- Preface
- Using the Command-Line Interface
-
- Managing Switch Stacks
- Security Features Overview
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring Cisco TrustSec
- Configuring FIPS
- XML Schema for SNMP Endpoint Proxy
- Important Notice
- Index
Configuring Flexible
NetFlow
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for NetFlow Lite
The following are prerequisites for your NetFlow Lite configuration:
Restrictions for NetFlow Lite
The following are restrictions for NetFlow Lite:
Monitor restrictions:
Monitor attachment is only supported in the ingress direction.
One monitor per interface is supported, although multiple exporters per interface are supported.
Only permanent and normal cache is supported for the monitor; immediate cache is not supported.
Changing any monitor parameter will not be supported when it is applied on any of the interfaces or VLANs.
When both the port and VLANs have monitors attached, then VLAN monitor will overwrite the port monitor for traffic coming on the port.
Flow monitor type and traffic type (type means IPv4, IPv6, and data link) should be same for the flows to be created.
You cannot attach an IP and port-based monitor to an interface at the same time on the switch. A 48-port switch supports a maximum of 48 monitors (IP or port-based) and for 256 SVIs, you can configure up to 256 monitors (IP or port-based).
When running the show flow monitor flow_name cache command, the switch displays cache information from an earlier switch software version (Catalyst 2960-S) with all fields entered as zero. Ignore these fields, as they are inapplicable to the switch.
Sampler restrictions:
Only sampled NetFlow is supported.
For both port and VLANS, a total of only 4 samplers (random or deterministic) are supported on the switch.
The sampling minimum rate for both modes is 1 out of 32 flows, and the sampling maximum rate for both modes is 1 out of 1022 flows.
You must associate a sampler with a monitor while attaching it to an interface. Otherwise, the command will be rejected. Use the ip flow monitor monitor_name sampler sampler_name input interface configuration command to perform this task.
When you attach a monitor using a deterministic sampler (for example, s1), every attachment with the same sampler s1 uses one new free sampler from the switch (hardware) out of 4 available samplers. You are not allowed to attach a monitor with any sampler, beyond 4 attachments.
When you attach a monitor using a random sampler (for example, s2), only the first attachment uses a new sampler from the switch (hardware). The remainder of all of the attachments using the same sampler s2, share the same sampler.
Because of this behavior, when using a deterministic sampler, you can always make sure that the correct number of flows are sampled by comparing the sampling rate and what the switch sends. If the same random sampler is used with multiple interfaces, flows from any interface can always be sampled, and flows from other interfaces can always be skipped.
Stacking Restrictions:
The switch supports homogeneous stacking and mixed stacking. Mixed stacking is supported only with the Catalyst 2960-S switches. A homogenous stack can have up to eight stack members, while a mixed stack can have up to four stack members. All switches in a switch stack must be running the LAN Base image.
- The switch supports NetFlow Lite running on a mixed stack configuration, where both Catalyst 2960-X and Catalyst 2960-S switches reside in the same stack. But in such a mixed stack configuration, the master switch must always be a Catalyst 2960-X switch. The Catalyst 2960-S switch must never be the master switch in this type of mixed stack configuration.
Each switch in a stack (hardware) can support the creation of a maximum of 16,000 flows at any time. But as the flows are periodically pushed to the software cache, the software cache can hold a much larger amount of flows (1048 Kb flows). From the hardware flow cache, every 20 seconds (termed as poll timer), 200 flows (termed as poll entries) are pushed to software.
Network flows and statistics are collected at the line rate.
ACL-based NetFlow is not supported.
- Only NetFlow Version 9 is supported for Flexible NetFlow exporter using the export-protocol command option. If you configure NetFlow Version 5, this version will be accepted, but the NetFlow Version 5 export functionality is neither currently available nor supported.
Information About NetFlow Lite
NetFlow Lite Overview
NetFlow Lite uses flows to provide statistics for accounting, network monitoring, and network planning.
A flow is a unidirectional stream of packets that arrives on a source interface and has the same values for the keys. A key is an identified value for a field within the packet. You create a flow using a flow record to define the unique keys for your flow.
The switch supports the NetFlow Lite feature that enables enhanced network anomalies and security detection. NetFlow Lite allows you to define an optimal flow record for a particular application by selecting the keys from a large collection of predefined fields.
All key values must match for the packet to count in a given flow. A flow might gather other fields of interest, depending on the export record version that you configure. Flows are stored in the NetFlow Lite cache.
