- Preface
- Product Overview
- Command-line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Configuring the Cisco IOS In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring STP and MST
- Configuring Optional STP Features
- Configuring EtherChannels
- Configuring CDP
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring LLDP and LLDP-MED
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Flexible NetFlow
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Support for IPv6
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring System Message Logging
- Configuring OBFL
- Configuring SNMP
- Configuring Cisco IOS IP SLAs Operations
- Configuring RMON
- Configuring Call Home
- Performing Diagnostics
- ROM Monitor
- Configuring MIB Support
- Acronyms
- Index
Configuring Flexible NetFlow
Flow is defined as a unique set of key fields attributes, which might include fields of packet, packet routing attributes, and input and output interface information. A NetFlow feature defines a flow as a sequence of packets that have the same values for the feature key fields. Flexible Netflow (FNF) allows you to collect and optionally export a flow record that specifies various flow attributes. Netflow collection supports IP, IPv6 and Layer 2 traffic.
Note This chapter provides Catalyst 4500 switch specific information. For more information, refer to the URL:
http://www.cisco.com/en/US/products/ps6965/products_ios_protocol_option_home.html
The following items apply to the Catalyst 4500 series switch:
1. The Catalyst 4500 series switch supports ingress flow statistics collection for switched and routed packets; it does not support Flexible Netflow on egress traffic.
2. Supervisor Engine 7-E supports a 100,000 entry hardware flow table, which is shared across all the ports and VLANs on the switch. To limit the number of table entries on a given interface or VLAN, enter the cache entries number command.
The following example illustrates how to configure the flow monitor m1 cache to hold 1000 entries. With this configuration, interface gig 3/1 can create a maximum of 1000 flows and interface gig 3/2 can create a maximum of 1000 flows:
3. Flow collection is supported on multiple targets (Port, VLAN, per-port per-VLAN (FNF can be enabled on a specific VLAN on a given port)) and on a port-channel (FNF is configured on the port-channel interface, rather than individual member ports).
Note The switch does not support tunnels and SVI statistics.
4. 64 unique flow record configurations are supported.
5. Flow QoS/UBRL and FNF cannot be configured on the same target. (For information on Flow-based QoS, see the section Flow-based QoS.)
6. 14,000 unique IPv6 addresses can be monitored.
7. On a given target, one monitor per traffic type is allowed. However, you can configure multiple monitors on the same target for different traffic types.
For example, the following configuration is allowed:
The following configuration is not allowed:
8. On a given target monitoring Layer 2 and Layer 3, simultaneous traffic is not supported:
9. Selection of Layer 2 and Layer 3 packet fields in a single flow record definition is not allowed. However, packet COS and Layer 3 packet field selection is allowed.
10. Only permanent and normal flow cache types are supported.
11. Supervisor 7-E does not support predefined records like traditional routers (record neflow ipv4 original-input).
12. On VLAN interfaces, when you use the interface option with the Cos, Tos, TTL or Packet length options, the system displays inaccurate results for the interface input field.
13. The configuration of the flow exporter does not support the option output features.
14. Flow aging in flow cache is controlled through active and in-active timer configuration. The minimum for active and in-active aging timers is 5 seconds. The timers must be in units of 5 seconds.
Note Flows in the hardware table are deleted after 5 seconds of in-activity irrespective of the active or in-active timer configuration values. This allows you to create new hardware flows quickly.
15. First and Last-seen flow timestamp accuracy is within 3 seconds.
16. 2048 Flow monitors and records are supported.
- When TTL is configured as a flow field, the following values are reported for a given packet TTL value. Table 32-1 lists the packet TTL and reported values.
|
|
---|---|
- When packet length is configured as a flow field, the following values are reported for a given packet length value. Table 32-2 lists the packet length and reported values.
|
|
---|---|
The following table lists the options available through FNF and the supported fields.
|
|
|
---|---|---|
|
||
Indicator of an IPv4 multicast packet (0 - if it's not, 1 - if it is) |
||
Values are reported based on Table 32-2 . |
||
Values are reported based on Table 32-1 . |
||
|
||
Indicator of an IPv6 multicast packet (0 - if it's not, 1 - if it is) |
||
Values are reported based on Table 32-1 . |
||
IPv6 minimum hop limit value seen in the flow. It can be used as a non-key field only. |
||
IPv6 maximum hop limit value seen in the flow. It can be used as a non-key field only. |
||
Values are based on Table 32-2 . |
||
|
||
Forwarding status for the packet (forwarded, terminated in the router, dropped by ACL, RPF, CAR) |
||
|
||
Time-stamp of the first packet that is accounted in the flow (in milliseconds, starting from the router boot-up) |
||
Time-stamp of the last packet that is accounted in the flow (in milliseconds, starting from the router boot-up) |
Configuring Flow Monitor Cache Values
Setting active cache timeout to a small value may cause the flows to be exported more frequently to the remote collector. This also causes software to delete flows from the local cache after exporting. So, cache statistics reported by switch may not display the actual flows being monitored.