Cisco NetFlow Configuration [Cisco NetFlow] - Cisco
![Cisco NetFlow Configuration [Cisco NetFlow] - Cisco](/img2/97/cisco-netflow-configuration.webp)
Cisco NetFlowConfiguration
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationBest Practice / Highlights NetFlow configuration varies slightly per hardware model Set active timeout to 1 minute: “ip flow-cache timeout active” is the time intervalNetFlow records are exported for long lived flows (e.g. large FTP transfer). 1 minute isrecommended and configuration is in minutes in IOS and seconds in MLS and NX-OS. Catalyst 6500/7600 require enabling NetFlow export within MSFC and PFC. The following command will capture NetFlow within the same VLAN for Catalyst6500/7600: ip flow ingress layer2-switched vlan {vlanlist} NetFlow is based on 7 key fields Source IP address Destination IP address Source port number Destination port number Layer 3 protocol type (ex. TCP, UDP) ToS (type of service) byte Input logical interfaceIf one field is different, a new flow is created in the flow cache. Enabled NetFlow on EVERY layer-3 interface for complete visibilityCisco Nexus 1000v NetFlowConfiguration It is best practice to use a NetFlow “source interface” that would never go down such as aloopback interface.Cisco ASR 9000 NetFlowConfiguration A “flow record” within Flexible NetFlow (that used in NX-OS) defines the keys that NetFlowuses to identify packets in the flow as well as other fields of interest that NetFlow gathersfor the flow.Appendix2
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixCisco IOS NetFlow Configuration GuideNetflow ConfigurationIn configuration mode issue the following to enable NetFlow Export:ip flow-export destination xe netflow collector IP address 2055ip flow-export source interface (e.g. use a Loopback interface)ip flow-export version 9 (if version 9 does not take, use version 5)ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistEnable NetFlow on each layer-3 interface you are interested in monitoring traffic for:interface interface ip flow ingressOptional:ip flow-export version 9 origin-as (to include BGP origin AS)ip flow-capture mac-addresses show ip cache verbose flowip flow-capture vlan-idNote: If your router is running a version of Cisco IOS prior to releases 12.2(14)S,12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlowon an interface. If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S,12.2(15)T, or later the ip flow ingress command is used to enable NetFlow on aninterface.Validate configuration:show ip cache flowshow ip flow exportshow ip flow interfaceshow ip flow export ios/netflow/configuration/guide/12 2sr/nf 12 2sr book.html3
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixCisco 6500 and 7600 Series IOS NetFlow Configuration GuideNative IOS Netflow Configuration:In configuration mode issue the following to enable NetFlow Export:mls nde sender version 5mls aging long 64mls aging normal 32mls nde interfacemls flow ip interface-fullip flow ingress layer2-switched vlan {vlanlist}ip flow-export destination xe netflow collector IP address 2055ip flow-export source interface (e.g. use a Loopback interface)ip flow-export version 9 (if version 9 does not take, use version 5)ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistEnable NetFlow on each layer-3 interface you are interested in monitoring traffic for:interface interface ip flow ingressOptional:ip flow-capture mac-addressesip flow-capture vlan-idHybrid / CatOS Netflow Configuration:set mls nde xe address 2055set mls nde version 5set mls agingtime long 64set mls agingtime 32set mls flow fullset mls bridged-flow-statistics enable vlanlist set mls nde enableValidate configuration:showshowshowshowip cache flowip flow exportip flow export templatemls rs/7600/ios/12.2SXF/configuration/guide/nde.html4
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixCatalyst 4500 Series Switch IOS NetFlow Configuration GuideTo use the NetFlow feature, you must have the Supervisor Engine V-10GE (the functionality isembedded in the supervisor engine), or the NetFlow Services Card (WS-F4531) and either aSupervisor Engine IV or a Supervisor Engine V.Verify Daughter Card:Switch# show module all. cut for brevity ModSubmoduleModelSerial No.HwStatus1.Netflow Services CardWS-F4531JAB062209CG0.2Ok2.Netflow Services CardWS-F4531JAB062209CG0.2OkNetflow ConfigurationIn configuration mode on the 4500 issue the following to enable NetFlow Export:ip flow ingressip flow ingress infer-fieldsip flow-export destination xe netflow collector IP address 2055ip flow-export source interface (e.g. use a Loopback interface)ip flow-export version 5ip flow-cache timeout active 1ip flow-cache timeout inactive 15snmp-server ifindex persistValidate configuration:show ip cache flowshow ip flow exportshow ip flow /guide/nfswitch.html5
