The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
One of the following must be enabled on your router and on any interfaces on which you want to enable Flexible NetFlow:
The following restrictions apply to IPv6 Netflow configurations:
NetFlow is a monitoring feature used on customer applications for network monitoring, user monitoring and profiling, network planning, security analysis, billing and accounting, and data warehousing and mining. You can use Flexible NetFlow on uplink ports to monitor user-defined flows, collect flow statistics, and perform per-flow policing. It collects and exports flow statistics to a collector device.
 Note |
Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image. |
Note |
Not all of the Flexible NetFlow commands in the command reference are available on the switch. Unsupported commands are either not visible or generate an error message if entered. |
With Flexible NetFlow, traffic is processed and packets are classified into flows. New flows are inserted in the NetFlow table, and statistics are automatically updated. You must configure both ingress and egress NetFlow monitoring. The network services module supports one monitor per interface per direction.
Flexible NetFlow consists of the following components:
Records— These are combinations of key and non-key fields assigned to monitor Flexible NetFlow monitors to define the cache used to store data.
Flow monitors— These are applied to interfaces to perform network traffic monitoring. A flow monitor includes a user-defined record, an optional flow exporter, and a cache that is automatically created when the monitor is applied to the first interface. The switch supports normal caches that age out according to settings.
Flow exporters— These export the data in the flow monitor cache to a remote system, such as a server running NetFlow collector.
Flow samplers— These reduce the load that Flexible NetFlow puts on the networking device to monitor traffic by limiting the number of packets that are analyzed.
You can configure unidirectional flow (destination or source-address based flows), and flow aging. The following features are supported on the network services module:
The following NetFlow characteristics are not supported:
Though other modules that can be installed in the switch have 1-Gigabit and 10-Gigabit uplink interfaces, NetFlow is supported only on the network services module.
Flexible Netflow (FNF) allows the user to define a flow record (a particular set of key, non-key, counter and time-stamp fields of interest) that is optimal for a particular application by selecting the fields from a big collection of pre-defined fields, using CLI configuration commands.
The collection of the pre-defined fields includes the following fields:
How To Configure IPv6 Netflow
You can match the following fields for the flow record:
You can collect the following fields for the flow record:
The following steps configure the customized flow record:
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
flow record recordname Example: |
Creates a flow record and enters Flexible NetFlow flow record configuration mode. This command can also modify an existing flow record. |
| Step 3 |
description description Example: |
(Optional) Creates a description for the flow record. |
| Step 4 |
match {ipv4 | ipv6}{destination | hop-limit | protocol | source | traffic-class| version} address Example: |
Configures key ipv4 and ipv6 fields for the flow record. |
| Step 5 |
match datalink [dot1q | ethertype | mac | vlan] Example: |
Configures key datalink (layer 2) fields for the flow record. |
| Step 6 |
match transport [destination-port | icmp | source-port] Example: |
Configures key transport layer fields for the flow record. |
| Step 7 |
match interface [input |output] Example: |
Configures key interface fields for the flow record. |
| Step 8 |
match flow direction Example: |
Configures key flow identity fields for the flow record. |
| Step 9 |
collect counter {bytes [ layer2 | long] | packets [ long]} Example: |
Configures the counter key field for the flow record. |
| Step 10 |
collect timestamp absolute [first | last] Example: |
Configures the timestamp key field for the flow record. |
| Step 11 |
collect interface [input | output] Example: |
Configures the interface key field for the flow record. |
| Step 12 |
collect transport tcp flags {ack | cwr | ece | fin | psh | rst | syn | urg} Example: |
Configures transports tcp flag fields for the flow record. |
| Step 13 |
end Example: |
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Device(config)# flow record
Device(config-flow-record)# description record to monitor network traffic
Device(config-flow-record)# match ipv6 destination address
Device(config-flow-record)# match datalink [dot1q | ethertype | mac | vlan]
Device(config-flow-record)# match transport [destination-port | icmp |igmp | source-port]
Device(config-flow-record)# match interface input
Device(config-flow-record)# match flow direction
Device(config-flow-record)#collect counter bytes layer2 long
Device(config-flow-record)# collect timestamp absolute first
Device(config-flow-record)# collect interface [input | output]
Device(config-flow-record)# collect transport tcp flags ack
Device(config-flow-record)# endThe following steps are used to configure the NetFlow exporter.
