Example: biology

Cisco NetFlow Configuration [Cisco NetFlow] - Cisco

Cisco NetFlowConfiguration2 Cisco NetFlow ConfigurationBest Practice / Highlights NetFlow Configuration varies slightly per hardware model Set active timeout to 1 minute: ip flow-cache timeout active is the time interval NetFlow records are exported for long lived flows ( large FTP transfer). 1 minute is recommended and Configuration is in minutes in IOS and seconds in MLS and NX-OS. Catalyst 6500 /7600 require enabling NetFlow export within MSFC and PFC. The following command will capture NetFlow within the same VLAN for Catalyst 6500 /7600: ip flow ingress layer2-switched vlan {vlanlist} NetFlow is based on 7 key fields Source IP address Destination IP address Source port number Destination port number Layer 3 protocol type (ex.)

NetFlow records are exported for long lived flows (e.g. large FTP transfer). 1 minute is recommended and configuration is in minutes in IOS and seconds in MLS and NX-OS. • Catalyst 6500/7600 require enabling NetFlow export within MSFC and PFC. • The following command will capture NetFlow within the same VLAN for Catalyst

Fullscreen Download

Tags:

  Cisco, 6500, Catalysts, Catalyst 6500

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Cisco NetFlow Configuration [Cisco NetFlow] - Cisco

1 Cisco NetFlowConfiguration2 Cisco NetFlow ConfigurationBest Practice / Highlights NetFlow Configuration varies slightly per hardware model Set active timeout to 1 minute: ip flow-cache timeout active is the time interval NetFlow records are exported for long lived flows ( large FTP transfer). 1 minute is recommended and Configuration is in minutes in IOS and seconds in MLS and NX-OS. Catalyst 6500 /7600 require enabling NetFlow export within MSFC and PFC. The following command will capture NetFlow within the same VLAN for Catalyst 6500 /7600: ip flow ingress layer2-switched vlan {vlanlist} NetFlow is based on 7 key fields Source IP address Destination IP address Source port number Destination port number Layer 3 protocol type (ex.)

2 TCP, UDP) ToS (type of service) byte Input logical interface If one field is different, a new flow is created in the flow cache. Enabled NetFlow on EVERY layer-3 interface for complete visibility It is best practice to use a NetFlow source interface that would never go down such as a loopback interface. A flow record within Flexible NetFlow (that used in NX-OS) defines the keys that NetFlow uses to identify packets in the flow as well as other fields of interest that NetFlow gathers for the Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlow Configuration GuideCatalyst 4500 NetFlow Configuration GuideCisco 3850 NetFlow Configuration GuideCisco 3560 & 3750 NetFlow Configuration GuideCisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow ConfigurationCisco ASR 9000 NetFlow ConfigurationAppendixBest Practice / Highlights3 Cisco NetFlow ConfigurationCisco IOS NetFlow Configuration

3 GuideNetflow ConfigurationIn Configuration mode issue the following to enable NetFlow Export:ip flow-export destination <xe_netflow_collector_IP_address> 2055ip flow-export source <interface> ( use a Loopback interface)ip flow-export version 9 (if version 9 does not take, use version 5)ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistEnable NetFlow on each layer-3 interface you are interested in monitoring traffic for:interface <interface>ip flow ingressOptional:ip flow-export version 9 origin-as (to include BGP origin AS)ip flow-capture mac-addresses show ip cache verbose flowip flow-capture vlan-idNote: If your router is running a version of Cisco IOS prior to releases (14)S, (22)S, or (15)T the ip route-cache flow command is used to enable NetFlowon an interface.

4 If your router is running Cisco IOS release (14)S, (22)S, (15)T, or later the ip flow ingress command is used to enable NetFlow on Configuration :show ip cache flowshow ip flow exportshow ip flow interfaceshow ip flow export templateReference: Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlow Configuration GuideCatalyst 4500 NetFlow Configuration GuideCisco 3850 NetFlow Configuration GuideCisco 3560 & 3750 NetFlow Configuration GuideCisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow ConfigurationCisco ASR 9000 NetFlow ConfigurationAppendixCisco IOS NetFlowConfiguration Guide4 Cisco NetFlow ConfigurationCisco 6500 and 7600 Series IOS NetFlow Configuration GuideNative IOS NetFlow Configuration :In Configuration mode issue the following to enable NetFlow Export.

