete syntax and usage information for the commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.

This chapter consists of these sections:

•Understanding How NDE Works

•Default NDE Configuration

•Configuring NDE on the Switch

Understanding How NDE Works

These sections describe how NDE works:

•Overview of NDE and Integrated Layer 3 Switching Management

•Traffic Statistics Data Collection

•Using NDE Filters

•Using Bridged-Flow Statistics

•NDE Versions

Overview of NDE and Integrated Layer 3 Switching Management

Catalyst 6500 series switches provide Layer 3 switching with Cisco Express Forwarding (CEF) for Supervisor Engine 2, Supervisor Engine 720, and Supervisor Engine 32. For Supervisor Engine 1 with the PFC, Layer 3 switching is provided with Multilayer Switching (MLS). You can use NDE to monitor all Layer 3-switched traffic through the Multilayer Switch Feature Card (MSFC). NDE complements the embedded Remote Monitoring (RMON) capabilities on the switch that allow you to see all port traffic.

Note NDE is not supported for the IP multicast or Internetwork Packet Exchange (IPX) traffic.

Note NDE version 7 and NDE version 8 are not supported for the MSFC.

Note For information on configuring CEF for PFC2 and PFC3A, see Chapter 13, "Configuring CEF for PFC2 and PFC3A." For information on configuring MLS, see Chapter 14, "Configuring MLS."

Integrated Layer 3-switching management includes the products, management utilities, and partner applications that are designed to gather the flow statistics, export the statistics, collect and perform data reduction on the exported statistics, and forward them to the applications for traffic monitoring, planning, and accounting. The flow collectors, such as the Cisco SwitchProbe and NetFlow FlowCollector, gather and classify the flows. This flow information is then aggregated and fed to applications such as TrafficDirector, NetSys, or NetFlow Analyzer.

Traffic Statistics Data Collection

An external data collector gathers the flow entries from the statistics cache of one or more switches or Cisco routers. The switch or router transmits the data to the flow collector by grouping the flow entries for the expired flows from its statistics cache into a User Datagram Protocol (UDP) datagram, which consists of a header and a series of flow entries. See Figure 16-1.

Figure 16-1 Integrated Layer 3 Switching Management

Using NDE Filters

By default, all the expired flows are exported until you specify a filter. After specifying a filter, only the expired and purged flows matching the specified filter criteria are exported. The filter values are stored in NVRAM and are not cleared when NDE is disabled.

If the flow mask is in destination-ip mode and the NDE filter contains a filter on both source and destination, only the destination filter is effective. If the flow mask is in destination-ip mode (as shown in the following display), all the flows with destination address 9.1.2.15 are exported. The source filter for host 10.1.2.15 is not effective (it is ignored).
Console> (enable) set mls nde flow destination 9.1.2.15/32 source 10.1.2.15/32
Netflow data export: destination filter set to 9.1.2.15/32
Netflow data export: source filter set to 10.1.2.15/32
Console> (enable)
Using Bridged-Flow Statistics

Note The bridged-flow statistics are not supported on Supervisor Engine 720 or Supervisor Engine 32.

You can set the bridged-flow statistics reporting per VLAN. The bridged flows are exported through NDE when you enable the bridged-flow statistics.

Caution Use this feature carefully. As the NetFlow entries increase in the NetFlow table, the NDE performance may degrade. See the "NDE Configuration Guidelines" section for information on configuring the bridged-flow statistics.

Note You can also enable NetFlow table entry creation on a per-VLAN basis. However, because the bridged-flow statistics and per-VLAN entry creation use the same mechanism for collecting the statistics, the VLAN entries may overlap. See the "Specifying NetFlow Table Entry Creation on a Per-Interface Basis" section on page 13-28.

NDE Versions

NDE on the PFC supports the following NDE versions to export the statistics that are captured on the PFC for the Layer 3-switched traffic:

•Supervisor Engine 1 and PFC

–NDE version 5 with software release 7.5 and later releases

–NDE version 7 with software release 6.1 and later releases

•Supervisor Engine 2 and PFC2

–NDE version 5 with software release 7.5 and later releases

–NDE version 7 with software release 6.1 and later releases

•Supervisor Engine 720 and PFC3A/PFC3B/PFC3BXL—NDE versions 5 and 7 (Supervisor Engine 720 was initially supported in software release 8.1[1]).

•Supervisor Engine 32 and PFC3B/PFC3BXL—NDE versions 5 and 7 (Supervisor Engine 32 was initially supported in software release 8.4[1]).

