- Book Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS In-Service Software Upgrade Process
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 6-E and 6L-E
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 7-E and 7L-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Auto SmartPort Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Bidirectional Forwarding Detection
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configurig MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring Wireshark
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Configuring OBFL
- Configuring SNMP
- Configuring Netflow-lite
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- Configuring MIB Support
- ROM Monitor
- Acronyms and Abbreviations
Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.3.0SG and IOS 15.1(1)SG
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- February 13, 2018
Chapter: Configuring Netflow-lite
Configuring NetFlow-lite
Note 
NetFlow-lite is only supported on the Catalyst 4948E and Catalyst 4948E-F Ethernet switches in IP Base or higher.
This chapter describes how to configure NetFlow-lite, which provides traffic monitoring capabilities similar to those provided through NetFlow.
The following topics are included:
•About NetFlow Packet Sampling
•Configuring NetFlow Packet Sampling
Note For complete syntax and usage information for the switch commands used in this chapter, first look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
Note VLAN monitors are not supported in Cisco IOS Release 15.0(2)SG.
Note Refer to the NetFlow Solutions Guide for more detailed information on NetFlow usage and management.
About NetFlow Packet Sampling
The NetFlow-lite feature is based on ingress packet sampling at a monitoring point that can be an interface on the switch. By exporting NetFlow sampled packets, it provides visibility into traffic that is switched through the device. The rate at which input packets are sampled is configurable and a wide range of sampling rates are supported. The sampled packets can be exported with NetFlow V9 or IPFIX format.
Feature Interaction
Feature interactions exists on three levels:
System-wide Restrictions
•WCCP output redirect is not supported when NetFlow-lite is configured on any interface.
•Configuring NetFlow-lite monitor on any interface causes Layer 3 Deny ACLs to not generate ICMP unreachable packets.
•Enabling NetFlow-lite monitoring reduces the available TCAM usage and packet forwarding bandwidth.
Interface-level Restrictions
•NetFlow-lite monitoring and ingress QoS policy cannot coexist on the same interface. QoS policy takes precedence over NetFlow-lite monitoring.
•NetFlow-lite monitoring and the WCCP Exclude feature cannot coexist on the same interface.
•NetFlow-lite and SPAN cannot coexist on the same interface. NetFlow-lite takes precedence over SPAN.
Monitor-level Restrictions
•Port channel with an aggregate bandwidth exceeding 20 Gigabit support the highest sampling rate of 1 in 64; those with an aggregate bandwidth exceeding 40 Gigabit support 1 in 128.
•When running PIM bidirectional mode, NetFlow-lite monitoring for multicast packets does not work when the RP or DF and any of the receivers are on the same VLAN.
Configuring NetFlow Packet Sampling
To configure the NetFlow-lite feature, complete the tasks in these sections:
•Configuring Information about the External Collector
•Configuring Sampling Parameters
•Activating Sampling on an Interface or VLAN
Configuring Information about the External Collector
To configure the external collector, perform this task:
Example
This example shows how configure the external collector and to verify the exporter configuration:
Switch# config terminal
Switch(config)# netflow-lite exporter exporter1
Switch(config-netflow-lite-exporter)# destination 5.5.5.6
Switch(config-netflow-lite-exporter)# source 5.5.5.5
Switch(config-netflow-lite-exporter)# transport udp 8188
Switch(config-netflow-lite-exporter)# ttl 128
Switch(config-netflow-lite-exporter)# cos 7
Switch(config-netflow-lite-exporter)# dscp 32
Switch(config-netflow-lite-exporter)# template data timeout 1
Switch(config-netflow-lite-exporter)# options sampler-table timeout 1
Switch(config-netflow-lite-exporter)# options interface-table timeout 1
Switch(config-netflow-lite-exporter)# export-protocol netflow-v9 Switch(config-netflow-lite-exporter)# exit
Switch(config)# exit
Switch# show netflow-lite exporter exporter1
Netflow-lite Exporter exporter1:
Network Protocol Configuration:
Destination IP address: 5.5.5.6
Source IP Address: 5.5.5.5
VRF label: none
DSCP: 0x20
TTL: 128
COS: 7
Transport Protocol Configuration:
Transport Protocol: UDP
Source Port: 50441
Destination Port: 8188
Destination Ports to Load-share: 1
Export Protocol Configuration:
Export Protocol: netflow-v9
Template data timeout: 1800
Options sampler-table timeout: 1800
Options interface-table timeout: 1800
Exporter Statistics:
Packets Exported: 56
Usage Guidelines
The collector's IP address and UDP port can be specified. Optionally a vrf label can be provided in which the collector is reachable. The exporter agent's address is specified as the source interface. We support either IPFIX or NetFlow V9 export.
