- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Configuring a Supervisor Engine 32 PISA
- Configuring NSF with SSO Supervisor Engine Redundancy
- Configuring RPR Supervisor Engine Redundancy
- Configuring Interfaces
- Configuring Layer 2 Ethernet Interfaces
- Configuring Flex Links
- Configuring Layer 3 and Layer 2 EtherChannel
- Configuring VLAN Trunking Protocol (VTP)
- Configuring VLANs
- Configuring Private VLANs (PVLANs)
- Configuring Cisco IP Phone Support
- Configuring IEEE 802.1Q Tunneling
- Configuring Layer 2 Protocol Tunneling (L2PT)
- Configuring STP and MST
- Configuring STP Features
- Configuring Layer 3 Interfaces
- Configuring UDE and UDLR
- Configuring PFC3BXL and PFC3B Multiprotocol Label Switching (MPLS)
- Configuring IPv4 Multicast VPN Support
- Configuring IP Unicast Layer 3 Switching
- Configuring IPv6 Multicast Layer 3 Switching
- Configuring IPv4 Multicast Layer 3 Switching
- Configuring MLDv2 Snooping
- Configuring IGMP Snooping
- Configuring PIM Snooping
- Configuring Router-Port Group Management Protocol (RGMP)
- Configuring Network Security
- Understanding Cisco IOS ACL Support
- Configuring VLAN ACLs (VACLs)
- Configuring Denial of Service (DoS) Protection
- Configuring DHCP Snooping
- Configuring Dynamic ARP Inspection (DAI)
- Configuring Traffic-Storm Control
- Configuring Unknown Unicast and Multicast Flood Blocking
- Configuring PFC QoS
- Configuring PFC3BXL or PFC3B Mode MPLS QoS
- Configuring PFC QoS Statistics Data Export
- Configuring Network Admission Control (NAC)
- Configuring 802.1X Port-Based Authentication
- Configuring Port Security
- Configuring Cisco Discovery Protocol (CDP)
- Configuring UniDirectional Link Detection (UDLD)
- Configuring the NetFlow Table
- Configuring NetFlow Data Export (NDE)
- Configuring Local SPAN, Remote SPAN (RSPAN), and Encapsulated RSPAN
- Configuring SNMP IfIndex Persistence
- Power Management and Environmental Monitoring
- Configuring Online Diagnostics
- Configuring Top N Utility Reports
- Using the Layer 2 Traceroute Utility
- Online Diagnostic Tests
- Acronyms
Configuring NDE
This chapter describes how to configure NetFlow Data Export (NDE).
Note 
For complete syntax and usage information for the commands used in this chapter, refer to these publications:
•The Catalyst Supervisor Engine 32 PISA Cisco IOS Command Reference, Release 12.2ZY at this URL:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2ZY/command/reference/cmdref.html
•The Release 12.2 publications at this URL:
•NetFlow version 9 is supported—See this document:
Cisco IOS NetFlow Configuration Guide.
This chapter contains the following sections:
•NDE Configuration Guidelines and Restrictions
Understanding NDE
These sections describe how NetFlow Data Export (NDE) works:
NDE Overview
NetFlow collects traffic statistics by monitoring packets that flow through the switch and storing the statistics in the NetFlow table. For more information about NetFlow, see Chapter 47 "Configuring NetFlow."
NetFlow Data Export (NDE) converts the NetFlow table statistics into records and exports the records to an external device, which is called a NetFlow collector.
You can configure NDE to export statistics for both routed and bridged traffic.
You can export IP unicast statistics using NDE record format versions 5, 7 or 9. Use NDE version 8 record format for NetFlow aggregation, and version 9 record format for IP multicast.
Exporting a large volume of statistics can significantly impact SP and RP CPU utilization. You can control the volume of records exported by configuring NDE flow filters to include or exclude flows from the NDE export. When you configure a filter, NDE exports only the flows that match the filter criteria.
You can configure up to two external data collector addresses. A second data collector improves the probability of receiving complete NetFlow data by providing redundant data streams.
NDE on the PISA
NDE on the PISA exports statistics for flows routed in software. The PISA supports NetFlow aggregation, described in this document:
Cisco IOS NetFlow Configuration Guide.
