Overview of Netflow
NetFlow is a Cisco IOS technology that provides statistics on packets flowing through the router. NetFlow is the standard for acquiring IP operational data from IP networks. NetFlow provides data to enable network and security monitoring, network planning, traffic analysis, and IP accounting.
The following features are supported for Netflow:
-
Netflow—IPv4 and IPv6 unicast flows
-
Netflow Export over IPv4 and IPv6 addresses
For information on understanding and configuring Netflow, see Flexible NetFlow Configuration Guide.
Prerequisites for Netflow Monitoring
-
Netflow Version 9 is the only default export format supported on the router.
-
To configure netflow and issue netflow commands, select the template
-
RSP2 —sdm prefer video.
Note
The template is chosen as video, and allows configuration of the netflow monitoring options.
-
Restrictions for Netflow Monitoring
-
Netflow ingress monitoring in not supported on mpls core interface.
-
Configuration of caches entries number is not supported.
-
L2VPN Flow monitor configured under Xconnect does not monitor the flows and cache is not updated.
-
Configuring netflow monitor under L2VPN Xconnect context (local connect) is not supported.
-
Netflow monitoring is only supported on the RSP2 module.
-
Netflow monitoring supports only the 7 keys—Source IP, Destination IP, Layer 3 protocol type, TOS, source port, destination port and input logical interface to identify or classify flows for both IPv4 and IPv6 unicast traffic. All other keys are not supported.
-
MPLS and BGP-based netflow is not supported.
-
Non-key fields supported are packets and bytes (collect counter packets and collect counter bytes)
-
Only routed ports (IP Ethernet, BDI) and EFP are supported.
-
EFP flow monitoring can be configured only after configuring bridge-domain on the EFP service instance.
-
Flow monitoring of multicast traffic is not supported.
-
Maximum of 16K flows can only be learnt due to FPGA limitations. Though, netflow supports 16K entries, flows monitored are lower due to hash collisions.
-
Netflow monitoring can account for a maximum of 1Gbps traffic rate in the system (with a minimum frame size of 100 bytes). The accounting is accurate only when the overall traffic monitored is within 1Gbps. This is due to FPGA limitations.
-
At interface level, MVPN/MLDP/SPAN/PBR feature cannot be enabled on the same interface with netflow configuration.
-
Permanent and aggregate flow caches are not supported due to FPGA limitations.
Configuration of caches entries number is not supported.
-
If BFD and netflow is enabled on the same interface, only the BFD ingress packets are monitored. BFD egress packet monitoring does not occur.
-
When ICMP (ping) and netflow is enabled on the same interface, only the ICMP ingress packets are monitored. ICMP egress packet monitoring does not occur.
-
At the global level, both netflow and PBR features use the same TCAM region for adding rules. The maximum size of the tunnel region is 2K. The scale of PBR feature may be reduced when netflow is enabled.
SDM template must be set as video (similar to PBR) using the sdm prefer video command.
When PBR and netflow is applied together on an interface, the order of operations is applicable. If PBR is applied first, netflow configuration will not work and vice-versa.
-
We recommend to remove netflow related commands before reverting to non-netflow-supported sdm template or image.
-
At the global level, SADT re-directs traffic towards FPGA. If SADT re-directs high volumes of traffic to FPGA, then netflow configuration may not work.
If SADT and netflow is enabled on the same interface, only the SADT ingress packets are monitored. SADT egress packet monitoring is not monitored.
-
When netflow and Ethernet loopback (ELB) is enabled on same interface, the netflow monitoring behavior is inconsistent for the data packets. Data packets are not monitored intermittently, and netflow and OSPF flaps are observed when ELB is enabled.
Note
We recommend you avoid enabling ELB and netflow together, since the results are unexpected and inconsistent.
-
Sampler is not supported due to FPGA limitations.
-
IP flow monitor should not be applied before assigning IP address.
When netflow and ACL configurations are applied together on routed interfaces in ingress direction, the denied packets are accounted in the netflow counters. When the same ACL and netflow combination configurations are applied on an EFP, the denied packets are not accounted in the netflow counters.