You can export the data that NetFlow Lite gathers for your flow by using an exporter and export this data to a remote system such as a NetFlow Lite collector. The NetFlow Lite collector can use an IPv4 address.
You define the size of the data that you want to collect for a flow using a monitor. The monitor combines the flow record and exporter with the NetFlow Lite cache information.
Flow Records
A flow record defines the keys that NetFlow Lite uses to identify packets in the flow, as well as other fields of interest that NetFlow Lite gathers for the flow. You can define a flow record with any combination of keys and fields of interest.
A flow record also defines the types of counters gathered per flow. You can configure 64-bit packet or byte counters.
NetFlow Lite Match Parameters
The following table describes NetFlow Lite match parameters. Use these match parameters when creating a NetFlow Lite flow record. You must configure at least one of the following match parameters for the flow records.
NetFlow Lite Collect Parameters
The following table describes the NetFlow Lite collect parameters. Use these collect parameters when creating a NetFlow Lite flow record.
Command |
Purpose |
---|---|
collect counter {bytes {long | permanent } | packets { long | permanent}} |
Collects the counter fields total bytes and total packets. |
collect flow sampler |
Collects the ID of the flow sampler to find out the sampling rate. |
collect interface {input} |
Collects the fields from the input interface. |
collect timestamp sys-uptime {first | last} |
Collects the fields for the time the first packet was seen or the time the most recent packet was last seen (in milliseconds). |
collect transport tcp flags |
Exporters
An exporter contains network layer and transport layer details for the NetFlow Lite export packet. The following table lists the configuration options for an exporter.
Exporter Configuration |
Description |
---|---|
default |
Sets a command to its default values. You can set the following defaults: |
description |
Provides a description for the flow exporter. |
destination |
Export destination. |
dscp |
Optional DSCP value. Enter a DSCP value from 0 to 63. |
exit |
Exits from the flow exporter configuration mode. |
export-protocol |
Export protocol version. |
no |
Negates the command or its default. |
option |
Selects option for exporting: |
source |
Originating interface for the net flow. |
template |
Flow exporter template configuration. |
transport |
Transport protocol. Enter the UDP transport protocol and a port value. Enter a port value from 1 to 65535. |
ttl |
Optional TTL or hop limit. Enter a TTL value from 1 to 255. |
The switch exports data to the collector whenever a timeout occurs, or when the flow is terminated (TCP Fin or Rst received, for example), or when the cache is full. You can configure the following timers in the flow monitor record to force a flow export:
Export Formats
The switch supports only NetFlow Version 9 export formats. NetFlow Version 9 export format provides the following features and functionality:
Variable field specification format
Support for IPv6 and Layer 2 fields
More efficient network utilization
Note | For information about the Version 9 export format, see RFC 3954. |
Monitors
A monitor references the flow record and flow exporter. You apply a monitor to an interface on the switch.
Samplers
You use a NetFlow Lite sampler to specify the rate at which packets are being sampled. The switch supports both deterministic and random modes of sampling.
Stacking
NetFlow Lite is supported on both homogenous and mixed switch stacks.
Each stack member has NetFlow information that operates as if they are a standalone switch. After entering a show CLI EXEC command, the master switch queries stack members to obtain their information. During an export, the member switches send the flow packets to the master switch, since member switches cannot route packets. Therefore, export always occurs from the master switch.
During a switchover, previous monitor configurations are not applied, and the new master switch synchronizes the configuration to all stack members. Member switches reapply the configuration on the respective stack members.
Note | The exported flow record's source ID is different between the master switch and member switch. When a flow export collector receives the exported flow record, the source ID would be switch#, if the switch is a master switch. If the flow is created by the member switch, then the source ID would be 0x0100switch#. For example, if switch#1 is the master switch, then the flow record's source ID would be 0x0001 (1); if switch#2 is a member switch, then the source ID would be 0x0102 (258). |
In a mixed stack, the NetFlow Lite CLI is available for a mixed stack NetFlow Lite configuration. But a monitor attachment is not supported on a Catalyst 2960-S switch interface. When a monitor is attached to a VLAN, an interface belonging to the Catalyst 2960-S switch ignores this and only the Catalyst 2960-X switch programs NetFlow (in hardware).
Default Settings
The following table lists the NetFlow Lite default settings for the switch.