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlow ConfigurationYour software release may not support all the features documented in this module.For the latest caveats and feature information, see Cisco Bug Search Tool and therelease notes for your platform and software release.1. Create a Flow Record (specify the fields to export)A flow record defines the information that NetFlow gathers, such as packets in the flow andthe types of counters gathered per flow. You specify a series of “match” and “collect”commands that tell the router which fields to include in the outgoing NetFlow PDU.Cisco 3850 NetFlowConfiguration GuideThe “match” fields are the “key” fields. They are used to determine the uniqueness of theflow. The “collect” fields are just extra info that to include to provide more detail to thecollector for reporting and analysis.Cisco 3560 & 3750NetFlow Configuration GuideThe fields marked with required below, are fields required for StealthWatch to accept andbuild a flow record.Cisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixsw3850(config)# flow record LANCOPE1sw3850(config-flow-record)# description NetFlow record format to send to StealthWatchsw3850(config-flow-record)# match datalink mac source address inputsw3850(config-flow-record)# match datalink mac destination address inputsw3850(config-flow-record)# match datalink vlan inputkey fieldsw3850(config-flow-record)# match ipv4 ttlkey field; provides pathing infosw3850(config-flow-record)# match ipv4 tosrequired; key fieldsw3850(config-flow-record)# match ipv4 protocolrequired; key fieldsw3850(config-flow-record)# match ipv4 source addressrequired; key fieldsw3850(config-flow-record)# match ipv4 destination addressrequired; key fieldsw3850(config-flow-record)# match transport source-portrequired; key fieldsw3850(config-flow-record)# match transport destination-portrequired; key fieldsw3850(config-flow-record)# match interface inputrequired; key fieldsw3850(config-flow-record)# collect interface outputrequired; used for computing bps ratessw3850(config-flow-record)# collect counter bytes longrequired; used for bps calculationsw3850(config-flow-record)# collect counter packets longrequired; used for pps calculationsw3850(config-flow-record)# collect timestamp absolute firstrequired; for calculating durationsw3850(config-flow-record)# collect timestamp absolute lastrequired; for duration6
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixCisco 3850 NetFlow Configuration2. Create a Flow Exporter (specify where/how NetFlow is to be sent)sw3850(config)#flow exporter NETFLOW TO on Export NetFlow to on fc collector IP address sw3850(config-flow-exporter)#source interface (e.g. use a Loopback)sw3850(config-flow-exporter)#transport udp 20553. Create a Flow Monitor (tie the Flow Record to the Flow Exporter)sw3850(config)#flow monitor IPv4 NETFLOWsw3850(config-flow-monitor)#record LANCOPE1sw3850(config-flow-monitor)#exporter NETFLOW TO STEALTHWATCHsw3850(config-flow-monitor)#cache timeout active 604. Assign Flow Monitor to selected interfacesRepeat this step on every interface you are interested in monitoring traffic for.sw3850(config)#interface interface (e.g. VLAN1 or g2/1)sw3850(config-if)#ip flow monitor IPv4 NETFLOW inputValidate configuration:show flow record LANCOPE1show flow monitor IPv4 NETFLOW statisticsshow flow monitor IPv4 NETFLOW tches/lan/catalyst3850/software/release/3.2 0 se/flexible netflow/commandreference/b fnf 32se 3850 cr chapter 010.html7
Cisco NetFlow ConfigurationBest Practice / HighlightsCisco IOS NetFlowConfiguration GuideCisco 6500 & 7600 NetFlowConfiguration GuideCatalyst 4500 NetFlowConfiguration GuideCisco 3850 NetFlowConfiguration GuideCisco 3560 & 3750NetFlow Configuration GuideCisco Nexus 7000 NetFlowConfigurationCisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 NetFlowConfigurationAppendixCisco 3560X & 3750X NetFlow ConfigurationYour software release may not support all the features documented in this module.For the latest caveats and feature information, see Cisco Bug Search Tool and therelease notes for your platform and software release.Flexible NetFlow is supported on Catalyst 3560-X and 3750-X (Cat3k-X) SeriesSwitches on the 10GE Service Module. Previously unsupported on the platform,the service module can enable hardware-supported, line-rate NetFlow on all trafficthat traverses the module.1. Create a Flow Record (specify the fields to export)A flow record defines the information that NetFlow gathers, such as packets in the flow andthe types of counters gathered per flow. You specify a series of “match” and “collect”commands that tell the router which fields to include in the outgoing NetFlow PDU.The “match” fields are the “key” fields. They are used to determine the uniqueness