Cisco Catalyst 3850 Series Configuration Manual
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release
3SE (Catalyst 3850 Switches)
First Published: January 29, 2013
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-28354-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
©
2013 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
CHAPTER 1
Preface v
Document Conventions v
Related Documentation vii
Obtaining Documentation and Submitting a Service Request vii
Using the Command-Line Interface 1
Information About Using the Command-Line Interface 1
Command Modes 1
Using the Help System 3
Understanding Abbreviated Commands 4
No and default Forms of Commands 4
CLI Error Messages 4
Configuration Logging 5
How to Use the CLI to Configure Features 5
Configuring the Command History 5
Changing the Command History Buffer Size 6
Recalling Commands 6
Disabling the Command History Feature 7
Enabling and Disabling Editing Features 7
Editing Commands through Keystrokes 8
Editing Command Lines That Wrap 10
Searching and Filtering Output of show and more Commands 11
Accessing the CLI on a Switch Stack 12
Accessing the CLI through a Console Connection or through Telnet 12
CHAPTER 2
Configuring Flexible NetFlow 15
Finding Feature Information 15
OL-28354-01 iii
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Contents
Prerequisites for Flexible NetFlow 15
Prerequisites for Wireless Flexible NetFlow 16
Restrictions for Flexible NetFlow 16
Information About Flexible NetFlow 17
Flexible NetFlow Overview 17
Wireless Flexible NetFlow Overview 18
Flow Records 19
Flexible NetFlow Match Parameters 19
Flexible NetFlow Collect Parameters 21
Exporters 22
Export Formats 23
Monitors 23
Samplers 24
Supported Flexible NetFlow Fields 24
Default Settings 28
How to Configure Flexible NetFlow 29
Creating a Flow Record 29
Creating a Flow Exporter 31
Creating a Flow Monitor 33
Creating a Sampler 35
Applying a Flow to an Interface 37
Configuring a Bridged NetFlow on a VLAN 38
Configuring Layer 2 NetFlow 39
Configuring WLAN to Apply Flow Monitor in Data Link Input/Output Direction 41
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction 42
Monitoring Flexible NetFlow 43
Configuration Examples for Flexible NetFlow 43
Example: Configuring a Flow 43
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction) 44
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN (Egress
Direction) 45
Example: Configuring IPv6 Flexible NetFlow in WLAN (Both Ingress and Egress
Directions) 45
Additional References 46
Feature Information for Flexible NetFlow 47
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
iv OL-28354-01
Preface
This book describes configuration information and examples for Flexible NetFlow on the switch.
• Document Conventions, page v
• Related Documentation, page vii
• Obtaining Documentation and Submitting a Service Request, page vii
Document Conventions
This document uses the following conventions:
DescriptionConvention
^ or Ctrl
Italic font
Courier font
...
|
Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard.
For example, the key combination ^D or Ctrl-D means that you hold
down the Control key while you press the D key. (Keys are indicated in
capital letters but are not case sensitive.)
Commands and keywords and user-entered text appear in bold font.bold font
Document titles, new or emphasized terms, and arguments for which you
supply values are in italic font.
Terminal sessions and information the system displays appear in courier
font.
Bold Courier font indicates text that the user must enter.Bold Courier font
Elements in square brackets are optional.[x]
An ellipsis (three consecutive nonbolded periods without spaces) after
a syntax element indicates that the element can be repeated.
A vertical line, called a pipe, indicates a choice within a set of keywords
or arguments.
OL-28354-01 v
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Document Conventions
Preface
DescriptionConvention
[x | y]
Optional alternative keywords are grouped in brackets and separated by
vertical bars.
{x | y}
Required alternative keywords are grouped in braces and separated by
vertical bars.
[x {y | z}]
Nested set of square brackets or braces indicate optional or required
choices within optional or required elements. Braces and a vertical bar
within square brackets indicate a required choice within an optional
element.
string
A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Nonprinting characters such as passwords are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
!, #
An exclamation point (!) or a pound sign (#) at the beginning of a line
of code indicates a comment line.
