- Preface
- Using the Command-Line Interface
- Using the Web Graphical User Interface
-
- Configuring the Switch for Access Point Discovery
- Configuring Data Encryption
- Configuring Retransmission Interval and Retry Count
- Configuring Adaptive Wireless Intrusion Prevention System
- Configuring Authentication for Access Points
- Converting Autonomous Access Points to Lightweight Mode
- Using Cisco Workgroup Bridges
- Configuring Probe Request Forwarding
- Optimizing RFID Tracking
- Configuring Country Codes
- Configuring Link Latency
- Configuring Power over Ethernet
-
- Preventing Unauthorized Access
- Controlling Switch Access with Passwords and Privilege Levels
- Configuring TACACS+
- Configuring RADIUS
- Configuring Kerberos
- Configuring Local Authentication and Authorization
- Configuring Secure Shell (SSH)
- Configuring Secure Socket Layer HTTP
- Configuring IPv4 ACLs
- Configuring IPv6 ACLs
- Configuring DHCP
- Configuring IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port-Based Traffic Control
- Configuring IPv6 First Hop Security
- Configuring Cisco TrustSec
- Configuring Wireless Guest Access
- Managing Rogue Devices
- Classifying Rogue Access Points
- Configuring wIPS
- Configuring Intrusion Detection System
-
- Administering the System
- Performing Switch Setup Configuration
- Configuring Right-To-Use Licenses
- Configuring Administrator Usernames and Passwords
- Configuring 802.11 parameters and Band Selection
- Configuring Aggressive Load Balancing
- Configuring Client Roaming
- Configuring Application Visibility and Control
- Configuring Voice and Video Parameters
- Configuring RFID Tag Tracking
- Configuring Location Settings
- Monitoring Flow Control
- Configuring SDM Templates
- Configuring System Message Logs
- Configuring Online Diagnostics
- Managing Configuration Files
- Configuration Replace and Configuration Rollback
- Working with the Flash File System
- Working with Cisco IOS XE Software Bundles
- Troubleshooting the Software Configuration
- Index
Configuring IPv6 NetFlow
Prerequisites For IPv6 Netflow
IPv6 Traffic
The networking device must be running a Cisco IOSd release that supports Cisco IOS Flexible NetFlow.Restrictions For IPv6 Netflow
The following restrictions apply to IPv6 Netflow configurations:
- Locally generated traffic (traffic that is generated by the router, Cisco WLC 5760, on which the Flexible NetFlow Output Accounting feature is configured) is not counted as flow traffic for the Output Flexible NetFlow Accounting feature.
- The Flexible NetFlow Output Accounting feature counts CEF-switched packets only. Process switched transit packets are not counted.
Information About IPv6 Netflow
NetFlow is a monitoring feature used on customer applications for network monitoring, user monitoring and profiling, network planning, security analysis, billing and accounting, and data warehousing and mining. You can use Flexible NetFlow on uplink ports to monitor user-defined flows, collect flow statistics, and perform per-flow policing. It collects and exports flow statistics to a collector device.
Note | Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image. |
Note | Not all of the Flexible NetFlow commands in the command reference are available on the switch. Unsupported commands are either not visible or generate an error message if entered. |
Understanding Flexible Netflow
With Flexible NetFlow, traffic is processed and packets are classified into flows. New flows are inserted in the NetFlow table, and statistics are automatically updated. You must configure both ingress and egress NetFlow monitoring. The network services module supports one monitor per interface per direction.
Flexible NetFlow consists of the following components:
Records— These are combinations of key and non-key fields assigned to monitor Flexible NetFlow monitors to define the cache used to store data.
Flow monitors— These are applied to interfaces to perform network traffic monitoring. A flow monitor includes a user-defined record, an optional flow exporter, and a cache that is automatically created when the monitor is applied to the first interface. The switch supports normal caches that age out according to settings.
Flow exporters— These export the data in the flow monitor cache to a remote system, such as a server running NetFlow collector.
Flow samplers— These reduce the load that Flexible NetFlow puts on the networking device to monitor traffic by limiting the number of packets that are analyzed.
You can configure unidirectional flow (destination or source-address based flows), and flow aging. The following features are supported on the network services module:
- Configuring collection statistics for Layer 2-switched (non-routing) traffic, Layer 3 (CAPWAP) IPv4 and IPv6 traffic, and Layer 4 TCP, IGMP, and ICMP traffic.
- NetFlow counting, maintenance, troubleshooting (debugging commands).
- NetFlow analysis is performed on traffic crossing the physical interfaces on the network services module. The switch processes egress (outbound) traffic after forwarding decisions are performed. Locally switched or routed traffic is forced through service module ports by configuring private VLANs or protected ports.
The following NetFlow characteristics are not supported:
Though other modules that can be installed in the switch have 1-Gigabit and 10-Gigabit uplink interfaces, NetFlow is supported only on the network services module.
IPv6 Netflow
Flexible Netflow (FNF) allows the user to define a flow record (a particular set of key, non-key, counter and time-stamp fields of interest) that is optimal for a particular application by selecting the fields from a big collection of pre-defined fields, using CLI configuration commands.