The PISA also supports NetFlow ToS-based router aggregation, described in this document:
Cisco IOS NetFlow Configuration Guide.
NetFlow Sampling is supported on the PISA and is described in this document:
Cisco IOS NetFlow Configuration Guide.
NetFlow version 9 is supported and is described in this document:
Cisco IOS NetFlow Configuration Guide.
NetFlow version 9 record formats are described in this document:
Cisco IOS NetFlow Configuration Guide.
NDE on the PFC3B
NDE on the PFC3B exports statistics for flows routed or bridged in hardware. These sections describe NDE on the PFC3B in more detail:
NDE Flow Mask
You can configure the minimum NetFlow flow mask for NDE. The NetFlow flow mask determines the granularity of the statistics gathered, which controls the volume of statistics for NDE to export.
For more details about flow masks, refer to Chapter 47 "Configuring NetFlow".
Additional NDE Fields
You can configure NDE to populate the following additional fields in the NDE packets:
•IP address of the next hop router
•Egress interface SNMP ifIndex
•BGP AS
These fields are populated by the software looking up the FIB table entry before sending out the NDE record to the collector. Therefore, these fields are blank when you use the show command to display the hardware NetFlow table.
NDE Versions
NetFlow version 9 is supported and is described at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-2sx/cfg-nflow-data-expt.html
NDE exports statistics for NetFlow aggregation flows using NDE version 8. The following document describes the version 8 header format:
http://www.cisco.com/en/US/docs/ios/12_2/switch/configuration/guide/xcfnfov.html
NDE exports IP unicast traffic using NDE versions 5, 7 and 9.
Some fields in the flow records might not have values, depending on the current flow mask. Unsupported fields contain a zero (0).
Note With the WCCP Layer 2 redirect, the nexthop field and the output field might not contain accurate information for all NetFlows. Therefore, the destination interface for traffic returned from the web server has a client interface instead of the cache interface or the ANCS interface.
The following tables describe the supported fields for NDE versions 5 and 7:
•Table 46-1—Version 5 header format
•Table 46-2—Version 7 header format
•Table 46-3—Version 5 flow record format
•Table 46-4—Version 7 flow record format
NetFlow version 9 record formats are describedin this document:
Cisco IOS NetFlow Configuration Guide.
|
|
|
|
|
|||||
|---|---|---|---|---|---|---|---|---|
|
|
|
Source |
Source Interface |
|
Interface |
|||
0-3 |
srcaddr |
Source IP address |
|
|
|
|
|
|
4-7 |
dstaddr |
Destination IP address |
|
|
|
|
|
|
8-11 |
nexthop |
Next hop router's IP address1 |
|
|
|
|
|
|
12-13 |
input |
Ingress interface SNMP ifIndex |
|
|
|
|
|
|
14-15 |
output |
Egress interface SNMP ifIndex3 |
|
|
|
|
|
|
16-19 |
dPkts |
Packets in the flow |
|
|
|
|
|
|
20-23 |
dOctets |
Octets (bytes) in the flow |
|
|
|
|
|
|
24-27 |
first |
SysUptime at start of the flow (milliseconds) |
|
|
|
|
|
|
28-31 |
last |
SysUptime at the time the last packet of the flow was received (milliseconds) |
|
|
|
|
|
|
32-33 |
srcport |
Layer 4 source port number or equivalent |
|
|
|
|
|
|
34-35 |
dstport |
Layer 4 destination port number or equivalent |
|
|
|
|
|
|
36 |
pad1 |
Unused (zero) byte |
|
|
|
|
|
|
37 |
tcp_flags |
Cumulative OR of TCP flags5 |
|
|
|
|
|
|
38 |
prot |
Layer 4 protocol (for example, 6=TCP, 17=UDP) |
|
|
|
|
|
|
39 |
tos |
IP type-of-service byte |
|
|
|
|
|
|
40-41 |
src_as |
Autonomous system number of the source, either origin or peer |
|
|
|
|
|
|
42-43 |
dst_as |