Reader Alert Conventions
This document uses the following conventions for reader alerts:
Note
Tip
Caution
Timesaver
Warning
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means the following information will help you solve a problem.
Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.
Means the described action saves time. You can save time by performing the action described in the
paragraph.
Means reader be warned. In this situation, you might perform an action that could result in bodily
injury.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
vi OL-28354-01
Preface
Related Documentation
Before installing or upgrading the switch, refer to the switch release notes.Note
• Cisco Catalyst 3850 Switch documentation, located at:
http://www.cisco.com/go/cat3850_docs
• Cisco SFP and SFP+ modules documentation, including compatibility matrixes, located at:
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
• Cisco Validated Designs documents, located at:
http://www.cisco.com/go/designzone
Related Documentation
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
OL-28354-01 vii
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Obtaining Documentation and Submitting a Service Request
Preface
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
viii OL-28354-01
CHAPTER 1
Using the Command-Line Interface
This chapter contains the following topics:
• Information About Using the Command-Line Interface, page 1
• How to Use the CLI to Configure Features, page 5
Information About Using the Command-Line Interface
This section describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch.
Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you depend
on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands
available for each command mode.
When you start a session using Telnet, SSH, or console on the switch, you begin in user mode, often called
user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example,
most of the user EXEC commands are one-time commands, such as show commands, which show the current
configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are
not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password
to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter
global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running configuration.
If you save the configuration, these commands are stored and used when the switch reboots. To access the
various configuration modes, you must start at global configuration mode. From global configuration mode,
you can enter interface configuration mode and line configuration mode.
This table describes the main command modes, how to access each one, the prompt you see in that mode, and
how to exit the mode.
OL-28354-01 1
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Command Modes
Using the Command-Line Interface
Table 1: Command Mode Summary
About This ModeExit MethodPromptAccess MethodMode
User EXEC
Privileged EXEC
Global
configuration
Begin a session
using Telnet, SSH,
or console.
While in user EXEC
mode, enter the
enable command.
While in privileged
EXEC mode, enter
the configure
command.
Switch>
Switch#
Switch(config)#
Enter logout or
quit.
Enter disable to
exit.
To exit to privileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
Use this mode to
• Change
terminal
settings.
• Perform basic
tests.
• Display
system
information.
Use this mode to
verify commands
that you have
entered. Use a
password to protect
access to this mode.
Use this mode to
configure
parameters that
apply to the entire
switch.
VLAN
configuration
Interface
configuration
While in global
configuration mode,
enter the vlan
vlan-id command.
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Switch(config-vlan)#
Switch(config-if)#
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to
configure VLAN
parameters. When
VTP mode is
transparent, you can
create
extended-range
VLANs (VLAN IDs
greater than 1005)
and save
configurations in the
switch startup
configuration file.
Use this mode to
configure
parameters for the
Ethernet ports.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
2 OL-28354-01
Using the Command-Line Interface
Using the Help System
About This ModeExit MethodPromptAccess MethodMode
Line configuration Use this mode to
Using the Help System
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command.
SUMMARY STEPS
help
1.
abbreviated-command-entry ?
2.
abbreviated-command-entry <Tab>
3.
?
4.
command ?
5.
command keyword ?
6.
While in global
configuration mode,
specify a line with
the line vty or line
console command.
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
configure
parameters for the
terminal line.
DETAILED STEPS
Step 1
Step 2
Step 3
help
Example:
Switch# help
abbreviated-command-entry ?
Example:
Switch# di?
dir disable disconnect
abbreviated-command-entry <Tab>
Example:
Switch# sh conf<tab>
Switch# show configuration
PurposeCommand or Action
Obtains a brief description of the help system in any
command mode.
Obtains a list of commands that begin with a particular
character string.
Completes a partial command name.
OL-28354-01 3
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Understanding Abbreviated Commands
Using the Command-Line Interface
PurposeCommand or Action
Step 4
Step 5
Step 6
?