-
For clearing the flow status and cache, use the clear flow monitor statistics command and clear flow exporter statistics commands. Other clear commands shall not reset the entries.
-
Multiple flow monitors with the same traffic type and direction are not supported on an interface. Possible combinations supported on an interface at the same time are:
-
ip flow monitor input
-
ip flow monitor output
-
ipv6 flow monitor input
-
ipv6 flow monitor output
-
-
Maximum number of interfaces that support netflow monitoring at chassis level is 64.
-
Flow records are exported only when the flow expires due to active or inactive timer expiry. Due to FPGA limitations, the cache timeout granularity is 10 seconds.
-
Netflow version 9 format is used for flow information export. For exporting the netflow packets, only a single destination is supported under every flow exporter.
-
In the egress direction, even if only IPV4 traffic is enabled for netflow monitoring, both IPv4 and IPv6 traffic is forwarded to FPGA (and vice versa).
-
Netflow MIBs are not supported.
Information About Flexible Netflow
Flexible NetFlow Overview
Flexible NetFlow facilitates the creation of more complex configurations for traffic analysis and data export through the use of reusable configuration components.
NetFlow IPv4 Supported Fields
Field |
Key or Nonkey Field |
Definition |
---|---|---|
IPv4 Protocol |
Key |
Value in the IPv4 protocol field. |
IPv4 ToS |
Key |
Value in the type of service (ToS) field. |
IPv4 Source Address |
Key |
IPv4 source address. |
IPv4 Destination Address |
Key |
IPv4 destination address. |
Transport Source-port |
Key |
Value of the transport layer source port field. |
Transport Destination-port |
Key |
Value of the transport layer destination port field. |
Interface Input |
Key |
Interface on which the traffic is received. |
Counter Bytes |
Nonkey |
Number of bytes seen in the flow. |
Counter Packets |
Nonkey |
Number of packets seen in the flow. |
NetFlow IPv6 Supported Fields
Field |
Key or Nonkey Field |
Definition |
---|---|---|
IPv6 Traffic-class |
Key |
Value in the traffic class field. |
IPv6 Next-header |
Key |
Value in the next header field. |
IPv6 Source Address |
Key |
IPv6 source address. |
IPv6 Destination Address |
Key |
IPv6 destination address. |
Transport Source Port |
Key |
Value of the transport layer source port field. |
Transport Destination Port |
Key |
Value of the transport layer destination port field. |
Interface Input |
Key |
Interface on which the traffic is received. |
Counter Bytes |
Nonkey |
Number of bytes seen in the flow. |
Counter Packets |
Nonkey |
Number of packets seen in the flow. |
How to Configure Flexible Netflow
Workflow for Configuring Netflow Monitoring
Note |
The match interface should have input and output directions specified. If it is missing in any direction, the value of the direction is considered NULL. |
-
Define the flow record for IPv4 or IPv6 flows.
flow record TEST_IPV4_RECORD match ipv4 source address match ipv4 destination address match ipv4 protocol match interface input match interface output match transport source-port match transport destination-port match ipv4 tos collect counter packets collect counter bytes
flow record TEST_IPV6_RECORD match ipv6 source address match ipv6 destination address match ipv6 traffic-class match ipv6 next-header match transport source-port match transport destination-port match interface input match interface output collect counter packets collect counter bytes
-
Define the flow exporter to define the collector destination.
flow exporter TEST_EXPORTER destination 10.10.10.100 <<<<--- This can be an IPv4 or IPv6 reachable destinationS source Loopback1 dscp 23 ttl 7 transport udp 9999 template data timeout 60 <<<----- To refresh and send the v9 template to collector
-
Create the flow monitor to map the flow record and the flow exporter.
flow monitor TEST_IPV4_MONITOR exporter TEST_EXPORTER cache timeout inactive 20 cache timeout active 180 record TEST_IPV4_RECORD
flow monitor TEST_IPV6_MONITOR exporter TEST_EXPORTER cache timeout inactive 20 <<<<----- Timers to export packet to collector cache timeout active 180 record TEST_IPV6_RECORD
-
Attach the flow monitor to an interface.