Autonomous system number of the destination, either origin or peer |
|
|
|
|
|
|
44-45 |
src_mask |
Source address prefix mask bits |
|
|
|
|
|
|
46-47 |
dst_mask |
Destination address prefix mask bits |
|
|
|
|
|
|
48 |
pad2 |
Pad 2 |
|
|
|
|
|
|
1 Always zero when PBR, WCCP, or SLB is configured. 2 With the destination flow mask, the "Next hop router's IP address" field and the "Output interface's SNMP ifIndex" field might not contain information that is accurate for all flows. 3 Always zero when policy-based routing is configured. 4 In PFC3BXL or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5 Always zero for hardware-switched flows. 6 Populated in PFC3BXL or PFC3B mode. |
|
|
|
|
|
|||||
|---|---|---|---|---|---|---|---|---|
|
|
|
Source |
Source Interface |
|
Interface |
|||
0-3 |
srcaddr |
Source IP address |
|
|
|
|
|
|
4-7 |
dstaddr |
Destination IP address |
|
|
|
|
|
|
8-11 |
nexthop |
Next hop router's IP address1 |
|
|
|
|
|
|
12-13 |
input |
Ingress interface SNMP ifIndex |
|
|
|
|
|
|
14-15 |
output |
Egress interface SNMP ifIndex3 |
|
|
|
|
|
|
16-19 |
dPkts |
Packets in the flow |
|
|
|
|
|
|
20-23 |
dOctets |
Octets (bytes) in the flow |
|
|
|
|
|
|
24-27 |
First |
SysUptime at start of the flow (milliseconds) |
|
|
|
|
|
|
28-31 |
Last |
SysUptime at the time the last packet of the flow was received (milliseconds) |
|
|
|
|
|
|
32-33 |
srcport |
Layer 4 source port number or equivalent |
|
|
|
|
|
|
34-35 |
dstport |
Layer 4 destination port number or equivalent |
|
|
|
|
|
|
36 |
flags |
Flow mask in use |
|
|
|
|
|
|
37 |
tcp_flags |
Cumulative OR of TCP flags5 |
|
|
|
|
|
|
38 |
prot |
Layer 4 protocol (for example, 6=TCP, 17=UDP) |
|
|
|
|
|
|
39 |
tos |
IP type-of-service byte |
|
|
|
|
|
|
40-41 |
src_as |
Autonomous system number of the source, either origin or peer |
|
|
|
|
|
|
42-43 |
dst_as |
Autonomous system number of the destination, either origin or peer |
|
|
|
|
|
|
44 |
src_mask |
Source address prefix mask bits |
|
|
|
|
|
|
45 |
dst_mask |
Destination address prefix mask bits |
|
|
|
|
|
|
46-47 |
pad2 |
Pad 2 |
|
|
|
|
|
|
48-51 |
MLS RP |
IP address of MLS router |
|
|
|
|
|
|
1 Always zero when PBR, WCCP, or SLB is configured. 2 With the destination flow mask, the "Next hop router's IP address" field and the "Output interface's SNMP ifIndex" field might not contain information that is accurate for all flows. 3 Always zero when policy-based routing is configured. 4 In PFC3BXL or PFC3B mode, for ICMP traffic, contains the ICMP code and type values. 5 Always zero for hardware-switched flows. |
Exporting NetFlow Data
NetFlow maintains traffic statistics for each active flow in the NetFlow table and increments the statistics when packets within each flow are switched.
Periodically, NDE exports summarized traffic statistics for all expired flows, which the external data collector receives and processes.
Exported NetFlow data contains statistics for the flow entries in the NetFlow table that have expired since the last export. Flow entries in the NetFlow table expire and are flushed from the NetFlow table when one of the following conditions occurs:
•The entry ages out.
•The entry is cleared by the user.
•An interface goes down.
•Route flaps occur.
To ensure periodic reporting of continuously active flows, entries for continuously active flows expire at the end of the interval configured with the mls aging long command (default 32 minutes).
NDE packets go to the external data collector either when the number of recently expired flows reaches a predetermined maximum or after:
•30 seconds for version 5 export.
•10 seconds for version 9 export.