Setting |
Default |
||
---|---|---|---|
Flow active timeout |
1800 seconds
|
||
Flow timeout inactive |
Enabled, 30 seconds |
||
Flow update timeout |
1800 seconds |
||
Default cache size |
16640 bits |
How to Configure NetFlow Lite
To configure NetFlow Lite, follow these general steps:
Create a flow record by specifying keys and non-key fields to the flow.
Create an optional flow exporter by specifying the protocol and transport destination port, destination, and other parameters.
Create a flow monitor based on the flow record and flow exporter.
Create a sampler (either deterministic or random).
Apply the flow monitor to a Layer 2 port or VLAN.
- Creating a Flow Record
- Creating a Flow Exporter
- Creating a Flow Exporter Using a Template
- Creating a Flow Monitor
- Creating a Sampler
- Applying a Flow to an Interface
- Configuring a Bridged NetFlow on a VLAN
- Configuring Layer 2 NetFlow
Creating a Flow Record
You can create a flow record and add keys to match on and fields to collect in the flow.
2.
flow record name
3.
description string
4.
match type
5.
collect type
7.
show flow record [name record-name]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |
Step 2 | flow record name Example: Switch(config)# flow record test Switch(config-flow-record)# | Creates a flow record and enters flow record configuration mode. |
Step 3 | description string Example:
Switch(config-flow-record)# description Ipv4Flow
| (Optional) Describes this flow record as a maximum 63-character string. |
Step 4 | match type Example: Switch(config-flow-record)# match ipv4 source address Switch(config-flow-record)# match ipv4 destination address Switch(config-flow-record)# match ipv4 protocol | Specifies a match key. For information about possible match key values, see NetFlow Lite Match Parameters. |
Step 5 | collect type Example: Switch(config-flow-record)# collect counter bytes long Switch(config-flow-record)# collect timestamp sys-uptime first Switch(config-flow-record)# collect transport tcp flags | Specifies the collection field. For information about possible collection field values, see NetFlow Lite Collect Parameters. |
Step 6 | end Example: Switch(config-flow-record)# end | |
Step 7 | show flow record [name record-name] Example:
Switch show flow record test
| (Optional) Displays information about NetFlow flow records. |
Step 8 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Define an optional flow exporter by specifying the export format, protocol, destination, and other parameters.
Creating a Flow Exporter
You can create a flow export to define the export parameters for a flow.
2.
flow exporter name
3.
description string
4.
dscp value
5.
destination { ipv4-address }
6.
source { source type }
7.
transport udp number
9.
show flow exporter [name record-name]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |
Step 2 | flow exporter name Example: Switch(config)# flow exporter ExportTest Switch (config-flow-exporter)# | Creates a flow exporter and enters flow exporter configuration mode. |
Step 3 | description string Example:
Switch(config-flow-exporter)# description ExportV9
| (Optional) Describes this flow record as a maximum 63-character string. |
Step 4 | dscp value Example:
Switch(config-flow-exporter)# dscp 0
| (Optional) Specifies the differentiated services codepoint value. The range is from 0 to 63. |
Step 5 | destination { ipv4-address } Example:
Switch(config-flow-exporter)# destination 192.0.2.1
| Sets the destination IPv4 address or hostname for this exporter. |
Step 6 | source { source type } Example:
Switch(config-flow-exporter)# source gigabitEthernet1/0/1
| Specifies the interface to use to reach the NetFlow collector at the configured destination. |
Step 7 | transport udp number Example:
Switch(config-flow-exporter)# transport udp 200
| (Optional) Specifies the UDP port to use to reach the NetFlow collector. The range is from 0 to 65535. |
Step 8 | end Example: Switch(config-flow-record)# end | |
Step 9 | show flow exporter [name record-name] Example:
Switch show flow exporter ExportTest
| (Optional) Displays information about NetFlow flow exporters. |
Step 10 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Define a flow monitor based on the flow record and flow exporter.
Creating a Flow Exporter Using a Template
You can create a flow export to define the export parameters for a flow with a template.