interface GigabitEthernet 0/1/20/2 ip address 16.16.16.1 255.255.255.0 ip flow monitor TEST_IPV4_MONITOR input <<<<------ The above defined monitor in inbound and outbound directions ip flow monitor TEST_IPV4_MONITOR output negotiation auto ipv6 flow monitor TEST_IPV6_MONITOR input ipv6 flow monitor TEST_IPV6_MONITOR output ipv6 address 16:16:16::1/64 end
Displaying the Current Status of a Flow Record
Perform this optional task to display the current status of a flow record.
Procedure
Step 1 |
enable The enable command enters privileged EXEC mode (enter the password if prompted). Example:
|
Step 2 |
show flow record The show flow record command shows the current status of the flow monitor that you specify. Example:
|
Verifying the Flow Record Configuration
Perform this optional task to verify the configuration commands that you entered.
Procedure
Step 1 |
enable The enable command enters privileged EXEC mode (enter the password if prompted). Example:
|
Step 2 |
show running-config flow record The show running-config flow record command shows the configuration commands of the flow monitor that you specify. Example:
|
Displaying the Current Status of a Flow Monitor
Router# show flow monitor FLOW-MONITOR-1
Flow Monitor FLOW-MONITOR-1:
Description: User defined
Flow Record: TEST4
Flow Exporter: TEST4
Cache:
Type: normal (Platform cache)
Status: allocated
Size: 16384 entries
Inactive Timeout: 15 secs
Active Timeout: 1800 secs
Trans end aging: off
Configuration Examples for Flexible Netflow
Verifying Netflow Monitoring on IPv4 Routed Interfaces
Use these commands to verify netlfow monitoring on IPv4 routed interfaces.
-
show run interfaces
Router# #show run interfaces gigabitEthernet 0/0/4 Building configuration... Current configuration : 315 bytes ! interface GigabitEthernet0/0/4 ip address 192.168.1.1 255.255.255.0 ip flow monitor TEST_IPV4_MONITOR input negotiation auto ipv6 address 2001:192:168:1::1 ipv6 ospf 1 area 0 end Router# show flow interface GigabitEthernet 0/0/4 Interface GigabitEthernet0/0/4 FNF: monitor: TEST_IPV4_MONITOR direction: Input traffic(ip): on . . . !
-
show run flow monitor
Router# show run flow monitor TEST_IPV4_MONITOR Current configuration: ! flow monitor TEST_IPV4_MONITOR exporter TEST_EXPORTER cache timeout inactive 20 cache timeout active 180 record TEST_IPV4_RECORD ! Router# show run flow exporter TEST_EXPORTER Current configuration: ! flow exporter TEST_EXPORTER destination 10.10.10.100 source Loopback1 dscp 23 ttl 7 transport udp 9999 template data timeout 60 !
-
show run flow record
Router# show run flow record TEST_IPV4_RECORD Current configuration: ! flow record TEST_IPV4_RECORD match ipv4 source address match ipv4 destination address match ipv4 protocol match interface input match interface output match transport source-port match transport destination-port match ipv4 tos collect counter packets collect counter bytes
-
show flow monitor cache
Router# show flow monitor TEST_IPV4_MONITOR cache Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 2 Flows added: 0 Flows aged: 0 IPV4 SOURCE ADDRESS: 10.10.10.100 IPV4 DESTINATION ADDRESS: 192.168.1.3 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Gi0/0/4 INTERFACE OUTPUT: Gi0/0/4 IP TOS: 0x00 IP PROTOCOL: 6 counter bytes: 1440072700 counter packets: 1309157 IPV4 SOURCE ADDRESS: 10.10.10.101 IPV4 DESTINATION ADDRESS: 192.162.1.100 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Gi0/0/4 IP TOS: 0x00 IP PROTOCOL: 6 counter bytes: 1440072700 counter packets: 1309157 . . . ! Router# show flow monitor TEST_IPV4_MONITOR cache format csv Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 2 Flows added: 0 Flows aged: 0 IPV4 SRC ADDR,IPV4 DST ADDR,TRNS SRC PORT,TRNS DST PORT,INTF INPUT,IP TOS,IP PROT,bytes,pkts 10.10.10.100,192.168.1.3,0,0,Gi0/0/4,0x00,6,1478774000,1344340 10.10.10.101,192.162.1.100,0,0,Gi0/0/4,0x00,6,1478774000,1344340 . . . !