By default, all expired flows are exported unless they are filtered. If you configure a filter, NDE only exports expired and purged flows that match the filter criteria. NDE flow filters are stored in NVRAM and are not cleared when NDE is disabled. See the "Configuring NDE Flow Filters" section for NDE filter configuration procedures.
NetFlow Sampling
NetFlow sampling is used when you want to report statistics for a subset of the traffic flowing through your network. The Netflow statistics can be exported to an external collector for further analysis.
There are two types of NetFlow sampling; NetFlow traffic sampling and NetFlow flow sampling. The configuration steps for configuring MSFC-based NetFlow traffic sampling for traffic switched in the software path and PFC/DFC-based NetFlow flow sampling for traffic switched in the hardware path on a Cisco 6500 series switch use different commands because they are mutually independent features.
The following sections provide additional information on the two types of NetFlow sampling supported by Cisco 6500 series switches:
NetFlow Traffic Sampling
NetFlow traffic sampling provides NetFlow data for a subset of traffic forwarded by a Cisco router or switch by analyzing only one randomly selected packet out of n sequential packets (n is a user-configurable parameter) from the traffic that is processed by the router or switch. NetFlow traffic sampling is used on platforms that perform software-based NetFlow accounting, such as Cisco 7200 series routers and Cisco 6500 series MSFCs, to reduce the CPU overhead of running NetFlow by reducing the number of packets that are analyzed (sampled) by NetFlow. The reduction in the number of packets sampled by NetFlow on platforms that perform software based NetFlow accounting also reduces the number of packets that need to be exported to an external collector. Reducing the number of packets that need to be exported to an external collector by reducing the number of packets that are analyzed is useful when the volume of exported traffic created by analyzing every packet will overwhelm the collector, or result in an over-subscription of an outbound interface.
NetFlow traffic sampling and export for software-based NetFlow accounting behaves in the following manner:
•The flows are populated with statistics from a subset of the traffic that is seen by the router.
•The flows are expired.
•The statistics are exported.
On Cisco 6500 series switches, NetFlow traffic sampling is supported only on the MSFC for software switched packets. For more information on configuring NetFlow traffic sampling, see the Cisco IOS NetFlow Configuration Guide.
NetFlow Flow Sampling
NetFlow flow sampling does not limit the number of packets that are analyzed by NetFlow. NetFlow flow sampling is used to select a subset of the flows processed by the router for export. Therefore, NetFlow flow sampling is not a solution to reduce oversubscribed CPUs or oversubscribed hardware NetFlow table usage. NetFlow flow sampling can help reduce CPU usage by reducing the amount of data that is exported. Using NetFlow flow sampling to reduce the number of packets that need to be exported to an external collector by reporting statistics on only a subset of the flows is useful when the volume of exported traffic created by reporting statistics for all of the flows will overwhelm the collector, or result in an over-subscription of an outbound interface.
NetFlow flow sampling is available on Cisco Catalyst 6500 series switches for hardware-based NetFlow accounting on the PFCs and DFCs installed in the router.
NetFlow flow sampling and export for hardware-based NetFlow accounting behaves in the following manner:
•Packets arrive at the switch and flows are created/updated to reflect the traffic seen.
•The flows are expired.
•The flows are sampled to select a subset of flows for exporting.
•The statistics for the subset of flows that have been selected by the NetFlow flow sampler are exported.
Note When NetFlow flow sampling is enabled, aging schemes such as fast, normal, long aging are disabled.
You can configure NetFlow flow sampling to use time-based sampling or packet-based sampling. With either the full-interface or destination-source-interface flow masks, you can enable or disable NetFlow Flow Sampling on each Layer 3 interface.
Packet-based NetFlow Flow Sampling
Packet-based NetFlow flow sampling uses a sampling-rate in packets and an interval in milliseconds to select a subset (sample) of flows from the total number of flows processed by the router. The values for the sampling-rate are: 64, 128, 256, 512, 1024, 2048, 4096, 8192. The interval is a user-configurable value in the range 8000-16000 milliseconds. The default for the interval is 16000 milliseconds. The interval value replaces the aging schemes such as fast, normal, long aging for expiring flows from the cache. The command syntax for configuring packet-based NetFlow flow sampling is: mls sampling packet-based rate [interval].