Depending on the current flow mask, some fields in the flow records might not have values. When the PFC exports the cached entries, the unsupported fields are filled with a zero (0).

The following tables list the supported NDE fields:

•Table 16-1—Version 5 header format

•Table 16-2—Version 5 flow record format

•Table 16-3—Version 7 header format

•Table 16-4—Version 7 flow record format

Table 16-1 NDE Version 5 Header Format

Bytes

Content

Description

0-1

version

NetFlow export format version number

2-3

count

Number of flows exported in this packet (1-30)

4-7

SysUptime

Current time in milliseconds since router booted

8-11

unix_secs

Current seconds since 0000 UTC 1970

12-15

unix_nsecs

Residual nanoseconds since 0000 UTC 1970

16-19

flow_sequence

Sequence counter of total flows seen

20-21

engine_type

Type of flow switching engine
(VS_ENGINE_TYPE_CATALYST_SWITCH)

21-23

engine_id

0

Table 16-2 NDE Version 5 Flow Record Format

Bytes

Content

Description

Flow masks: X=Populated

Destination

Destination Source

Full

Full VLAN¹

0-3

srcaddr

Source IP address

0

X

X

X

4-7

dstaddr

Destination IP address

X

X

X

X

8-11

nexthop

Next-hop router's IP address

X

X

X

X

12-13

input

Ingress interface SNMP ifIndex²

0

X

X

X

14-15

output

Egress interface SNMP ifIndex

X

X

X

X

16-19

dPkts

Packets in the flow

X

X

X

X

20-23

dOctets

Octets (bytes) in the flow

X

X

X

X

24-27

first

SysUptime at start of the flow (milliseconds)

X

X

X

X

28-31

last

SysUptime at the time the last packet of the flow was received (milliseconds)

X

X

X

X

32-33

srcport

Layer 4 source port number or equivalent

0

0

X

X

34-35

dstport

Layer 4 destination port number or equivalent

0

0

X

X

36

pad1

Unused (zero) byte

37

tcp_flags

Cumulative OR of TCP flags

0

0

0

0

38

prot

Layer 4 protocol (for example, 6=TCP, 17=UDP)

0

0

X

X

39

tos

IP type-of-service byte

X

X

X

X

40-41

src_as

Autonomous system number of the source, either origin or peer

0

0

0

0

42-43

dst_as

Autonomous system number of the destination, either origin or peer

0

0

0

0

44-45

src_mask

Source address prefix mask bits

0

0

0

0

46-47

dst_mask

Destination address prefix mask bits

0

0

0

0

48

pad2

Pad 2 is unused (zero) bytes

¹ This flow mask is not configurable from the CLI. It is only turned on if certain features, such as reflexive ACLs, are set up.

²This feature is not supported on Supervisor Engine 1 or 1A.

Table 16-3 NDE Version 7 Header Format

Bytes

Content

Description

0-1

version

NetFlow export format version number

2-3

count

Number of flows exported in this packet (1-30)

4-7

SysUptime

Current time in milliseconds since router booted

8-11

unix_secs

Current seconds since 0000 UTC 1970

12-15

unix_nsecs

Residual nanoseconds since 0000 UTC 1970

16-19

flow_sequence

Sequence counter of total flows seen

20-24

reserved

Unused (zero) bytes

Table 16-4 NDE Version 7 Flow Record Format

Bytes

Content

Description

Flow masks: X=Populated

Destination

Destination Source

Full

Full VLAN¹

0-3

srcaddr

Source IP address

0

X

X

X

4-7

dstaddr

Destination IP address

X

X

X

X

8-11

nexthop

Next-hop router's IP address

X

X

X

X

12-13

input

Ingress interface SNMP ifIndex²

0

X

X

X

14-15

output

Egress interface SNMP ifIndex

X

X

X

X

16-19

dPkts

Packets in the flow

X

X

X

X

20-23

dOctets

Octets (bytes) in the flow

X

X

X

X

24-27

First

SysUptime at start of the flow (milliseconds)

X

X

X

X

28-31

Last

SysUptime at the time the last packet of the flow was received (milliseconds)

X

X

X

X

32-33

srcport

Layer 4 source port number or equivalent

0

0

X

X

34-35

dstport

Layer 4 destination port number or equivalent

0

0

X

X

36

flags

Flow mask in use

X

X

X

X

37

tcp_flags

Cumulative OR of TCP flags

0

0

0

0

38

prot

Layer 4 protocol (for example, 6=TCP, 17=UDP)