2.
flow exporter name
3.
description string
4.
destination { ipv4-address }
5.
source { source type }
6.
transport udp number
7.
template data timeout timeout_value
8.
option interface-table
9.
option sampler-table
11.
show flow exporter [name record-name]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |
Step 2 | flow exporter name Example: Switch(config)# flow exporter FE Switch (config-flow-exporter)# | Creates a flow exporter and enters flow exporter configuration mode. |
Step 3 | description string Example:
Switch(config-flow-exporter)# description ExportV9
| (Optional) Describes this flow record as a maximum 63-character string. |
Step 4 | destination { ipv4-address } Example:
Switch(config-flow-exporter)# destination 192.0.2.1
| Sets the destination IPv4 address or hostname for this exporter. |
Step 5 | source { source type } Example:
Switch(config-flow-exporter)# source Vlan 10
| Specifies the VLAN to use to reach the NetFlow collector at the configured destination. |
Step 6 | transport udp number Example:
Switch(config-flow-exporter)# transport udp 2055
| (Optional) Specifies the UDP port to use to reach the NetFlow collector. The range is from 0 to 65535. |
Step 7 | template data timeout timeout_value Example:
Switch(config-flow-exporter)# template data timeout 60
| Creates a template data timeout (with a value in seconds), so that the collector can interpret the flow record contents based on this template. |
Step 8 | option interface-table Example:
Switch(config-flow-exporter)# option interface-table
| Specifies the interface SNMP-index-to-name Table Option. |
Step 9 | option sampler-table Example:
Switch(config-flow-exporter)# option sampler-table
| Specifies the Export Sampler Option. |
Step 10 | end Example: Switch(config-flow-exporter)# end | |
Step 11 | show flow exporter [name record-name] Example:
Switch show flow exporter FE
| (Optional) Displays information about NetFlow flow exporters. |
Step 12 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Creating a Flow Monitor
You can create a flow monitor and associate it with a flow record and a flow exporter.
2.
flow monitor name
3.
description string
4.
exporter name
5.
record name
6.
cache { type { normal | permanent }
7.
cache { timeout {active | inactive | update} seconds }
8.
cache { entries value }
10.
show flow monitor [name record-name]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |
Step 2 | flow monitor name Example: Switch(config)# flow monitor MonitorTest Switch (config-flow-monitor)# | Creates a flow monitor and enters flow monitor configuration mode. |
Step 3 | description string Example:
Switch(config-flow-monitor)# description Ipv4Monitor
| (Optional) Describes this flow record as a maximum 63-character string. |
Step 4 | exporter name Example:
Switch(config-flow-monitor)# exporter ExportTest
| Associates a flow exporter with this flow monitor. |
Step 5 | record name Example:
Switch(config-flow-monitor)# record test
| Associates a flow record with the specified flow monitor. |
Step 6 | cache { type { normal | permanent } Example:
Switch(config-flow-monitor)# cache type normal
| Associates a flow cache type for the specified flow monitor. This command specifies the normal cache type. This is the default cache type. The entries in the cache will be aged out according to the timeout active seconds and timeout inactive seconds settings. When a cache entry is aged out, it is removed from the cache and exported via any exporters configured for the monitor associated with the cache. This command can also specify the permanent cache type. This type of cache never ages out any flows. This cache type is useful when the number of flows you expect to see has a limit and there is a need to keep long-term statistics on the switch . For example, if the only key field is tos, a limit of 256 flows can be seen, so to monitor the long-term usage of the field, a permanent cache can be used. Update messages are exported via any exporters configured for the monitor associated with this cache in accordance with the timeout update seconds setting. |
Step 7 | cache { timeout {active | inactive | update} seconds } Example:
Switch(config-flow-monitor)# cache timeout active 15000
| Associates a flow cache with an active timeout value (in seconds) for the specified flow monitor. cache timeout active — Controls the aging behavior of the normal type of cache. If a flow has been active for a long time, it is usually desirable to age it out (starting a new flow for any subsequent packets in the flow). This age out process allows the monitoring application that is receiving the exports to remain up to date. By default this timeout is 1800 seconds (30 minutes), but it can be adjusted according to system requirements. A larger value ensures that long-lived flows are accounted for in a single flow record; a smaller value results in a shorter delay between starting a new long-lived flow and exporting some data for it. cache timeout inactive — Controls the aging behavior of the normal type of cache. If a flow has not seen any activity for a specified amount of time, that flow will be aged out. By default, this timeout is 30 seconds, but this value can be adjusted depending on the type of traffic expected. If a large number of short-lived flows is consuming many cache entries, reducing the inactive timeout can reduce this overhead. If a large number of flows frequently get aged out before they have finished collecting their data, increasing this timeout can result in better flow correlation cache timeout update — Controls the periodic updates sent by the permanent type of cache. This behavior is similar to the active timeout, except that it does not result in the removal of the cache entry from the cache. By default this timer value is 1800 seconds (30 minutes). |
Step 8 | cache { entries value } Example:
Switch(config-flow-monitor)# cache entries 10000
| Associates a flow cache with a maximum entry value for the specified flow monitor. Enter a value between 16 and 1048576. |
Step 9 | end Example: Switch(config-flow-monitor)# end | |
Step 10 | show flow monitor [name record-name] Example:
Switch show flow monitor name MonitorTest
| (Optional) Displays information about NetFlow flow monitors. |
Step 11 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Apply the flow monitor to a Layer 2 interface or VLAN.