The exporter's name can be specified when activating sampling at a monitor. This can be done in interface or VLAN mode. If no exporter is specified for a sampling instance, then no samples are exported.
The exporter submode also allows you to specify the refresh frequency for the NetFlow templates. Metadata about the NetFlow packet sampling process like sampler configuration parameters and SNMP interface table mapping can also be exported periodically to the collector.
Mandatory parameters for a minimal exporter configuration are the destination address of the collector, the source Layer 3 interface, and the UDP destination port of the collector.
The VRF label is ignored if the collector's address is IPv6. The default global routing table is used to route the IPv6 export packets to the collector.
The CoS CLI option is used to set the CoS value of VLAN tags for packet samples exported by fpga alone.
Configuring Sampling Parameters
This task configures packet and counter sampling parameters as reusable named entities.
To configure the NetFlow cache and enable switched IP flow collection, perform this task:
Example
This example shows how to configure sampling parameters and to display the sampler configuration:
Switch# config terminal
Switch(config)# netflow-lite sampler sampler1
Switch(config-netflow-lite-sampler)# packet-rate 32
Switch(config-netflow-lite-sampler)# packet-section size 128
Switch(config-netflow-lite-sampler)# packet-offset 16
Switch(config-netflow-lite-sampler)# exit
Switch(config)# exit
Switch#
Switch# show netflow-lite sampler sampler1
Netflow-lite Sampler sampler1:
Id : 1
Packet Sampling rate: 1 out of 32
Packet Section Size: 64 bytes
Packet offset: 16 bytes
You can verify your settings with the show netflow-lite sampler privileged EXEC command
Usage Guidelines
The packet sampling rate can range from 32 to 2^15 in powers of 2. To troubleshoot two 1 Gigabit ports, a rate of 1 is allowed. This is equivalent to rx span only. It cannot be configured on 10 Gigabit ports because the bandwidth demand for export will be too high.
Mandatory parameters are packet rate. A maximum of 2 x 1Gigabit ports can be configured with 1-in-1 sampling. The best packet sampling rate that can be configured on any 1 Gigabit or 10 Gigabit port is 1-in-32. Packet sampling rates can be configured in powers of 2 (like 1-in-64 and 1-in-128).
You can update a sampler at a target interface, but you cannot remove or unconfigure mandatory parameters.
All mandatory parameters must be present to validate a sampler. Any unspecified non-mandatory parameters take on default values.
Activating Sampling on an Interface or VLAN
This task defines a monitor instance on an interface or VLAN, identifying the sampler and exporter to use.