The collection of the pre-defined fields includes the following fields:
How To Configure IPv6 Netflow
Configuring a Customized Flow Record
You can match the following fields for the flow record:
- IPv4 or IPv6 destination address
- Datalink fields, to identify Layer 2 source and destination address and VLAN for traffic entering or leaving the interfaces, providing the MAC address of the directly connected host. Class of Service (CoS) and Ethertype datalink header fields are also available.
- Transport field source and destination ports, to identify the type of application: ICMP, IGMP, or TCP traffic.
You can collect the following fields for the flow record:
- The total number of bytes, flows or packets sent by the exporter (exporter) or the number of bytes or packets in a 64-bit counter (long). The timestamp based on system uptime from the time the first packet was sent or from the time the most recent (last) packet was seen.
- The SNMP index of the input or output interface. The interface for traffic entering or leaving the service module is based on the switch forwarding cache. This field is typically used in conjunction with datalink, IPv4, and IPv6 addresses, and provides the actual first-hop interface for directly connected hosts.
The following steps configure the customized flow record:
1.
configure terminal
2.
flow
record
recordname
3.
description
description
4.
match{ipv4 | ipv6}{destination | hop-limit | protocol | source | traffic-class|
version}
address
5.
match
datalink
[dot1q | ethertype | mac |
vlan]
6.
match
transport
[destination-port | icmp |
source-port]
7.
match
interface
[input |output]
8.
match
flow
direction
9.
collect
counter
{bytes [ layer2 | long] | packets [ long]}
10.
collect
timestamp
absolute
[first | last]
11.
collect
interface
[input | output]
12.
collect
transport
tcp
flags
{ack | cwr | ece | fin |
psh | rst | syn | urg}
13.
end
DETAILED STEPS
Switch(config)# flow record Switch(config-flow-record)# description record to monitor network traffic Switch(config-flow-record)# match ipv6 destination address Switch(config-flow-record)# match datalink [dot1q | ethertype | mac | vlan] Switch(config-flow-record)# match transport [destination-port | icmp |igmp | source-port] Switch(config-flow-record)# match interface input Switch(config-flow-record)# match flow direction Switch(config-flow-record)#collect counter bytes layer2 long Switch(config-flow-record)# collect timestamp absolute first Switch(config-flow-record)# collect interface [input | output] Switch(config-flow-record)# collect transport tcp flags ack Switch(config-flow-record)# end
Configuring the Flow Exporters
The following steps are used to configure the NetFlow exporter.
Note | The optional export-protocol flow exporter configuration command specifies the NetFlow export protocol used by the exporter. The switch supports only netflow-v9. Though visible in the CLI help, netflow-5 is not supported. |
1.
configure terminal
2.
flow exporter exporter-name
3.
description description
4.
destination {hostname | ip-address} vrf vrf-name
5.
dscp <0-63>
6.
source interface-id
7.
option {exporter-stats | interface-table | sampler-table} timeout seconds]
8.
export-protocolnetflow-v9
9.
template data timeout seconds
10.
transport udp udp-port
11.
ttl seconds
12.
end
DETAILED STEPS
Switch(config)# flow exporter QoS-Collector Switch(config-flow-exporter)# description QoS Collector Bldg 19 Switch(config-flow-exporter)# destination 172.20.244.28 Switch(config-flow-exporter)# source vlan 1 Switch(config-flow-exporter)# dscp 3 Switch(config-flow-exporter)# transport udp 2055 Switch(config-flow-exporter)# end
Configuring a Customized Flow Monitor.
Configuring a Customized Flow Monitor
The following steps are used to configure a NetFlow monitor.
1.
configure terminal
2.
flow
monitor
monitor
-name
3.
description
description
4.
record
{TestNetflowRecordName|TestRecord}
5.
cache
{timeout [active| inactive|update] (seconds) | type
(normal)}
6.
cache
{timeout [active|
inactive|update] (seconds) | type (normal)}
7.
exporter
TestNetFlowExporterName
8.
cache
{timeout [active|
inactive|update] (seconds) | type (normal)}
9.
end
DETAILED STEPS
Switch(config)# flow monitor FLOW-MONITOR-1 Switch(config-flow-monitor)# Used for ipv6 traffic analysis Switch(config-flow-monitor)# record FLOW-RECORD-1 Switch(config-flow-monitor)# cache timeout active 300 Switch(config-flow-monitor)# cache type normal Switch(config-flow-monitor)# exporter EXPORTER-1 Switch(config-flow-monitor)# exit
Apply a flow monitor to an interface
Applying a Flow Monitor to an Interface
The following are used to configure a NetFlow monitor to an interface.
1.
configure terminal
2.
interface interface-id
3.
wlan ssid
4.