Verifying Netflow Monitoring on IPv6 Routed Interfaces
Use these commands to verify netflow monitoring on IPv6 routed interfaces.
-
show run interfaces
Router# #show run interfaces gigabitEthernet 0/0/4 Current configuration : 315 bytes ! interface GigabitEthernet0/0/4 ip address 192.168.1.3 255.255.255.0 negotiation auto ipv6 flow monitor TEST_IPV6_MONITOR input ipv6 address 2001:192:168:1::1 ipv6 ospf 1 area 0 end Router# show flow interface GigabitEthernet 0/0/4 Interface GigabitEthernet0/0/4 FNF: monitor: TEST_IPV6_MONITOR direction: Input traffic(ipv6): on . . .
-
show run flow monitor
Router# show run flow monitor TEST_IPV6_MONITOR Current configuration: ! flow monitor TEST_IPV6_MONITOR exporter TEST_EXPORTER cache timeout inactive 20 cache timeout active 180 record TEST_IPV6_RECORD ! Router# show run flow exporter TEST_EXPORTER Current configuration: ! flow exporter TEST_EXPORTER destination 10.10.10.100 source Loopback1 dscp 23 ttl 7 transport udp 9999 template data timeout 60 !
-
show run flow record
Router# show run flow record TEST_IPV6_RECORD Current configuration: ! flow record TEST_IPV6_RECORD match ipv6 source address match ipv6 destination address match ipv6 traffic-class match ipv6 next-header match transport source-port match transport destination-port match interface input match interface output collect counter packets collect counter bytes !
-
show flow monitor cache
Router# show flow monitor TEST_IPV6_MONITOR cache Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 2 Flows added: 0 Flows aged: 0 IPV6 NEXT HEADER: 59 IPV6 SOURCE ADDRESS: 2001:192:168:1::1 IPV6 DESTINATION ADDRESS: 2001:DB8::1 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Gi0/0/4 INTERFACE OUTPUT: Gi0/0/4 IP TOS: 0x03 counter bytes: 233697724 counter packets: 191242 IPV6 NEXT HEADER: 59 IPV6 SOURCE ADDRESS: 2001:192:168:1::2 IPV6 DESTINATION ADDRESS: 2001:DB8::2 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Gi0/0/4 IP TOS: 0x03 counter bytes: 233697724 counter packets: 191242 . . . ! Router# show flow monitor TEST_IPV6_MONITOR cache format csv Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 2 Flows added: 0 Flows aged: 0 IPV6 NEXT HEADER,IPV6 SRC ADDR,IPV6 DST ADDR,TRNS SRC PORT,TRNS DST PORT,INTF INPUT,IP TOS,bytes,pkts 59,2001:192:168:1::1,2001:DB8::1,0,0,Gi0/0/4,0x03,574518412,470146 59,2001:192:168:1::2,2001:DB8::2,0,0,Gi0/0/4,0x03,574518412,470146 . . . !
Verifying Netflow Monitoring for IPv4 traffic on EFP interfaces
Use these commands to verify netlfow monitoring for IPv4 traffic on EFP interfaces.
-
show run interfaces
Router# #show run interfaces gigabitEthernet 0/0/2 Building configuration... Current configuration : 8880 bytes ! interface GigabitEthernet0/0/2 no ip address negotiation auto service instance 151 ethernet encapsulation dot1q 151 rewrite ingress tag pop 1 symmetric bridge-domain 151 ip flow monitor fnf_151_v4_in input . . .