0

0

X

X

39

tos

IP type-of-service byte

X

X

X

X

40-41

src_as

Autonomous system number of the source, either origin or peer

0

0

0

0

42-43

dst_as

Autonomous system number of the destination, either origin or peer

0

0

0

0

44

src_mask

Source address prefix mask bits

0

0

0

0

45

dst_mask

Destination address prefix mask bits

0

0

0

0

46-47

pad2

Pad 2 uses two bytes

48-51

MLS RP

IP address of MLS router

X³

X2

X2

X2

¹ This flow mask is not configurable from the CLI. It is only turned on if certain features, such as reflexive ACLs, are set up.

²This feature is not supported on Supervisor Engine 1 or 1A.

³ For switched entries.

Default NDE Configuration

Table 16-5 shows the default NDE configuration.

Table 16-5 Default NDE Configuration

Feature

Default Value

NDE

Disabled

NDE data collector address and UDP port

None specified

NDE filters

None configured

Configuring NDE on the Switch

These sections describe how to configure NDE:

•NDE Configuration Guidelines

•Specifying an NDE Collector

•Clearing an NDE Collector

•Configuring NetFlow on the MSFC

•Enabling NDE

•Enabling and Disabling Bridged-Flow Statistics on VLANs

•Specifying a Destination Host Filter

•Specifying a Destination and Source Subnet Filter

•Specifying a Destination TCP/UDP Port Filter

•Specifying a Source Host and Destination TCP/UDP Port Filter

•Specifying a Protocol Filter

•Specifying Protocols for Statistics Collection

•Removing Protocols for Statistics Collection

•Clearing the NDE Flow Filter

•Disabling NDE

•Removing the NDE IP Address

•Displaying the NDE Configuration

NDE Configuration Guidelines

This section describes the configuration guidelines if the NetFlow table has too many entries:

•With software release 8.5(1) and later releases, the multiple flow mask feature is supported on Supervisor Engine 720. This feature results in some changes to the NDE functionality. For detailed information on using the multiple flow mask feature with NDE, see the "Flow Mask Modes—Software Release 8.5(1) and Later Releases" section on page 14-7.

•Reduce the MLS aging time. For PFC2, set the aging time high enough to keep the number of entries within the 32,000 flow range of the PFC2. For PFC3A, set the aging time high enough to keep the number of entries within the 64,000 flow range of the PFC3A.

When using the bridged-flow statistics with a Supervisor Engine 2, set the aging time to 1 second. For information on how to change the MLS aging time, see the "Specifying the MLS Aging-Time Value" section on page 14-19 in Chapter 14, "Configuring MLS."

Note The bridged-flow statistics are not supported on Supervisor Engine 720 or Supervisor Engine 32.

•If there are protocols with fewer packets per flow running, reduce the MLS fast aging time. For information on how to change the MLS fast aging time, see the "Specifying IP MLS Long-Duration Aging Time, Fast Aging Time, and Packet Threshold Values" section on page 14-20 in Chapter 14, "Configuring MLS."

•Use the flow mask that is required to extract the kind of information that you want. A full flow mask gives more information but as the number of flows increase, the load on the Layer 3 aging also increases. Try to use a flow mask with the minimum granularity that is required to get the data that you need. With a full flow mask, you might need to decrease the MLS aging time because a full flow mask increases the number of flows per second. For information on setting the flow mask, see the "Setting the Minimum IP MLS Flow Mask" section on page 14-21 in Chapter 14, "Configuring MLS."

•Exclude the entries with fewer packets per flow. Some query protocols, like the Domain Name System (DNS), generate fewer packets per flow and can be excluded from the NetFlow table with the set mls exclude protocol command. You can specify up to four protocol filters, but the packets from the filtered protocols will go to the MSFC.

•Keep the specific flows from being added to the NetFlow table with the set mls nde flow exclude command.

•Enable the bridged-flow statistics on a VLAN to increase the number of flows in the NetFlow table with the bridged flows for VLANs appearing with the Layer 3 flows. As the NetFlow entries increase in the NetFlow table, the performance degrades.

On the Supervisor Engine 1, if there is no space in the hardware NetFlow table to report the VLAN flows, the packets are sent to the MSFC for software forwarding and the NetFlow Full Errors register is incremented.