Creating a Sampler
You can create a sampler to define the NetFlow sampling rate for a flow.
2.
sampler name
3.
description string
4.
mode { deterministic { m - n } | random { m - n }}
6.
show sampler [name]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |
Step 2 | sampler name Example: Switch(config)# sampler SampleTest Switch(config-flow-sampler)# | Creates a sampler and enters flow sampler configuration mode. |
Step 3 | description string Example:
Switch(config-flow-sampler)# description samples
| (Optional) Describes this flow record as a maximum 63-character string. |
Step 4 | mode { deterministic { m - n } | random { m - n }} Example:
Switch(config-flow-sampler)# mode random 1 out-of 1022
| Defines the random sample mode. You can configure either a random or deterministic sampler to an interface. Select m packets out of an n packet window. The window size to select packets from ranges from 32 to 1022. Note the following when configuring a sampler to an interface:
Due to this behavior, when using a deterministic sampler, you can always make sure the correct number of flows are sampled by comparing the sampling rate and what the switch sends. If the same random sampler is used with multiple interfaces, flows from an interface can always be sampled, and the flows from other interfaces could be always skipped. |
Step 5 | end Example: Switch(config-flow-sampler)# end | |
Step 6 | show sampler [name] Example: Switch show sample SampleTest
| (Optional) Displays information about NetFlow samplers. |
Step 7 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Apply the flow monitor to a source interface or a VLAN.
Applying a Flow to an Interface
You can apply a flow monitor and an optional sampler to an interface.
2.
interface type
3.
ip flow monitor name sampler sampler-name { input }
5.
show flow monitor [name record-name]
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |||
Step 2 | interface type Example: Switch(config)# interface GigabitEthernet1/0/1 Switch(config-if)# | Enters interface configuration mode and configures an interface. | ||
Step 3 | ip flow monitor name sampler sampler-name { input } Example:
Switch(config-if)# ip flow monitor MonitorTest sampler SampleTest input
| To monitor IPv4 traffic flows, you would use the ip flow monitor name sampler sampler-name {input} interface command. This specific command associates an IPv4 flow monitor and required sampler to the interface for input packets. To monitor IPv6 traffic flows, you would use the ipv6 flow monitor name sampler sampler-name {input} interface command. This specific command associates an IPv6 flow monitor and required sampler to the interface for input packets. To monitor datalink L2 traffic flows, you would use datalink flow monitor name sampler sampler-name {input} interface command. This specific command associates a datalink L2 flow monitor and required sampler to the interface for input packets. When a datalink flow monitor is assigned to an interface or VLAN record, it only creates flows for non-IPv6 or non-IPv4 traffic.
| ||
Step 4 | end Example: Switch(config-flow-monitor)# end | |||
Step 5 | show flow monitor [name record-name] Example:
Switch show flow monitor name MonitorTest
| (Optional) Displays information about NetFlow flow monitor. | ||
Step 6 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Configuring a Bridged NetFlow on a VLAN
You can apply a flow monitor and an optional sampler to a VLAN.
2.
interface {vlan} vlan-id
3.
ip flow monitor name sampler sampler-name { input }
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |||
Step 2 | interface {vlan} vlan-id Example: Switch(config)# interface vlan 30 Switch(config-if)# | Specifies the SVI for the configuration. | ||
Step 3 | ip flow monitor name sampler sampler-name { input } Example:
Switch(config-if)# ip flow monitor MonitorTest sampler SampleTest input
| Associates a flow monitor and an optional sampler to the VLAN for input packets.
| ||
Step 4 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Configuring Layer 2 NetFlow
You can define Layer 2 keys in NetFlow Lite records that you can use to capture flows in Layer 2 interfaces.