Note |
The optional export-protocol flow exporter configuration command specifies the NetFlow export protocol used by the exporter. The switch supports only netflow-v9. Though visible in the CLI help, netflow-5 is not supported. |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
| Step 2 |
flow exporter exporter-name Example: |
Creates the flow exporter and enters Flexible NetFlow flow exporter configuration mode. This command can also modify an existing flow exporter. |
| Step 3 |
description description Example: |
(Optional) Configures a description for the exporter that appears in the configuration and in the display of the show flow exporter command. |
| Step 4 |
destination {hostname | ip-address} vrf vrf-name Example: |
(Optional) Configures the flow exports destination. |
| Step 5 |
dscp <0-63> Example: |
(Optional) Configures differentiated services code point (DSCP) parameters for datagrams sent by the exporter. The DSCP range is from 0 to 63. The default is 0. |
| Step 6 |
source interface-id Example: |
(Optional) Specifies the local interface from which the exporter uses the IP address as the source IP address for exported datagrams. |
| Step 7 |
option {exporter-stats | interface-table | sampler-table} timeout seconds] Example: |
(Optional) Configures options data parameters for the exporter. You can configure all three options concurrently. The range for the timeout is 1 to 86400 seconds. The default is 600. |
| Step 8 |
export-protocol netflow-v9 Example: |
Configures export-protocol parameters for the exporter. |
| Step 9 |
template data timeout seconds Example: |
(Optional) Configures re-sending of templates based on a timeout. The range is 1 to 86400 seconds (86400 seconds equals 24 hours). The default is 600. |
| Step 10 |
transport udp udp-port Example: |
Specifies the UDP port on which the destination system is listening for exported datagrams. The range for udp-port is from 1 to 65536. |
| Step 11 |
ttl seconds Example: |
(Optional) Configures the time-to-live (TTL) value for datagrams sent by the exporter. The range is from 1 to 255 seconds. The default is 255. |
| Step 12 |
end Example: |
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Device(config)# flow exporter QoS-Collector
Device(config-flow-exporter)# description QoS Collector Bldg 19
Device(config-flow-exporter)# destination 172.20.244.28
Device(config-flow-exporter)# source vlan 1
Device(config-flow-exporter)# dscp 3
Device(config-flow-exporter)# transport udp 2055
Device(config-flow-exporter)# endConfiguring a Customized Flow Monitor.
The following steps are used to configure a NetFlow monitor.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 2 |
flow monitor monitor -name Example: |
Creates a flow monitor and enters Flexible NetFlow flow monitor configuration mode. You can also use this command to modify an existing flow monitor. |
||
| Step 3 |
description description Example: |
(Optional) Configures a description for the flow monitor. |
||
| Step 4 |
record {TestNetflowRecordName|TestRecord} Example: |
Specifies the record for the flow monitor. |
||
| Step 5 |
cache {timeout [active| inactive|update] (seconds) | type (normal)} Example: |
(Optional) Modifies the flow monitor cache parameters such as timeout values, number of cache entries, and the cache type.
|
||
| Step 6 |
cache {timeout [active| inactive|update] (seconds) | type (normal)} Example: |
Repeat step 5 to configure additional cache parameters for the flow monitor. |
||
| Step 7 |
exporter TestNetFlowExporterName Example: |
(Optional) Specifies the name of an exporter that was created previously. |
||
| Step 8 |
cache {timeout [active| inactive|update] (seconds) | type (normal)} Example: |
Repeat step 5 to configure additional cache parameters for the flow monitor. |
||
| Step 9 |
end Example: |
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Device(config)# flow monitor FLOW-MONITOR-1
Device(config-flow-monitor)# Used for ipv6 traffic analysis
Device(config-flow-monitor)# record FLOW-RECORD-1
Device(config-flow-monitor)# cache timeout active 300
Device(config-flow-monitor)# cache type normal
Device(config-flow-monitor)# exporter EXPORTER-1
Device(config-flow-monitor)# exitApply a flow monitor to an interface
The following are used to configure a NetFlow monitor to an interface.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 2 |
interface interface-id Example: |
Identifies an interface and enters interface configuration mode. Flexible Net Flow is supported only on the service module 1-Gigabit or 10-Gigabit Ethernet interfaces.