On the Supervisor Engine 2, if a flow entry is not found in the NetFlow table, the packets are forwarded and the NetFlow Full Errors register is incremented resulting in a loss of statistics.

To prevent the NetFlow table from overflowing, you can do the following:

–Keep the flow mask at the least granular value. For example, if the protocol and Layer 4 port information is not required, set the flow mask to the destination-source or to the destination instead of to full flow.

–Set the aging time to the least possible value (1 second), depending on the traffic profile.

–Enable the bridged-flow statistics only on the VLANs on which the intraVLAN statistics are required. The interVLAN statistics are reported by default.

•You can enable NetFlow table entry creation on a per-VLAN basis. However, because the bridged-flow statistics and per-VLAN entry creation use the same mechanism for collecting the statistics, the VLAN entries may overlap. See the "Specifying NetFlow Table Entry Creation on a Per-Interface Basis" section on page 13-28.

Specifying an NDE Collector

Before enabling NDE for the first time, you must specify an NDE collector and UDP port to receive the exported statistics. The collector address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the switch is power cycled.

Note If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number that you specify is the same port number that is shown in the FlowCollector's nfconfig.file. This file is located at /opt/csconfc/config/nfconfig.file in the FlowCollector application.

With software release 8.3(1) and later releases, the dual destination feature allows NetFlow export data to be sent to two destinations simultaneously. With this enhancement, you can set up two unique collectors. The same NetFlow data is exported to both destinations. However, the count of the packets to the two collectors may differ depending on the time that the two destinations were created. The count of the packets sent to the individual collectors is maintained separately. The other NetFlow parameters for both the destinations are the same.

NDE cannot be enabled unless a collector is set up. You should set up both the primary and secondary destinations before enabling NDE.

The secondary destination IP address and port number cannot be identical to the primary destination IP address and port number.

To specify an NDE collector, perform this task in privileged mode:

Task

Command

Specify an NDE collector and UDP port for data export of hardware-switched packets.

set mls nde {collector_ip | collector_name} {udp_port_number}

This example shows how to specify an NDE collector when no other collectors have been configured:
Console> (enable) set mls nde 10.6.1.10 7772 
Number of collectors configured is 1
Netflow export configured for port 7772 on host 10.6.1.10
Netflow export is not enabled. Please enable it now.
Console> (enable)
This example shows how to specify an NDE collector when one collector has already been configured:
Console> (enable) set mls nde 10.6.1.10 7775 
Number of collectors configured is 2
Netflow export configured for port 7775 on host 10.6.1.10
Netflow export is not enabled. Please enable it now.
Console> (enable)
Clearing an NDE Collector

You can enter the clear mls nde command to clear both the primary and secondary collectors and disable NDE. To clear a specific collector destination, specify the collector IP address and port number.

To clear an NDE collector, perform this task in privileged mode:

Task

Command

Clear all NDE collectors or a specific NDE collector.

clear mls nde {ip_address port}

This example shows how to clear both the primary and secondary collectors:
Console> (enable) clear mls nde
Collector's IP address cleared.
Secondary Collector IP address cleared.
Console> (enable)
This example shows how to clear a specific collector destination:
Console> (enable) clear mls nde 10.6.1.10 9939
Cleared Collector IP 10.6.1.10 port 9939
Console> (enable)
Configuring NetFlow on the MSFC

Note If the MSFC is not present you can only collect (and export) bridged-flow statistics (if the bridged-flow statistics feature is enabled). You must enable NetFlow on the MSFC Layer 3 interfaces to support NDE for routed and Layer 3-switched traffic.

Refer to these publications for more information about configuring NetFlow on the MSFC:

•Cisco IOS Switching Services Configuration Guide, Release 12.1, "NetFlow," at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/index.htm

•Cisco IOS Switching Services Command Reference, Release 12.1, at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_r/index.htm

These sections describe how to configure NetFlow on the MSFC:

•Enabling NetFlow

•Configuring the MSFC NDE Source Interface

•Configuring the NDE Destination

Enabling NetFlow

To enable NetFlow, perform this task on each Layer 3 interface:
Task

Command
Step 1

Select a VLAN interface to configure.
Router(config)# interface vlan vlan_ID 
Step 2

Enable NetFlow.
Router(config-if)# ip route-cache flow 
Configuring the MSFC NDE Source Interface

To configure the interface that is used as the source of the NDE packets containing the statistics from the MSFC, perform this task:
Task

Command
Configure the interface that is used as the source of the NDE packets containing the statistics from the MSFC:

•Select an interface that is configured with an IP address.