To activate sampling on an interface, perform this task:
To activate sampling on a VLAN, perform this task:
Examples
The following example shows how to configure a monitor on a port interface Gigabit 1/3:
Switch# config terminal
Switch(config)# int GigabitEthernet1/3
Switch(config-if)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# exit
Switch(config-if)# exit
Switch(config)# exit
Switch(config)#
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Active: TRUE
Sampler: sampler1
Exporter: exporter1
Average Packet Size: 0
Statistics:
Packets exported: 0
Packets observed: 0
Packets dropped: 0
Average Packet Size observed: 64
Average Packet Size used: 64
Similarly, you can configure a monitor on a VLAN in VLAN config mode:
Switch# config terminal
Switch(config)# vlan config 2
Switch(config-vlan-config)# netflow-lite monitor 1
Switch(config-netflow-lite-monitor)# average-packet-size 128
Switch(config-netflow-lite-monitor)# exporter exporter1
Switch(config-netflow-lite-monitor)# sampler sampler1
Switch(config-netflow-lite-monitor)# exit
Switch(config-vlan-config)# exit
Switch(config)#
Switch# show netflow-lite monitor 1 vlan 2
VlanID-2:
Netflow-lite Monitor-1:
Active: TRUE
Sampler: sampler1
Exporter: exporter1
Average Packet Size: 0
Statistics:
Packets exported: 0
Packets observed: 0
Packets dropped: 0
Average Packet Size observed: 64
Average Packet Size used: 64
You can verify your settings with the show policy-map privileged EXEC command.
Usage Guidelines
Only a single packet sampling instance is supported on a monitor. These commands are entered under the physical port interface mode, port channel interface, or config vlan mode. Monitor is not supported on other interfaces. If the physical port is a member of a port channel, applying the monitor to the port has no effect. Instead, the monitor must be applied to the port channel.
When configuring a monitor, the mandatory parameters are sampler and exporter. If no exporter is associated with a monitor, no samples are exported. If no sampler is specified, no input packet sampling occurs for that target interface.
The packet sampling mechanism tries to achieve random 1-in-N sampling. The accuracy of the algorithm is dependent on the size of the packets arriving at a given interface. To tune the relative accuracy of the algorithm, use the average-packet-size parameter. The whole system supports a maximum of 200 monitors.
The system automatically determines the average packet size at an interface based on observation of input traffic and uses that value in rate DBL sampling.
Valid range of packet sizes that can be used by the algorithm is 64 - 9216 bytes. A value of 0 is taken to mean that automatic determination of average packet size is desired.
The sampler and exporter must be valid for packet sampling. If any mandatory parameters are missing, a warning message indicating that sampler or exporter is invalid is displayed.
Display Commands
To view the configured value of the minimum mask, use the following commands for each aggregation scheme, as needed:
The following example shows how to displays information about a sampler:
Switch# show netflow-lite sampler low-rate
Netflow-lite Sampler low-rate:
Description: Sampler
Sampling rate: 1 out of 256
Packet Section Size: 64 bytes
Packet offset: 0 bytes
The following example shows how to display information about a particular packet and per monitor stats on a physical port:
Switch# show netflow-lite monitor 1 interface gi1/3
Interface GigabitEthernet1/3:
Netflow-lite Monitor-1:
Active: TRUE
Sampler: sampler1
Exporter: exporter1
Average Packet Size: 0
Statistics:
Packets exported: 0
Packets observed: 0
Packets dropped: 0
Average Packet Size observed: 64
Average Packet Size used: 64
The following example shows how to display information about a particular packet and per monitor stats on a VLAN:
Switch# show netflow-lite monitor 1 vlan 2
VlanID-2:
Netflow-lite Monitor-1:
Active: TRUE
Sampler: sampler1
Exporter: exporter1
Average Packet Size: 0
Statistics:
Packets exported: 0
Packets observed: 0
Packets dropped: 0
Average Packet Size observed: 64
Average Packet Size used: 64
The following example shows how to display the total number of export packets sent:
Switch# show netflow-lite e1
Netflow-lite Exporter e1:
Description: Exporter
Network Protocol Configuration:
Destination IP address: 192.168.1.1
VRF label: cisc
Source IP Address: 10.1.1.5
DSCP: 0x1
TTL: 30
COS: 1
Transport Protocol Configuration:
Transport Protocol: UDP
Destination Port: 1234
Source Port: 65535
Export Protocol Configuration:
Export Protocol: netflow-v9
Exporter Statistics:
Export packets sent: 36
Clear Commands
To clear statistics of a packet sampler at a monitor, use the following commands, as needed:
Feedback