|
||
| Step 3 |
wlan ssid Example: |
Configures the flow monitor on WLAN. |
||
| Step 4 |
[ ip | ipv6 | datalink] flow monitor monitor -name sampler [sampler | input | output] Example: |
Activates a previously created flow monitor by assigning it to the interface to analyze incoming or outgoing traffic.
|
||
| Step 5 |
exit Example: |
Returns to global configuration mode. |
||
| Step 6 |
Repeat steps 2 and 3 Example: |
Configures additional cache parameters for the flow monitor. |
||
| Step 7 |
end Example: |
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Device(config)# interface tengigabitethernet 1/0/1
Device(config-if)# ip flow monitor FLOW-MONITOR-1 input
Device(config-if)# ip flow monitor FLOW-MONITOR-2 output
Device(config-if)# endThe following steps are used to configure and enable flow sampling.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
configure terminal Example: |
Enters global configuration mode. |
||
| Step 2 |
sampler sampler -name Example: |
Creates a flow monitor and enters Flexible NetFlow sampler configuration mode. You can also use this command to modify an existing sampler. |
||
| Step 3 |
description description Example: |
(Optional) Configures a description for the sampler. |
||
| Step 4 |
mode {deterministic|random} (<1-1> )out-of <2-1024> Example: |
Specifies the mode and window size from which to select packets. The window size range is from 2 to 1024.
|
||
| Step 5 |
end Example: |
Returns to global configuration mode. |
||
| Step 6 |
interface interface-id Example: |
Identifies an interface and enters interface configuration mode. |
||
| Step 7 |
wlan ssid Example: |
Configures to apply flow sampler on WLAN. |
||
| Step 8 |
{ip | ipv6 | datalink] flow monitor monitor-name sampler sampler-name {input | output} Example: |
Activates a previously created IPv4 or IPv6 flow monitor by assigning it to the interface to analyze traffic. |
||
| Step 9 |
end Example: |
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Device(config)# sampler SAMPLER-1
Device(config-sampler)# description Sample at 50
Device(config-sampler)# mode random 1 out-of 2
Device(config-sampler)# exit
Device(config)# interface tengigabitethernet 1/0/1
Device(config)# wlan test 1 test
Device(config-if)# ip flow monitor FLOW-MONITOR-1 sampler SAMPLE-1 inputHow to configure netflow v9 for IPv6.
| Command | Purpose |
|---|---|
|
show flow record |
Displays the status of the flow records. |
|
show flow ssid <ssid_name> |
Displays SSID interface information. |
|
show flow monitor {monitor name} {cache|provisioning|statistics} |
Displays the flow monitor information. |
|
show flow exporter exporter-name |
Displays the status of a flow exporter. |
|
show flow monitor monitor -name |
Displays the current status of a flow monitor. |
|
show flow interface interface-id |
Verifies that the Flexible NetFlow is configured on the interface. |
|
show flow monitor monitor -name cache format [csv | record | table} |
Displays data in the flow monitor cache. |
|
show sampler sampler -name |
Displays the current status of a flow sampler. |
| Command | Purpose |
|---|---|
|
show running-config flow record |
Displays the configured flow records. |
|
show running-config flow exporter exporter-name |
Verifies the configured flow exporter. |
|
show running-config flow monitor monitor -name |
Verifies the flow monitor configuration. |
| Related Topic | Document Title |
|---|---|
| IPv6 command reference | IPv6 Command Reference (Catalyst 3850 Switches) |
| Flexible NetFlow command reference | Cisco Flexible NetFlow Command Reference (Catalyst 3850 Switches) |
| Flexible NetFlow configuration | Cisco Flexible NetFlow Configuration Guide (Catalyst 3850 Switches) |
| Description | Link |
|---|---|
|
To help you research and resolve system error messages in this release, use the Error Message Decoder tool. |
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi |
| MIB | MIBs Link |
|---|---|
| All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
| Description | Link |
|---|---|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
|
Feature |
Release |
Modification |
|---|---|---|
|
IPv6 NetFlow Functionality |
Cisco IOS XE 3.2SE |
This feature was introduced. |
Feedback