•Use a loopback interface.
Router(config)# ip flow-export source {vlan | loopback} 
number 
This example shows how to configure a loopback interface as the NDE flow source:
Router(config)# ip flow-export source loopback 0 
Router(config)#
Configuring the NDE Destination

To configure the NDE flow destination IP address and UDP port, perform this task:
Task

Command
Configure the NDE destination IP address and UDP port.
Router(config)# ip flow-export destination ip_address 
udp_port_number
This example shows how to configure the NDE flow destination IP address and UDP port:
Router(config)# ip flow-export destination 172.20.52.37 200
Router(config)#
Enabling NDE

To enable NDE, perform this task in privileged mode:

Task

Command

Enable NDE on the switch.

set mls nde enable

This example shows how to enable NDE on the switch:
Console> (enable) set mls nde enable
Netflow data export enabled.
Netflow data export to port 9996 on 172.20.15.1 (Stargate)
Console> (enable)
If you attempt to enable NDE without first specifying a collector, you see this display:
Console> (enable) set mls nde enable
Please set host name and UDP port number with `set mls nde <collector_ip> 
<udp_port_number>'.
Console> (enable)
Enabling and Disabling Bridged-Flow Statistics on VLANs

Note This feature is supported on the Supervisor Engine 1 or 1A/PFC, Supervisor Engine 2/PFC2 and no MSFC/MSFC2 is required. This feature is not supported on the Supervisor Engine 720 or Supervisor Engine 32.

Use the set mls bridged-flow-statistics command to enable or disable the bridged-flow statistics for the specified VLANs. You can enter one or multiple VLANs.

Note You can enable NetFlow table entry creation on a per-VLAN basis. However, because the bridged-flow statistics and per-VLAN entry creation use the same mechanism for collecting the statistics, the VLAN entries may overlap. See the "Specifying NetFlow Table Entry Creation on a Per-Interface Basis" section on page 13-28.

To enable or disable the bridged-flow statistics for a VLAN or for a range of VLANs, perform this task in privileged mode:

Task

Command

Enable or disable the bridged-flow statistics for a VLAN or for a range of VLANs.

set mls bridged-flow-statistics {enable | disable} {vlanlist}

This example shows how to enable the bridged-flow statistics on the specified VLANs:
Console> (enable) set mls bridged-flow-statistics enable 1,20-21
Netflow statistics is enabled for bridged packets on vlan(s) 1,20-21.
Console> show mls nde
Netflow Data Export version: 7
Netflow Data Export enabled
Netflow Data Export configured for port 9991 on host 21.0.0.1
Total packets exported = 0
Bridged flow statistics is enabled on vlan(s) 1,20-21.
Console> 
Specifying a Destination Host Filter

To specify a destination host filter, perform this task in privileged mode:

Task

Command

Specify a destination host filter for an NDE flow.

set mls nde flow destination [ip_addr_spec]

This example shows how to specify a destination host filter so that only the expired flows to host 171.69.194.140 are exported:
Console> (enable) set mls nde flow destination 171.69.194.140
Netflow Data Export successfully set
Destination filter is 171.69.194.140/255.255.255.255
Filter type: include
Console> (enable)
Specifying a Destination and Source Subnet Filter

To specify a destination and source subnet filter, perform this task in privileged mode:

Task

Command

Specify a destination and source subnet filter for an NDE flow.

set mls nde flow destination [ip_addr_spec] source [ip_addr_spec]

This example shows how to specify a destination and source subnet filter so that only the expired flows to subnet 171.69.194.0 from subnet 171.69.173.0 are exported (assuming that the flow mask is set to source-destination-ip):
Console> (enable) set mls nde flow destination 171.69.194.140/24 source 171.69.173.5/24
Netflow Data Export successfully set
Source filter is 171.69.173.0/24
Destination filter is 171.69.194.0/24
Filter type: include
Console> (enable)
Specifying a Destination TCP/UDP Port Filter

To specify a destination TCP/UDP port filter, perform this task in privileged mode:

Task

Command

Specify a destination TCP/UDP port filter for an NDE flow.

set mls nde flow dst-prt [port_number]

This example shows how to specify a destination TCP/UDP port filter so that only the expired flows to destination port 23 are exported (the flow mask is set to full):
Console> (enable) set mls nde flow dst-port 23
Netflow Data Export successfully set
Destination port filter is 23
Filter type: include
Console> (enable)
Specifying a Source Host and Destination TCP/UDP Port Filter