2.
flow record name
3.
match datalink { ethertype | mac { destination { address input } | source { address input } } }
4.
match { ipv4 {destination | protocol | source | tos } | ipv6 {destination | flow-label| protocol| source| traffic-class } | transport {destination-port | source-port} }
6.
show flow record [name ]
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | configure
terminal
Example: Switch# configure terminal | |||
Step 2 | flow record name Example: Switch(config)# flow record L2_record Switch(config-flow-record)# | Enters flow record configuration mode. | ||
Step 3 | match datalink { ethertype | mac { destination { address input } | source { address input } } } Example: Switch(config-flow-record)# match datalink mac source address input Switch(config-flow-record)# match datalink mac destination address input | Specifies the Layer 2 attribute as a key. In this example, the keys are the source and destination MAC addresses from the packet at input.
| ||
Step 4 | match { ipv4 {destination | protocol | source | tos } | ipv6 {destination | flow-label| protocol| source| traffic-class } | transport {destination-port | source-port} } Example: Switch(config-flow-record)# match ipv4 protocol Switch(config-flow-record)# match ipv4 tos | Specifies additional Layer 2 attributes as a key. In this example, the keys are IPv4 protocol and ToS. | ||
Step 5 | end Example: Switch(config-flow-record)# end | |||
Step 6 | show flow record [name ] Example:
Switch# show flow record
| (Optional) Displays information about NetFlow on an interface. | ||
Step 7 | copy running-config startup-config Example: Switch# copy running-config startup-config |
Monitoring NetFlow Lite
Command |
Purpose |
---|---|
show flow exporter [ name | name [statistics | templates] ] |
Displays information about NetFlow flow exporters and statistics. |
show flow exporter [ name name ] |
Displays information about NetFlow flow exporters and statistics. |
show flow monitor [ name name [ cache { format { csv | record | table } ] | statistics ] |
Displays information about NetFlow flow monitors and statistics. |
show flow record [ name record-name] |
Displays information about NetFlow flow records. |
show sampler [ name name] |
Displays information about NetFlow samplers. |
Configuration Examples for NetFlow Lite
Example: Configuring a Flow
Note | When configuring a flow, you need to have the protocol, source port, destination port, first and last timestamps, and packet and bytes counters defined in the flow record. Otherwise, you will get the following error message: "Warning: Cannot set protocol distribution with this Flow Record. Require protocol, source and destination ports, first and last timestamps and packet and bytes counters." |
This example shows how to create a flow and apply it to an interface:
Switch# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# flow exporter export1 Switch(config-flow-exporter)# destination 10.0.101.254 Switch(config-flow-exporter)# transport udp 2055 Switch(config-flow-exporter)# template data timeout 60 Switch(config-flow-exporter)# exit Switch(config)# flow record record1 Switch(config-flow-record)# match ipv4 source address Switch(config-flow-record)# match ipv4 destination address Switch(config-flow-record)# match ipv4 protocol Switch(config-flow-record)# match transport source-port Switch(config-flow-record)# match transport destination-port Switch(config-flow-record)# collect counter bytes long Switch(config-flow-record)# collect counter packets long Switch(config-flow-record)# collect timestamp sys-uptime first Switch(config-flow-record)# collect timestamp sys-uptime last Switch(config-flow-record)# exit Switch(config)# sampler SampleTest Switch(config-sampler)# mode random 1 out-of 100 Switch(config-sampler)# exit Switch(config)# flow monitor monitor1 Switch(config-flow-monitor)# cache timeout active 300 Switch(config-flow-monitor)# cache timeout inactive 120 Switch(config-flow-monitor)# record record1 Switch(config-flow-monitor)# exporter export1 Switch(config-flow-monitor)# exit Switch(config)# interface GigabitEthernet1/0/1 Switch(config-if)# ip flow monitor monitor1 sampler SampleTest input Switch(config-if)# end
Additional References
Related Documents
Related Topic | Document Title |
---|---|
For complete syntax and usage information for the commands used in this book. |
Catalyst 2960-X NetFlow Lite Command Reference |
Standards and RFCs
Standard/RFC | Title |
---|---|
RFC 3954 |
Cisco Systems NetFlow Services Export Version 9 |
MIBs
MIB | MIBs Link |
---|---|
All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description | Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature History and Information for NetFlow Lite
Release | Modification |
---|---|
Cisco IOS 15.0(2)EX |
This feature was introduced. |