[ ip | ipv6 | datalink] flow monitor monitor -name sampler [sampler | input | output]
5.
exit
6. Repeat steps 2 and 3
7.
end
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal
|
Enters global configuration mode. | ||
Step 2 | interface interface-id Example: Switch(config)# interface tengigabitEthernet 1/0/1
| Identifies an interface and enters interface configuration mode. Flexible Net Flow is supported only on the service module 1-Gigabit or 10-Gigabit Ethernet interfaces.
| ||
Step 3 | wlan ssid Example: Switch (config)# wlan test 1 test
| Configures the flow monitor on WLAN. | ||
Step 4 | [ ip | ipv6 | datalink] flow monitor monitor -name sampler [sampler | input | output] Example: Switch(config-if)# ipv6 flow monitor SampleMonitorName input
| Activates a previously created flow monitor by assigning it to the interface to analyze incoming or outgoing traffic.
| ||
Step 5 | exit Example: Switch(config-if)# exit Switch(config)# | Returns to global configuration mode. | ||
Step 6 | Repeat steps 2 and 3 Example: | Configures additional cache parameters for the flow monitor. | ||
Step 7 | end Example: Switch(config)# end
| Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Switch(config)# interface tengigabitethernet 1/0/1 Switch(config-if)# ip flow monitor FLOW-MONITOR-1 input Switch(config-if)# ip flow monitor FLOW-MONITOR-2 output Switch(config-if)# end
Configuring and Enabling Flow Sampling
The following steps are used to configure and enable flow sampling.
1.
configure terminal
2.
sampler sampler -name
3.
description description
4.
mode {deterministic|random} (<1-1> )out-of <2-1024>
5.
end
6.
interface interface-id
7.
wlan ssid
8.
{ip | ipv6 | datalink] flow monitor monitor-name sampler sampler-name {input | output}
9.
end
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
configure terminal Example: Switch# configure terminal
|
Enters global configuration mode. | ||
Step 2 |
sampler sampler -name Example: Switch(config)# sampler SampleNameForSAMPLER
|
Creates a flow monitor and enters Flexible NetFlow sampler configuration mode. You can also use this command to modify an existing sampler. | ||
Step 3 | description description Example: Switch(config-sampler)#description SamplerName_1
| (Optional) Configures a description for the sampler. | ||
Step 4 | mode {deterministic|random} (<1-1> )out-of <2-1024> Example: Switch(config-sampler)#mode random 1 out-of 2
| Specifies the mode and window size from which to select packets. The window size range is from 2 to 1024.
| ||
Step 5 | end Example: Switch(config-sampler)# end
| Returns to global configuration mode. | ||
Step 6 | interface interface-id Example: Switch(config)# interface tengigabitethernet 1/0/1
| Identifies an interface and enters interface configuration mode. | ||
Step 7 | wlan ssid Example: Switch(config)# wlan test 1 test
| Configures to apply flow sampler on WLAN. | ||
Step 8 | {ip | ipv6 | datalink] flow monitor monitor-name sampler sampler-name {input | output} Example: Switch(config-if)# ip flow monitor FLOW-MONITOR-1 sampler SAMPLE-1 input
| Activates a previously created IPv4 or IPv6 flow monitor by assigning it to the interface to analyze traffic. | ||
Step 9 | end Example: Switch(config)# end
| Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit global configuration mode. |
Switch(config)# sampler SAMPLER-1 Switch(config-sampler)# description Sample at 50 Switch(config-sampler)# mode random 1 out-of 2 Switch(config-sampler)# exit Switch(config)# interface tengigabitethernet 1/0/1 Switch(config)# wlan test 1 test Switch(config-if)# ip flow monitor FLOW-MONITOR-1 sampler SAMPLE-1 input
How to configure netflow v9 for IPv6.
Verifying IPv6 Netflow
Command | Purpose |
---|---|
show flow record |
Displays the status of the flow records. |
show flow ssid <ssid_name> |
Displays SSID interface information. |
show flow monitor {monitor name} {cache|provisioning|statistics} |
Displays the flow monitor information. |
show flow exporter exporter-name |
Displays the status of a flow exporter. |
show flow monitor monitor -name |
Displays the current status of a flow monitor. |
show flow interface interface-id |
Verifies that the Flexible NetFlow is configured on the interface. |
show flow monitor monitor -name cache format [csv | record | table} |
Displays data in the flow monitor cache. |
show sampler sampler -name |
Displays the current status of a flow sampler. |
Monitoring IPv6 Netflow
Command | Purpose |
---|---|
show running-config flow record |
Displays the configured flow records. |
show running-config flow exporter exporter-name |
Verifies the configured flow exporter. |
show running-config flow monitor monitor -name |
Verifies the flow monitor configuration. |
Additional References
Related Documents
Related Topic | Document Title |
---|---|
IPv6 command reference | IPv6 Command Reference (Catalyst 3650 Switches) |
Flexible NetFlow command reference | Cisco Flexible NetFlow Command Reference (Catalyst 3650 Switches) |
Flexible NetFlow configuration | Cisco Flexible NetFlow Configuration Guide (Catalyst 3650 Switches) |
Error Message Decoder
Description | Link |
---|---|
To help you research and resolve system error messages in this release, use the Error Message Decoder tool. |
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi |
MIBs
MIB | MIBs Link |
---|---|
All supported MIBs for this release. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description | Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for IPv6 NetFlow
Feature |
Release |
Modification |
---|---|---|
IPv6 NetFlow Functionality |
Cisco IOS XE 3.3SE |
This feature was introduced. |