-
show run flow monitor
Router# show run flow monitor fnf_151_v4_in Current configuration: ! flow monitor fnf_151_v4_in exporter TEST6 record TEST6 ! Router# show run flow exporter TEST6 Current configuration: ! flow exporter TEST6 destination 10.10.10.100 source Loopback1 dscp 23 ttl 7 transport udp 9999 template data timeout 60 !
-
show run flow record
Router# show run flow record TEST6 Current configuration: ! flow record TEST6 match ipv4 source address match ipv4 destination address match ipv4 protocol match interface input match interface output match transport source-port match transport destination-port match ipv4 tos collect counter packets collect counter bytes !
-
show flow service instance id
Router# show flow service instance id 151 interface GigabitEthernet 0/0/2 FNF: monitor: fnf_151_v4_in direction: Input traffic(ip): on Router# show flow monitor fnf_151_v4_in cache Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 100 Flows added: 7900 Flows aged: 7800 - Immediate aged 7800 IPV4 SOURCE ADDRESS: 192.168.1.201 IPV4 DESTINATION ADDRESS: 192.168.1.100 TRNS SOURCE PORT: 4000 TRNS DESTINATION PORT: 5000 INTERFACE INPUT: Gi0/0/2 INTERFACE OUTPUT: Gi0/0/2 IP TOS: 0x00 IP PROTOCOL: 6 counter bytes: 1943500 counter packets: 3887 IPV4 SOURCE ADDRESS: 192.168.1.203 IPV4 DESTINATION ADDRESS: 192.168.1.100 TRNS SOURCE PORT: 4000 TRNS DESTINATION PORT: 5000 INTERFACE INPUT: Gi0/0/2 IP TOS: 0x00 IP PROTOCOL: 6 counter bytes: 1944500 counter packets: 3889 IPV4 SOURCE ADDRESS: 192.168.1.200 IPV4 DESTINATION ADDRESS: 192.168.1.100 TRNS SOURCE PORT: 4000 TRNS DESTINATION PORT: 5000 INTERFACE INPUT: Gi0/0/2 IP TOS: 0x00 IP PROTOCOL: 6 counter bytes: 1944500 counter packets: 3889 . . . ! Router# show flow monitor fnf_151_v4_in cache format csv Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 100 Flows added: 7900 Flows aged: 7800 - Immediate aged 7800 IPV4 SRC ADDR,IPV4 DST ADDR,TRNS SRC PORT,TRNS DST PORT,INTF INPUT,IP TOS,IP PROT,bytes,pkts 192.168.1.201,192.168.1.100,4000,5000,Gi0/0/2,0x00,6,243000,486 192.168.1.203,192.168.1.100,4000,5000,Gi0/0/2,0x00,6,243500,487 192.168.1.200,192.168.1.100,4000,5000,Gi0/0/2,0x00,6,244000,488 . . . !
Verifying Netflow Monitoring for IPv6 traffic on EFP interfaces
Use these commands to verify netlfow monitoring for IPv6 traffic on EFP interfaces.