To specify a source host and destination TCP/UDP port filter, perform this task in privileged mode:

Task

Command

Specify a source host and destination TCP/UDP port filter for an NDE flow.

set mls nde flow source [ip_addr_spec] dst-prt [port_number]

This example shows how to specify a source host and destination TCP/UDP port filter so that only the expired flows from host 171.69.194.140 to destination port 23 are exported (the flow mask is set to full):
Console> (enable) set mls nde flow source 171.69.194.140 dst-port 23
Netflow Data Export successfully set
Source filter is 171.69.194.140/255.255.255.255
Destination port filter is 23
Filter type: include
Console> (enable)
Specifying a Protocol Filter

To specify a protocol filter, perform this task in privileged mode:

Task

Command

Specify a protocol filter for an NDE flow.

set mls nde flow protocol protocol

This example shows how to specify a protocol filter so that only the expired flows from protocol 17 are exported:
Console> (enable) set mls nde flow protocol 17
Netflow Data Export filter successfully set.
Protocol filter is 17
Filter type: include
Console> (enable)
Specifying Protocols for Statistics Collection

You can enter the set mls statistics protocol protocol port command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be ip, ipinip, icmp, igmp, tcp, and udp, or a decimal number for the other protocol families. The port argument specifies the protocol port.

To specify the protocols for statistics collection, perform this task in privileged mode:

Task

Command

Specify the protocols for statistics collection.

set mls statistics protocol protocol port

This example shows how to specify a protocol for statistics collection:
Console> (enable) set mls statistics protocol 17 1934
Protocol 17 port 1934 is added to protocol statistics list.
Console> (enable)
Removing Protocols for Statistics Collection

You can enter the clear mls statistics protocol {protocol port | all} command to specify up to 64 different protocols for which to collect statistics to be exported using NDE. The protocol argument can be tcp, udp, icmp, or a decimal number for the other protocol families. The port argument specifies the protocol port. Use the all keyword to remove all the protocols for statistics collection.

To remove the protocols for statistics collection, perform this task in privileged mode:

Task

Command

Remove the protocols for statistics collection.

clear mls statistics protocol {protocol port | all}

This example shows how to remove a protocol for statistics collection:
Console> (enable) clear mls statistics protocol 17 1934
Protocol 17 port 1934 cleared from protocol statistics list.
Console> (enable)
Clearing the NDE Flow Filter

To clear the NDE flow filter and reset the filter to the default (all flows exported), perform this task in privileged mode:

Task

Command

Clear the NDE flow filter.

clear mls nde flow

This example shows how to clear the NDE flow filter so that all the flows are exported:
Console> (enable) clear mls nde flow 
Netflow data export filter cleared.
Console> (enable)
Disabling NDE

Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable MLS, you lose the statistics for existing cache entries because the statistics are not exported.

To disable NDE on the switch, perform this task in privileged mode:

Task

Command

Disable NDE on the switch.

set mls nde disable

This example shows how to disable NDE on the switch:
Console> (enable) set mls nde disable
Netflow data export disabled.
Console> (enable)
Removing the NDE IP Address

To remove the NDE IP address from the MSFC, perform this task in global configuration mode:

Task

Command

Remove the NDE IP address from the MSFC.

Router(config)# no mls nde-address [ip_addr]

This example shows how to remove the NDE IP address from the MSFC:
Router(config)# no mls nde-address 170.170.2.1
Router(config)# 
Displaying the NDE Configuration

To display the NDE configuration on the switch, perform this task in privileged mode:

Task

Command

Display the NDE configuration on the switch.

show mls nde

This example shows how to display the NDE configuration on the switch:
Console> (enable) show mls nde
Netflow Data Export enabled
Netflow Data Export configured for port 7772 on host 10.6.1.10
Secondary Data Export configured for port 7775 on host 10.6.1.10
Source filter is 171.69.194.140/255.255.255.0
Destination port filter is 23
Total packets exported = 26784
Console> (enable)
This example shows how to display the NDE configuration when the bridged-flow statistics are enabled on the switch:
Console> (enable) show mls nde
Netflow Data Export version:7
Netflow Data Export enabled
Netflow Data Export configured for port 7772 on host 10.6.1.10
Secondary Data Export configured for port 7775 on host 10.6.1.10
Total packets exported = 0
Bridged flow statistics is enabled on vlan(s) 1,20-21.