5 Mls nde sender version 5mls aging long 64mls aging normal 32mls nde interfacemls flow ip interface-fullip flow ingress layer2-switched vlan {vlanlist}ip flow-export destination <xe_netflow_collector_IP_address> 2055ip flow-export source <interface> ( use a Loopback interface)ip flow-export version 9 (if version 9 does not take, use version 5)ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistEnable NetFlow on each layer-3 interface you are interested in monitoring traffic for:interface <interface>ip flow ingressOptional:ip flow-capture mac-addressesip flow-capture vlan-idHybrid / CatOS NetFlow Configuration :set mls nde <xe_address> 2055set mls nde version 5set mls agingtime long 64set mls agingtime 32set mls flow fullset mls bridged-flow-statistics enable <vlanlist>set mls nde enableValidate Configuration :show ip cache flowshow ip flow exportshow ip flow export templateshow mls ndeReference.

6 Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlow Configuration GuideCatalyst 4500 NetFlow Configuration GuideCisco 3850 NetFlow Configuration GuideCisco 3560 & 3750 NetFlow Configuration GuideCisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow ConfigurationCisco ASR 9000 NetFlow ConfigurationAppendixCisco 6500 & 7600 NetFlow Configuration Guide5 Cisco NetFlow ConfigurationCatalyst 4500 Series Switch IOS NetFlow Configuration GuideTo use the NetFlow feature, you must have the Supervisor Engine V-10GE (the functionality is embedded in the supervisor engine), or the NetFlow Services Card (WS-F4531) and either a Supervisor Engine IV or a Supervisor Engine Daughter Card:Switch# show module all.

7 <cut for brevity> NetFlow ConfigurationIn Configuration mode on the 4500 issue the following to enable NetFlow Export:ip flow ingressip flow ingress infer-fieldsip flow-export destination <xe_netflow_collector_IP_address> 2055ip flow-export source <interface> ( use a Loopback interface)ip flow-export version 5ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistValidate Configuration :show ip cache flowshow ip flow exportshow ip flow interfaceReference: Services Services Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlow Configuration GuideCatalyst 4500 NetFlow Configuration GuideCisco 3850 NetFlow Configuration GuideCisco 3560 & 3750 NetFlow Configuration GuideCisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow ConfigurationCisco ASR 9000 NetFlow ConfigurationAppendixCatalyst 4500 NetFlow Configuration Guide6 Cisco NetFlow ConfigurationCisco 3850 NetFlow ConfigurationYour software release may not support all the features documented in this the latest caveats and

8 Feature information, see Cisco Bug Search Tool and therelease notes for your platform and software Create a Flow Record (specify the fields to export)A flow record defines the information that NetFlow gathers, such as packets in the flow andthe types of counters gathered per flow. You specify a series of match and collect commands that tell the router which fields to include in the outgoing NetFlow match fields are the key fields. They are used to determine the uniqueness of theflow. The collect fields are just extra info that to include to provide more detail to thecollector for reporting and fields marked with required below, are fields required for StealthWatch to accept andbuild a flow (config)# flow record LANCOPE1sw3850(config-flow-record)#descr iption NetFlow record format to send to StealthWatchsw3850(config-flow-record)#m atch datalink mac source address inputsw3850(config-flow-record)#match datalink mac destination address inputsw3850(config-flow-record)#match datalink vlan inputkey fieldsw3850(config-flow-record)

9 #match ipv4 ttlkey field; provides pathing infosw3850(config-flow-record)#match ipv4 tosrequired; key fieldsw3850(config-flow-record)#match ipv4 protocolrequired; key fieldsw3850(config-flow-record)#match ipv4 source addressrequired; key fieldsw3850(config-flow-record)#match ipv4 destination addressrequired; key fieldsw3850(config-flow-record)#match transport source-portrequired; key fieldsw3850(config-flow-record)#match transport destination-portrequired; key fieldsw3850(config-flow-record)#match interface inputrequired; key fieldsw3850(config-flow-record)#collect interface outputrequired; used for computing bps ratessw3850(config-flow-record)#collect counter bytes longrequired; used for bps calculationsw3850(config-flow-record)#co llect counter packets longrequired; used for pps calculationsw3850(config-flow-record)#co llect timestamp absolute firstrequired; for calculating durationsw3850(config-flow-record)#colle ct timestamp absolute lastrequired.