Packet-based NetFlow flow sampling uses one of these two methods to select flows for sampling and export:
•The number of packets in the expired flow exceeds the sampling rate: If in a interval of X - where X is a value in the range of 8000-16000 (inclusive), a flow has a greater number of packets than the value configured for the sampling-rate, the flow is sampled (selected) and then exported.
•The number of packets in the expired flow is less than the sampling rate: If in a interval of X - where X is a value in the range of 8000-16000 (inclusive), a flow has a smaller number of packets than the value configured for the sampling-rate, the packet count for the flow is added to one of eight buckets based on the number of packets in the flow. The eight bucket sizes are 1/8th increments of the sampling rate. The packet count for a flow that contains a quantity of packets that is 0-1/8th of the sampling rate is assigned to the first bucket. The packet count for a flow that contains a quantity of packets that is 1/8th-2/8th of the sampling rate is assigned to the second bucket. And so on. When adding the packet count for a flow to a bucket causes the counter for the bucket to exceed the sampling rate, the last flow for which the counters were added to the bucket is sampled and exported. The bucket counter is changed to 0 and the process of increasing the bucket counter is started over. This method ensures that some flows for which the packet count never exceeds the sampling rate are selected for sampling and export.
Time-based Netflow Flow Sampling
Time-based Netflow flow sampling samples flows created in the first sampling time (in milliseconds) of the export interval time (in milliseconds). Each of the sampling rates that you can configure with the mls sampling time-based rate command has fixed values for the sampling time and export interval used by time-based NetFlow flow sampling. For example:
•If you configure a sampling rate of 64, NefFlow flow sampling selects flows created within the first 64 milliseconds (sampling time) of every 4096 millisecond export interval.
•If you configure a sampling rate of 2048, NefFlow flow sampling selects flows created within the first 4 milliseconds (sampling time) of every 8192 millisecond export interval.
Table 46-5 lists the sampling rates and export intervals for time-based NetFlow flow sampling.
Default NDE Configuration
Table 46-4 shows the default NDE configuration.
NDE Configuration Guidelines and Restrictions
When configuring NDE, follow these guidelines and restrictions:
•NDE supports IP multicast traffic only with NetFlow version 9.
•NetFlow aggregation must use NDE version 8 or version 9.
•NDE supports bridged IP traffic.
•NDE does not support Internetwork Packet Exchange (IPX) traffic or any other non-IP protocol.
Configuring NDE
These sections describe how to configure NDE:
•Enabling NDE for Ingress-Bridged IP Traffic
•Displaying the NDE Address and Port Configuration
•Displaying the NDE Configuration
Note•You must enable NetFlow on the PISA Layer 3 interfaces to support NDE on the PFC3B and NDE on the PISA.
•You must enable NDE on the PISA to support NDE on the PFC3B.
•When you configure NAT and NDE on an interface, the PFC3B sends all fragmented packets to the PISA to be processed in software. (CSCdz51590)
Configuring NDE on the PFC3B
These sections describe how to configure NDE on the PFC3B:
•Populating Additional NDE Fields
•Configuring NetFlow Flow Sampling
Enabling NDE From the PFC3B
To enable NDE from the PFC3B, perform this task:
|
|
|
|---|---|
Router(config)# mls nde sender [version {5 | 7}] |
Enables NDE from the PFC3B and (optionally) configures the NDE version. Do not use this command to enable version 9 records. Instead, use ip flow-export version 9, which is explained in the "Configuring NDE on the PISA" section |
Router(config)# no mls nde sender |
Disables NDE from the PFC3B. |
Router(config)# no mls nde sender version |
Reverts to the default (version 7). |
Note•NDE from the PFC3B uses the source interface configured for the PISA (see the "Configuring the PISA NDE Source Layer 3 Interface" section).
•NetFlow version 9 is supported and is described at this URL:
http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-2sx/cfg-nflow-data-expt.html
This example shows how to enable NDE from the PFC3B:
Router(config)# mls nde sender
This example shows how to enable NDE from the PFC3B and configure NDE version 5:
Router(config)# mls nde sender version 5
Populating Additional NDE Fields
You can configure NDE to populate the following additional fields in the NDE packets:
•IP address of the next hop router
•Egress interface SNMP ifIndex
•BGP AS
Not all of the additional fields are populated with all flow masks. See the "NDE Versions" section for additional information.