Example:
Switch> ?
command ?
Example:
Switch> show ?
command keyword ?
Example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver
must keep this packet
Understanding Abbreviated Commands
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:
Lists all commands available for a particular command
mode.
Lists the associated keywords for a command.
Lists the associated arguments for a keyword.
Switch# show conf
No and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature or
function or reverse the action of a command. For example, the no shutdown interface configuration command
reverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled feature
or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the command
setting to its default. Most commands are disabled by default, so the default form is the same as the no form.
However, some commands are enabled by default and have variables set to certain default values. In these
cases, the default command enables the command and sets variables to their default values.
CLI Error Messages
This table lists some error messages that you might encounter while using the CLI to configure your switch.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
4 OL-28354-01
Using the Command-Line Interface
Table 2: Common CLI Error Messages
% Ambiguous command: "show
con"
You did not enter enough
characters for your switch to
recognize the command.
Configuration Logging
How to Get HelpMeaningError Message
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
% Incomplete command.
% Invalid input detected at
‘^’ marker.
Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change Logging
and Notification feature to track changes on a per-session and per-user basis. The logger tracks each
configuration command that is applied, the user who entered the command, the time that the command was
entered, and the parser return code for the command. This feature includes a mechanism for asynchronous
notification to registered applications whenever the configuration changes. You can choose to have the
notifications sent to the syslog.
You did not enter all the keywords
or values required by this
command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
Enter a question mark (?) to display
all the commands that are available
in this command mode.
The possible keywords that you can
enter with the command appear.
Only CLI or HTTP changes are logged.Note
How to Use the CLI to Configure Features
Configuring the Command History
The software provides a history or record of commands that you have entered. The command history feature
is particularly useful for recalling long or complex commands or entries, including access lists. You can
customize this feature to suit your needs.
OL-28354-01 5
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring the Command History
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a current
terminal session or for all sessions on a particular line. These procedures are optional.
SUMMARY STEPS
terminal history [size number-of-lines]
1.
history [size number-of-lines]
2.
DETAILED STEPS
Using the Command-Line Interface
PurposeCommand or Action
Step 1
Step 2
terminal history [size number-of-lines]
Example:
Switch# terminal history size 200
history [size number-of-lines]
Example:
Switch(config)# history size 200
Recalling Commands
SUMMARY STEPS
Changes the number of command lines that the switch records during
the current terminal session in the privileged EXEC mode. You can
configure the size from 0 through 256.
Configures the number of command lines the switch records for all
sessions on a particular line in the configuration mode. You can
configure the size from 0 through 256.
To recall commands from the history buffer, perform one of the actions listed in this table. These actions are
optional.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
Ctrl-P or use the up arrow key
1.
Ctrl-N or use the down arrow key
2.
show history
3.
DETAILED STEPS
Step 1
6 OL-28354-01
Ctrl-P or use the up arrow key
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
PurposeCommand or Action
Recalls commands in the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.
Using the Command-Line Interface
Enabling and Disabling Editing Features
PurposeCommand or Action
Step 2
Step 3
Ctrl-N or use the down arrow key
show history
Example:
Switch# show history
Disabling the Command History Feature
The command history feature is automatically enabled. You can disable it for the current terminal session or
for the command line. These procedures are optional.
SUMMARY STEPS
terminal no history
1.
no history
2.
DETAILED STEPS
Returns to more recent commands in the history buffer after recalling commands
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
Lists the last several commands that you just entered in privileged EXEC mode.
The number of commands that appear is controlled by the setting of the terminal
history global configuration command and the history line configuration
command.
Step 1
Step 2
terminal no history
Example:
Switch# terminal no history
no history
Example:
Switch(config)# no history
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, reenable it, or configure a
specific line to have enhanced editing. These procedures are optional.
PurposeCommand or Action
Disables the feature during the current terminal session in the
privileged EXEC mode.
Disables command history for the line in the configuration
mode.