of theflow. The “collect” fields are just extra info that to include to provide s in the flow andthe types of counters gathered per flow. If you would like to build a custom flow record outsideof the predefined “netflow-original”, you would specify a series of “match” and “collect”commands that tell the router which fields to include in the outgoing NetFlow PDU.The “match” fields are the “key” fields. They are used to determine the uniqueness of the flow.The “collect” fields are just extra info that we include to provide more detail to the collector forreporting and analysis.You don’t want to modify the “match” fields much. The seven match entries shown belowshould always be included in your FnF config. The “collect” fields however can vary quite a bitdepending on how much info you want to send to the collector. The configuration listed below isrecommended for all StealthWatch installations.The fields marked with required below, are fields required for StealthWatch to accept and builda flow record.switch(config)#flow record LANCOPE1Cisco Nexus 1000v NetFlowConfigurationCisco ASR 9000 ord)#match ipv4 protocolrequired; key fieldswitch(config-flow-record)#match ipv4 source addressrequired; key fieldswitch(config-flow-record)#match ipv4 destination addressrequired; key fieldswitch(config-flow-record)#match transport source-portrequired; key fieldswitch(config-flow-record)#match transport destination-portrequired; key fieldswitch(config-flow-record)#match interface inputrequired; key fieldswitch(config-flow-record)#match ipv4 tosrequired; key fieldswitch(config-flow-record)#collect interface outputrequired; used for computing bps ratesswitch(config-flow-record)#collect counter bytesrequired; used for bps calculationswitch(config-flow-record)#collect counter packetsrequired; used for pps calculationswitch(config-flow-record)#collect timestamp sys-
Cisco 3560 & 3750 NetFlow Configuration Guide Cisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow Configuration Cisco ASR 9000 NetFlow Configuration Appendix. 8 Cisco NetFlow Configuration Cisco 3560X & 3750X NetFlow Configuration Your software release may not support all the features documented in this module.File Size: 2MB
Cisco 3560 & 3750 NetFlow Configuration Guide Cisco Nexus 7000 NetFlow Configuration Cisco Nexus 1000v NetFlow Configuration Cisco ASR 9000 NetFlow Configuration Appendix. 3 Cisco NetFlow Configuration Cisco IOS NetFlow Configuration Guide Netflow Configuration In configuration mode issue the following to enable NetFlow Export:
Configuring NetFlow on a Cisco 6500 Series Switch 148 Configuring NetFlow on a Cisco 6500 Series Switch 150 Configuring NetFlow on Cisco Routers 151 Contents NetFlow Configuration Guide, Cisco IOS Release 12.2SX viii . Configuring NetFlow on Cisco Routers 153 Configuring NetFlow Top Talkers 153
NetFlow Cisco Catalyst 6500 NetFlow Collector . Cisco NetFlow Support 20 2011 Lancope , Inc. . Cisco 2800 Cisco 7600 Cisco 1700 Cisco Catalyst 6500 Cisco ASR Cisco 3560/3750-X Cisco ASA Cisco ISR G2 Hardware Supported Cisco Catalyst 4500 . Wide Support for NetFlow Nortel Networks Junip
Example: Router enable Enteryourpasswordifprompted. configureterminal (Required)Entersglobalconfigurationmode. Example: Router# configure terminal Step 2 NetFlow Configuration Guide, Cisco IOS Release 15M&T 5 Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data How to Configure SNMP and use the NetFlow MIB to Monitor NetFlow Data
NetFlow-lite Aggregators and collectors can sit anywhere in the network, as long as L3 reachable NetFlow-lite Aggregators are transparent to NetFlow collector (NetFlow collectors receive aggregated flow data as if it's coming directly from the switch) NetFlow collector analyzes & correlates both NetFow and aggregated NetFlow-lite data
Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(3)E and Later (Catalyst 3750-X and 3560-X Switches) 3 Configuring Flexible NetFlow Information About Flexible Netflow . Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(3)E and Later (Catalyst 3750-X and 3560-X Switches) 17 Configur
Aside: Myths about NetFlow Generation 30 Myth #1: NetFlow impacts performance Hardware implemented NetFlow has no performance impact Software implementation is typically significantly 15% processing overhead Myth #2: NetFlow has bandwidth overhead NetFlow is a summary protocol Traffic overhead is typically significantly 1% of
The protein that is formed? Gene Expression DNA has many regions, some of them are coding regions – the genes which code for proteins, and other regions are non-coding regions which can switch the genes on or off and therefore determine if they will be expressed (if their protein will be produced) or not. Your cells have all of your genes but your cells don’t need to express all of these .