To populate the additional fields in NDE packets, perform this task:
|
|
|
|---|---|
Router(config)# mls nde interface |
Populates additional fields in NDE packets. |
Router(config)# no mls nde interface |
Disables population of the additional fields. |
This example shows how to populate the additional fields in NDE packets:
Router(config)# mls nde interface
Configuring NetFlow Flow Sampling
These sections describe how to configure NetFlow Flow Sampling on the PFC3B:
•Configuring NetFlow Flow Sampling Globally
•Configuring NetFlow Flow Sampling on a Layer 3 Interface
Configuring NetFlow Flow Sampling Globally
To configure NetFlow flow sampling globally, perform this task:
When you configure NetFlow flow sampling globally, note the following information:
•The valid values for rate are 64, 128, 256, 512, 1024, 2048, 4096, and 8192.
•The valid values for the packet-based export interval are from 8,000 through 16,000.
•With a PFC3, to export any data, you must also configure NetFlow flow sampling on a Layer 3 interface.
Configuring NetFlow Flow Sampling on a Layer 3 Interface
Note•With the full-interface or destination-source-interface flow masks, you can enable or disable NetFlow flow sampling on individual Layer 3 interfaces. With all other flow masks, NetFlow flow sampling is enabled or disabled globally.
•The Layer 3 interface must be configured with an IP address.
To configure NetFlow flow sampling on a Layer 3 interface, perform this task:
This example shows how to enable NetFlow flow sampling on Fast Ethernet port 5/12:
Router# configure terminal
Router(config)# interface fastethernet 5/12
Router(config-if)# mls netflow sampling
Router(config)# end
Router#
Configuring NDE on the PISA
These sections describe how to configure NDE on the PISA:
•Configuring the PISA NDE Source Layer 3 Interface
•Configuring the NDE Destination
Configuring the PISA NDE Source Layer 3 Interface
To configure the Layer 3 interface used as the source of the NDE packets containing statistics from the PISA, perform this task:
When configuring the PISA NDE source Layer 3 interface, note the following information:
•You must select an interface configured with an IP address.
•You can use a loopback interface.
This example shows how to configure a loopback interface as the NDE flow source:
Router(config)# ip flow-export source loopback 0
Router(config)#
Configuring the NDE Destination
To configure the destination IP address and UDP port to receive the NDE statistics, perform this task:
Note NetFlow Multiple Export Destinations:
•To configure redundant NDE data streams, which improves the probability of receiving complete NetFlow data, you can enter the ip flow-export destination command twice and configure a different destination IP address in each command.
•When you configure two destinations, the RP CPU utilization is increased because you are exporting the data records twice.
This example shows how to configure the NDE flow destination IP address and UDP port:
Router(config)# ip flow-export destination 172.20.52.37 200
Note The destination address and UDP port number are saved in NVRAM and are preserved if NDE is disabled and reenabled or if the switch is power cycled. If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number you configure is the same port number shown in the FlowCollector's /opt/csconfc/config/nfconfig.file file.
Configuring NetFlow Sampling
The PISA supports NetFlow sampling for software-routed traffic.
For additional information, see the following document:
Cisco IOS NetFlow Configuration Guide.
Enabling NDE for Ingress-Bridged IP Traffic
NDE supports ingress-bridged IP traffic.
Note To enable NetFlow for bridged IP traffic on a VLAN, you must create a corresponding VLAN interface, assign it an IP address, and enter the no shutdown command to bring up the interface.