10 For durationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlow Configuration GuideCatalyst 4500 NetFlow Configuration GuideCisco 3850 NetFlow Configuration GuideCisco 3560 & 3750 NetFlow Configuration GuideCisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow ConfigurationCisco ASR 9000 NetFlow ConfigurationAppendixCisco 3850 NetFlow Configuration Guide7 Cisco NetFlow ConfigurationCisco 3850 NetFlow Configuration2. Create a Flow Exporter (specify where/how NetFlow )

Show more

Documents from same domain

Cisco Industrial Ethernet 4010 Series Switches Data …

Cisco Industrial Ethernet 4010 Series Switches Data

www.cisco.com

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 11 Data Sheet Cisco Industrial Ethernet 4010 Series Switches

  Data, Ethernet

Data Center Power and Cooling White Paper - …

Data Center Power and Cooling White Paper - …

www.cisco.com

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 22 White Paper Cisco Unified Computing System

  Cisco

Architecting the Network for the Cloud - cisco.com

Architecting the Network for the Cloud - cisco.com

www.cisco.com

WHITE PAPER Architecting the Network for the Cloud Sponsored by: Cisco Systems Lucinda Borovick Rohit Mehra January 2011 EXECUTIVE SUMMARY Cloud computing is now one of the prevailing IT trends as we head into the new

  Network, Cisco

Miercom Report: Dual-Band Wave 2 Access Points ...

Miercom Report: Dual-Band Wave 2 Access Points ...

www.cisco.com

Dual-Band Wave 2 Access Points Comparative Performance: Cisco Aironet 2800 and 3800 Aruba AP-335 DR160830 September 2016 Miercom www.miercom.com

  Cisco

TERMS OF SALE AND SOFTWARE LICENSE …

TERMS OF SALE AND SOFTWARE LICENSE …

www.cisco.com

TERMS OF SALE AND SOFTWARE LICENSE AGREEMENT-US 3 CISCO CONFIDENTIAL SALES_TERMS_OF_SALE.docx June 2017 Terms of Sale. Customer shall pay any taxes related to Products and Services provided

  Services, Customer

Help Partners Increase Deal Sizes and Customer …

Help Partners Increase Deal Sizes and Customer

www.cisco.com

Help Partners Increase Deal Sizes and Customer Satisfaction Cisco Solution Support 101 Service and Promotion Overview for Partner Sales Teams Greg Suhayda

  Customer

Cisco ASA with FirePOWER Services At-a-Glance

Cisco ASA with FirePOWER Services At-a-Glance

www.cisco.com

At a glance Cisco public Next steps To learn more about the Cisco ASA Firewall with FirePOWER Services, visit www.cisco. com/go/asafps. Meet the industry’s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new

  Cisco, Cisco asa

Cisco Identity Services Engine Ordering Guide

Cisco Identity Services Engine Ordering Guide

www.cisco.com

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 22 Cisco Identity Services Engine

  Services, Guide

Cisco Certification and Confidentiality Agreement …

Cisco Certification and Confidentiality Agreement …

www.cisco.com

Cisco Confidential Cisco Certifications and Confidentiality Agreement - Version 22 If you have been convicted of a crime that Cisco deems, in its sole discretion, in any way

  Confidentiality

Cisco IP Phone Portfolio Brochure

Cisco IP Phone Portfolio Brochure

www.cisco.com

Brochure 3 © 2018 Cisco and/or its affiliates. All rights reserved. Introduction Leading the Way in Collaboration Cisco® IP Phones empower your business with a new collaboration experience

  Collaboration

Related documents

show cable-diagnostics tdr - Cisco

show cable-diagnostics tdr - Cisco

www.cisco.com

Catalyst Supervisor Engine 32 PISA Cisco IOS Software Command Reference OL-11437-03 Chapter 2 Cisco IOS Commands for th e Catalyst 6500 Series Switches with the Supervisor Engine 32 PISA show catalyst6000 show catalyst6000 To display the information about the Catalyst 6500 series switch, use the show catalyst6000 command.

  Series, Cisco, 6500, Catalysts, Catalyst 6500 series, E catalyst 6500 series

Cisco CCNA notes -- Tech Note

Cisco CCNA notes -- Tech Note

www.kccommunications.com

6500 etc. use can CatOS or a Hybrid combination of IOS/CatOS on the switching processors and some have separate IOS on the layer-3 routing processors - fortunately, the CatOS is no longer required for CCNA . REMEMBER: VTP MODES on all Cisco Catalyst switches (flooded every 5mins & when ever there has been a change);

  Cisco, 6500, Catalysts, Cisco catalyst

Related search queries

Cisco, Catalyst, E Catalyst 6500 Series, Catalyst 6500 series, 6500, Cisco Catalyst