Manufacturer: Cisco
Model(s): Catalyst 4500 Series
Version(s): IOS 12.X+ and IOS XE 3.3+
URLs:
- https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/nfswitch.html
- https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-9-0E/15-25E/configuration/guide/xe-390-configuration/fnf.html
Notes:
- To use the NetFlow feature, you must have the Supervisor Engine V-10GE (the functionality is embedded in the supervisor engine), or the NetFlow Services Card (WS-F4531) and either a Supervisor Engine IV or a Supervisor Engine V.
- If Using IOS XE software, additional collect/match fields/keys are available.
Configuration steps for Flexible NetFlow
- Create a Flow Record
configure terminal
flow record FLOW-RECORD
description NetFlow Recor
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect ipv4 dscp
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
exit
Additional fields available with IOS XE3.3.0 and newer software:
flow record FLOW-RECORD
match datalink mac destination-address
match datalink mac source-address
collect ipv4 tos
collect ipv4 ttl
exit
|
CLI command |
Description |
Flow record <name> |
Creates a flow record and enters flow record configuration mode. |
Description <string> |
Describes this flow record as a maximum 63-character string. |
Match <key> |
Specifies match keys. Plixer recommended keys are listed in the example above |
Collect <field> |
Specifies the collection field. Plixer recommended fields are listed in the example above. |
- Create a flow Exporter
configure terminal
flow exporter PLIXER-COLLECTOR
description Plixer flow collector
destination <IP of Plixer collector>
source <Interface>
transport udp 2055
exit
|
CLI command |
Description |
flow exporter <name> |
Creates a flow exporter and enters flow exporter configuration mode |
description <string> |
Describes this flow exporter as a maximum 63-character string |
destination <ip> |
IPv4 address of the Plixer collector. You can optionally configure the VRF to use to reach the NetFlow Collector. |
Source <interface> |
Specifies the interface to use when sending NetFlow exports. Make sure Plixer can query it using SNMP. |
transport udp <port> |
Specifies the UDP port to use to reach the NetFlow Collector. The range is from 0 to 65535. (2055 or 9995 are recommended) |
Template data timeout 5 |
- Create a Flow Monitor
configure terminal
flow monitor FLOW-COLLECTION
description Layer Flow Collection
record FLOW-RECORD
exporter PLIXER-COLLECTOR
cache timeout active 60
cache timeout inactive 15
|
CLI command |
Description |
flow monitor <name> |
Creates a flow monitor and enters flow monitor configuration mode |
description <string> |
Describes this flow monitor as a maximum 63-character string |
record <name> |
Associates a flow record with this flow monitor. |
exporter <name> |
Associates a flow exporter with this flow monitor. |
cache timeout <seconds> |
Sets the flow timeout length. Plixer recommends this be set to 60 seconds. |
- Apply a Flow Monitor to an interface or vlan
configure terminal
interface <interface> (or) (vlan configuration <interface>
ip flow monitor FLOW-COLLECTION input
|
CLI command |
Description |
Ip flow monitor <ipv4 |ipv6> input |
Associates an IPv4 or IPv6 flow monitor to the interface for input packets. |