OL-28354-01 7
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Enabling and Disabling Editing Features
SUMMARY STEPS
DETAILED STEPS
no editing
1.
terminal editing
2.
editing
3.
Using the Command-Line Interface
PurposeCommand or Action
Step 1
Example:
Switch(config)# no editing
Step 2
terminal editing
Example:
Switch# terminal editing
Step 3
Example:
Switch(config)# editing
Editing Commands through Keystrokes
The keystrokes help you to edit the command lines. These keystrokes are optional.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
Disables the enhanced editing mode.no editing
Reenables the enhanced editing mode for the current terminal
session in the privileged EXEC mode.
Reconfigures a specific line to have enhanced editing mode.editing
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
8 OL-28354-01
Using the Command-Line Interface
SUMMARY STEPS
Ctrl-B or use the left arrow key
1.
Ctrl-F or use the right arrow key
2.
Ctrl-A
3.
Ctrl-E
4.
Esc B
5.
Esc F
6.
Ctrl-T
7.
Ctrl-Y
8.
Esc Y
9.
Delete or Backspace key
10.
Ctrl-D
11.
Ctrl-K
12.
Ctrl-U or Ctrl-X
13.
Ctrl-W
14.
Esc D
15.
Esc C
16.
Esc L
17.
Esc U
18.
Ctrl-V or Esc Q
19.
Return key
20.
Space bar
21.
Ctrl-L or Ctrl-R
22.
Enabling and Disabling Editing Features
DETAILED STEPS
Step 1
key
Step 2
key
Step 3
Step 4
Step 5
Step 6
Step 7
Ctrl-T
Step 8
OL-28354-01 9
PurposeCommand or Action
Moves the cursor back one character.Ctrl-B or use the left arrow
Moves the cursor forward one character.Ctrl-F or use the right arrow
Moves the cursor to the beginning of the command line.Ctrl-A
Moves the cursor to the end of the command line.Ctrl-E
Moves the cursor back one word.Esc B
Moves the cursor forward one word.Esc F
Transposes the character to the left of the cursor with the character located
at the cursor.
Recalls the most recent entry in the buffer.Ctrl-Y
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Enabling and Disabling Editing Features
Using the Command-Line Interface
PurposeCommand or Action
Recall commands from the buffer and paste them in the command line. The
switch provides a buffer with the last ten items that you deleted.
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
Step 18
Step 19
Step 20
Ctrl-V or Esc Q
Return key
Recalls the next buffer entry.Esc Y
The buffer contains only the last 10 items that you have deleted or cut. If you
press Esc Y more than ten times, you cycle to the first buffer entry.
Erases the character to the left of the cursor.Delete or Backspace key
Deletes the character at the cursor.Ctrl-D
Deletes all characters from the cursor to the end of the command line.Ctrl-K
Deletes all characters from the cursor to the beginning of the command line.Ctrl-U or Ctrl-X
Deletes the word to the left of the cursor.Ctrl-W
Deletes from the cursor to the end of the word.Esc D
Capitalizes at the cursor.Esc C
Changes the word at the cursor to lowercase.Esc L
Capitalizes letters from the cursor to the end of the word.Esc U
Designates a particular keystroke as an executable command, perhaps as a
shortcut.
Scrolls down a line or screen on displays that are longer than the terminal
screen can display.
Note
The More prompt is used for any output that has more lines than can
be displayed on the terminal screen, including show command
output. You can use the Return and Space bar keystrokes whenever
you see the More prompt.
Step 21
Step 22
Ctrl-L or Ctrl-R
Editing Command Lines That Wrap
You can use a wraparound feature for commands that extend beyond a single line on the screen. When the
cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten
characters of the line, but you can scroll back and check the syntax at the beginning of the command. The
keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can
also press Ctrl-A to immediately move to the beginning of the line.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
10 OL-28354-01
Scrolls down one screen.Space bar
Redisplays the current command line if the switch suddenly sends a message
to your screen.
Loading...