The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the system management commands that begin with F.
To globally enable the NetFlow feature, use the feature netflow command. To disable NetFlow, use the no form of this command.
|
|
This example shows how to enable NetFlow on a Cisco NX-OS device:
This example shows how to disable NetFlow on a Cisco NX-OS device:
|
|
---|---|
Creates a flow record and enters flow record configuration mode. |
|
To enable the PTP feature, use the feature ptp command. To unconfigure the PTP feature, use the no form of this command.
|
|
---|---|
This example shows how to enable PTP on the device:
|
|
---|---|
Configures the priority 1 value to use when advertising this clock. |
|
Configures the priority 1 value to use when advertising this clock. |
|
To create a Fabric Extender (FEX) group, use the fex-group command. To delete a FEX group., use the no form of this command.
|
|
This example shows how to create a FEX group “fg1”:
This example shows how to delete a FEX group “fg1”:
To apply an access group to an Encapsulated Remote Switched Port Analyzer (ERSPAN) or Switched Port Analyzer (SPAN) source session, use the filter access-group command. To remove an access group, use the no form of this command.
filter access-group acl-filter
no filter access-group acl-filter
Access control list (ACL) name. An ACL associates the access list with the SPAN session. |
SPAN session configuration mode (config-monitor)
ERSPAN source session configuration mode (config-erspan-src)
|
|
---|---|
ACL filtering allows you to filter SPAN and ERSPAN traffic so that you can reduce bandwidth congestion. An ACL is a list of permissions associated to any entity in the system; in the context of a monitoring session, an ACL is a list of rules which results in the spanning of traffic that matches the ACL criteria, saving bandwidth for more meaningful data. The filter applies to all sources in the session.
Note If the ACL has rules with a log option configured, the log option is ignored but the rule is implemented.
This example shows how to enable an ACL filter for a SPAN session:
This example shows how to enable an ACL filter for a ERSPAN session:
|
|
---|---|
To create a Flexible NetFlow flow monitor or to modify an existing Flexible NetFlow flow monitor and enter flow monitor configuration mode, use the flow monitor command. To remove a Flexible NetFlow flow monitor, use the no form of this command.
Flow monitors are not present in the configuration until you create them.
|
|
---|---|
Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record that you add to the flow monitor after you create the flow monitor and a cache that is automatically created at the time that the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in record that is configured for the flow monitor and stored in the flow monitor cache.
Once you enter the flow monitor configuration mode, the prompt changes to the following:
Within the flow monitor configuration mode, the following keywords and arguments are available to configure the flow monitor:
– record-name —Name of a record.
– netflow ipv4 collection-type — Specifies the traditional IPv4 NetFlow collection schemes as follows:
original-input —Specifies the traditional IPv4 input NetFlow.
original-output —Specifies the traditional IPv4 output NetFlow.
protocol-port —Specifies the protocol and ports aggregation scheme.
– netflow-original — Specifies the traditional IPv4 input NetFlow with origin autonomous systems.
The netflow-original and original-input keywords are the same and are equivalent to the following commands:
The original-output keywords are the same as the original-input keywords except for the following:
This example shows how to create and configure a flow monitor named FLOW-MONITOR-1:
|
|
---|---|
To enable a Flexible NetFlow flow monitor for traffic that the router is receiving or forwarding, use the flow monitor (interface) command. To disable a Flexible NetFlow flow monitor, use the no form of this command.
{ ip | ipv6 } flow monitor monitor-name input sampler sampler-name
no { ip | ipv6 } flow monitor monitor-name input sampler sampler-name
Monitors traffic that the routers are receiving on the interface. |
|
Flow sampler for this flow monitor using the name of a sampler that you previously configured. |
Interface configuration (config-if)
VLAN feature configuration (config-vlan-config)
|
|
---|---|
You must have already created a flow monitor by using the flow monitor command before you can apply the flow monitor to an interface with the ip flow monitor or ipv6 flow monitor command to enable traffic monitoring with Flexible NetFlow.
You must have already created a sampler by using the sampler command before you can enable a flow sampler for this flow monitor with the ip flow monitor or ipv6 flow monitor command.
When adding a sampler to a flow monitor, only packets that are selected by the named sampler are entered into the cache to form flows. Each use of a sampler results in separate statistics being stored for that usage.
You cannot add a sampler to a flow monitor after the flow monitor has been enabled on an interface. You must remove the flow monitor from the interface before you enable the same flow monitor with a sampler. See the “Examples” section for more information.
Note The statistics for each flow needs to be scaled to give the expected true usage. For example, if you are using a 1 in 16 sampler, you must multiply the packet and byte counters by 16.
This example shows how to enable an IPv6 flow monitor for monitoring input traffic on a VLAN:
Note ● VLAN configuration mode enables you to configure VLANs independently of their creation, which is required for VTP client support.
This example shows how to enable a flow monitor for monitoring input traffic:
This example shows how to enable two different flow monitors on two different interfaces for monitoring input traffic:
This example shows how to enable a flow monitor for monitoring input traffic with a sampler to limit the input packets that are sampled:
This example shows how to remove the flow monitor and sampler from an IPv6 interface:
|
|
---|---|
To create a Flexible NetFlow flow record or to modify an existing Flexible NetFlow flow record and enter flow record configuration mode, use the flow record command. To remove a Flexible NetFlow flow record, use the no form of this command.
Flow records are not present in the configuration until you create them.
|
|
---|---|
Flexible NetFlow uses key and nonkey fields just as original NetFlow does to create and populate flows in a cache. In Flexible NetFlow, a combination of key and nonkey fields is called a record. Original NetFlow and Flexible NetFlow both use the values in key fields in IP datagrams, such as the IP source or destination address and the source or destination transport protocol port, as the criteria for determining when a new flow must be created in the cache while network traffic is being monitored. A flow is defined as a stream of packets between a given source and a given destination. New flows are created whenever NetFlow analyzes a packet that has a unique value in one of the key fields.
Once you enter the flow record configuration mode, the prompt changes to the following:
Within the flow record configuration mode, the following keywords and arguments are available to configure the flow record:
Cisco NX-OS enables the following match fields by default when you create a flow record:
This example shows how to create a flow record and enter flow record configuration mode:
|
|
---|---|
To create a Flexible NetFlow flow timeout or to modify an existing Flexible NetFlow flow timeout, use the flow timeout command. To remove a Flexible NetFlow flow timeout, use the no form of this command.
Flow timeout value in seconds. The range is from 5 to 60 seconds. |
|
|
---|---|
Cisco NX-OS exports data to the remote collector, using UDP frames, whenever a timeout occurs. By default, the flow timeout value is set to 15 seconds.
This example shows how to specify the flow timeout in seconds:
|
|
---|---|