NDE is enabled by default when you enable NetFlow on the VLAN. To disable NDE for ingress-bridged IP traffic in VLANs, perform this task:
This example shows how to enable NDE for ingress bridged IP traffic in VLAN 200:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip flow export layer2-switched vlan 200
Displaying the NDE Address and Port Configuration
To display the NDE address and port configuration, perform these tasks:
This example shows how to display the NDE export flow source IP address and UDP port configuration:
Router# show mls nde
Netflow Data Export enabled
Exporting flows to 10.34.12.245 (9999)
Exporting flows from 10.6.58.7 (55425)
Version: 7
Include Filter not configured
Exclude Filter is:
source: ip address 11.1.1.0, mask 255.255.255.0
Total Netflow Data Export Packets are:
49 packets, 0 no packets, 247 records
Total Netflow Data Export Send Errors:
IPWRITE_NO_FIB = 0
IPWRITE_ADJ_FAILED = 0
IPWRITE_PROCESS = 0
IPWRITE_ENQUEUE_FAILED = 0
IPWRITE_IPC_FAILED = 0
IPWRITE_OUTPUT_FAILED = 0
IPWRITE_MTU_FAILED = 0
IPWRITE_ENCAPFIX_FAILED = 0
Netflow Aggregation Enabled
source-prefix aggregation export is disabled
destination-prefix aggregation exporting flows to 10.34.12.245 (9999)
10.34.12.246 (9909)
exported 84 packets, 94 records
prefix aggregation export is disabled
Router#
This example shows how to display the NDE export flow IP address, UDP port, and the NDE source interface configuration:
Router# show ip flow export
Flow export is enabled
Exporting flows to 172.20.52.37 (200)
Exporting using source interface FastEthernet5/8
Version 1 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
Router#
Configuring NDE Flow Filters
These sections describe NDE flow filters:
•Configuring a Port Flow Filter
•Configuring a Host and Port Filter
•Configuring a Host Flow Filter
•Configuring a Protocol Flow Filter
NDE Flow Filter Overview
By default, all expired flows are exported until you configure a filter. After you configure a filter, only expired and purged flows matching the specified filter criteria are exported. Filter values are stored in NVRAM and are not cleared when NDE is disabled.
To display the configuration of the NDE flow filters you configure, use the show mls nde command described in the "Displaying the NDE Configuration" section.
Configuring a Port Flow Filter
To configure a destination or source port flow filter, perform this task:
This example shows how to configure a port flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to full):
Router(config)# mls nde flow include dest-port 23
Router(config)#
Configuring a Host and Port Filter
To configure a host and TCP/UDP port flow filter, perform this task:
This example shows how to configure a source host and destination TCP/UDP port flow filter so that only expired flows from host 171.69.194.140 to destination port 23 are exported (assuming the flow mask is set to ip-flow):
Router(config)# mls nde flow include source 171.69.194.140 255.255.255.255 dest-port 23
Configuring a Host Flow Filter
To configure a destination or source host flow filter, perform this task:
This example shows how to configure a host flow filter to export only flows to destination host 172.20.52.37:
Router(config)# mls nde flow include destination 172.20.52.37 255.255.255.225
Router(config)#
Configuring a Protocol Flow Filter
To configure a protocol flow filter, perform this task:
This example shows how to configure a TCP protocol flow filter so that only expired flows from destination port 35 are exported:
Router(config)# mls nde flow include protocol tcp dest-port 35
Router(config)#
To display the status of the NDE flow filters, use the show mls nde command described in the "Displaying the NDE Configuration" section.
Displaying the NDE Configuration
To display the NDE configuration, perform this task:
|
|
|
|---|---|
Router# show mls nde |
Displays the NDE configuration. |
This example shows how to display the NDE configuration:
Router# show mls nde
Netflow Data Export enabled
Exporting flows to 10.34.12.245 (9988) 10.34.12.245 (9999)
Exporting flows from 10.6.58.7 (57673)
Version: 7
Include Filter not configured
Exclude Filter not configured
Total Netflow Data Export Packets are:
508 packets, 0 no packets, 3985 records
Total Netflow Data Export Send Errors:
IPWRITE_NO_FIB = 0
IPWRITE_ADJ_FAILED = 0
IPWRITE_PROCESS = 0
IPWRITE_ENQUEUE_FAILED = 0
IPWRITE_IPC_FAILED = 0
IPWRITE_OUTPUT_FAILED = 0
IPWRITE_MTU_FAILED = 0
IPWRITE_ENCAPFIX_FAILED = 0
Netflow Aggregation Enabled
Router#
Feedback