-
show run interfaces
Router# #show run interfaces TenGigabitEthernet 0/5/0 Building configuration... Current configuration : 9710 bytes ! interface TenGigabitEthernet0/5/0 no ip address service instance 181 ethernet encapsulation dot1q 181 rewrite ingress tag pop 1 symmetric bridge-domain 181 ipv6 flow monitor fnf_181_v6_out output . . . ! Router# show flow service instance id 181 interface tenGigabitEthernet 0/5/0 FNF: monitor: fnf_181_v6_out direction: Output traffic(ipv6): on
-
show run flow monitor
Router# show run flow monitor fnf_181_v6_out Current configuration: ! flow monitor fnf_181_v6_out exporter IPV6_TEST6 record IPV6_TEST6 ! Router# show run flow record IPV6_TEST6 Current configuration: ! flow record IPV6_TEST6 match ipv6 source address match ipv6 destination address match ipv6 traffic-class match ipv6 next-header match transport source-port match transport destination-port match interface input match interface output collect counter packets collect counter bytes ! Router# show run flow exporter IPV6_TEST6 CCurrent configuration: ! flow exporter IPV6_TEST6 destination 10.10.10.100 template data timeout 60 ! Router# show flow monitor fnf_181_v6_out Flow Monitor fnf_181_v6_out: Description: User defined Flow Record: IPV6_TEST6 Flow Exporter: IPV6_TEST6 Cache: Type: normal (Platform cache) Status: allocated Size: 16384 entries Inactive Timeout: 15 secs Active Timeout: 1800 secs Trans end aging: off
-
show run flow record
Router# show run flow record IPV6_TEST6 flow record IPV6_TEST6: Description: User defined No. of users: 63 Total field space: 50 bytes Fields: match ipv6 traffic-class match ipv6 next-header match ipv6 source address match ipv6 destination address match transport source-port match transport destination-port match interface input match interface output collect counter bytes collect counter packets ! Router# show flow exporter IPV6_TEST6 Flow Exporter IPV6_TEST6: Description: User defined Export protocol: NetFlow Version 9 Transport Configuration: Destination IP address: 2001:DB8::1 Source IP address: 2001:192:168:1::1 Transport Protocol: UDP Destination Port: 9995 Source Port: 62241 DSCP: 0x0 TTL: 255 Output Features: Used
-
show flow service instance id
Router# show flow service instance id 181 interface tenGigabitEthernet 0/5/0 FNF: monitor: fnf_181_v6_out direction: Output traffic(ipv6): on Router# show flow monitor fnf_181_v6_out cache Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 100 Flows added: 8000 Flows aged: 7900 - Immediate aged 7900 IPV6 NEXT HEADER: 59 IPV6 SOURCE ADDRESS: 2001:192:168:1::1 IPV6 DESTINATION ADDRESS: 2001:DB8::1 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Te0/5/0 INTERFACE OUTPUT: Te0/5/0 IP TOS: 0x03 counter bytes: 16086455 counter packets: 48895 IPV6 NEXT HEADER: 59 IPV6 SOURCE ADDRESS: 2001:192:168:1::2 IPV6 DESTINATION ADDRESS: 2001:DB8::2 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Te0/5/0 IP TOS: 0x03 counter bytes: 16088429 counter packets: 48901 IPV6 NEXT HEADER: 59 IPV6 SOURCE ADDRESS: 2001:192:168:1::3 IPV6 DESTINATION ADDRESS: 2001:DB8::3 TRNS SOURCE PORT: 0 TRNS DESTINATION PORT: 0 INTERFACE INPUT: Te0/5/0 . . . ! Router# show flow monitor fnf_181_v6_out cache format csv Cache type: Normal (Platform cache) Cache size: 16384 Current entries: 100 Flows added: 8000 Flows aged: 7900 - Immediate aged 7900 IPV6 NEXT HEADER,IPV6 SRC ADDR,IPV6 DST ADDR,TRNS SRC PORT,TRNS DST PORT,INTF INPUT,IP TOS,bytes,pkts 59,2001:192:168:1::1,2001:DB8::1,0,0,Te0/5/0,0x03,16086455,48895 59,2001:192:168:1::2,2001:DB8::2,0,0,Te0/5/0,0x03,16088429,48901 59,2001:192:168:1::3,2001:DB8::3,0,0,Te0/5/0,0x03,16089087,48903 59,2001:192:168:1::4,2001:DB8::4,0,0,Te0/5/0,0x03,16089087,48903 59,2001:192:168:1::5,2001:DB8::5,0,0,Te0/5/0,0x03,16090074,48906 59,2001:192:168:1::6,2001:DB8::6,0,0,Te0/5/0,0x03,16091061,48909 . . . !
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
Flexible NetFlow conceptual information and configuration tasks |
Flexible NetFlow Configuration Guide |
Flexible NetFlow commands |
Cisco IOS Flexible NetFlow Command Reference |
Standards/RFCs
Standard |
Title |
---|---|
No new or modified standards/RFCs are supported by this feature. |
— |
MIBs
MIB |
MIBs Link |
---|---|
None |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |