Cisco Catalyst 4500 Supervisor Engine 7-E

The Cisco Catalyst 4500E is one of the latest kids on the block, so the age old question in our world is, “How do you configure NetFlow on this?”

Well, I was fortunate enough to be able to work with one of Cisco’s engineers on working the kinks out of the configuration, and getting the following working Flexible NetFlow configuration:

 

--------------------------------------------------------
flow record r1
     match ipv4 protocol
     match ipv4 source address
     match ipv4 destination address
     match transport source-port
     match transport destination-port
     match interface input
     collect routing forwarding-status
     collect transport tcp flags
     collect interface output
     collect counter bytes long
     collect counter packets long
     collect timestamp sys-uptime first
     collect timestamp sys-uptime last
!
!
flow exporter e1
     destination 10.10.20.2
     source VLAN1
     transport udp 9996
     template data timeout 60
!
!
flow exporter e2
     destination 10.10.30.2
     source VLAN1
     transport udp 9996
     template data timeout 60
!
!
flow monitor m1
     record r1
     exporter e1
     exporter e2
     cache timeout inactive 30
     cache timeout active 60
     cache entries 1000

--------------------------
vlan configuration 301
    ip flow monitor m1 input

or 

interface x/x
  ip flow monitor m1 input

--------------------------------------------------------

The Flow Record includes the key fields that you will be exporting — the ‘match’ statements, and the non-key fields in the flow record — the ‘collect’ statements.

The fields included in this Flow Record example are the basic fields to export to and report by a NetFlow collector and analyzer tool.  More information on other fields that can be added can be found on this Cisco 4500 FNF configuration page.

The Flow Exporter defines where and how to export to your NetFlow Collector.  As always with Flexible NetFlow, you can export flows to multiple collectors.  In our example, we have two Flow Exporters, ‘flow exporter e1’ and ‘flow exporter e2’.

The definitions in the Flow Exporter include ‘destination’ which is the IP Address of your NetFlow collector, ‘source’ which is the interface exporting the flows from the 4500, ‘transport’ (optional) which defines which udp port you are exporting to and the collector is listening on, and ‘template data timeout’ defines the frequency that flow templates are exported.

Flow Monitor brings the flow records and flow exporters together and adds your timeout values.  This provides for one command to set per interface.

Which brings us to the interface level, and at this level, you enter the configuration mode for the interface, and then add the ‘ip flow monitor m1 input’ command to enable FNF for that interface.

Once this configuration is completed, and your NetFlow collector is receiving flows from the 4500, your reporting options are endless.

 

Best in Class NetFlow reporting

 

Do you own Cisco 4500E’s and are you exporting FNF?  We would love to hear your comments.

Joanne Ghidoni author pic

Joanne Ghidoni

Joanne is a Software Quality Assurance Engineer at Plixer. She has also held positions as Technical Support Engineer and Sales Engineer since joining Plixer in 2005. Prior to joining Plixer, Joanne has had numerous positions in the IT field, including data entry, computer operator, PC coordinator and support, mainframe programmer, and also Technical Support and web programmer at Cabletron Systems. In her spare time, Joanne enjoys traveling, always seeking out new and interesting places to visit.

Related

Big Data

Sankey Flow Graph

Posted on - by Jeff Morrison

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply