Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release
3SE (Catalyst 3850 Switches)
First Published: January 29, 2013
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-28354-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
©
2013 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
CHAPTER 1
Preface v
Document Conventions v
Related Documentation vii
Obtaining Documentation and Submitting a Service Request vii
Using the Command-Line Interface 1
Information About Using the Command-Line Interface 1
Command Modes 1
Using the Help System 3
Understanding Abbreviated Commands 4
No and default Forms of Commands 4
CLI Error Messages 4
Configuration Logging 5
How to Use the CLI to Configure Features 5
Configuring the Command History 5
Changing the Command History Buffer Size 6
Recalling Commands 6
Disabling the Command History Feature 7
Enabling and Disabling Editing Features 7
Editing Commands through Keystrokes 8
Editing Command Lines That Wrap 10
Searching and Filtering Output of show and more Commands 11
Accessing the CLI on a Switch Stack 12
Accessing the CLI through a Console Connection or through Telnet 12
CHAPTER 2
Configuring Flexible NetFlow 15
Finding Feature Information 15
OL-28354-01 iii
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Contents
Prerequisites for Flexible NetFlow 15
Prerequisites for Wireless Flexible NetFlow 16
Restrictions for Flexible NetFlow 16
Information About Flexible NetFlow 17
Flexible NetFlow Overview 17
Wireless Flexible NetFlow Overview 18
Flow Records 19
Flexible NetFlow Match Parameters 19
Flexible NetFlow Collect Parameters 21
Exporters 22
Export Formats 23
Monitors 23
Samplers 24
Supported Flexible NetFlow Fields 24
Default Settings 28
How to Configure Flexible NetFlow 29
Creating a Flow Record 29
Creating a Flow Exporter 31
Creating a Flow Monitor 33
Creating a Sampler 35
Applying a Flow to an Interface 37
Configuring a Bridged NetFlow on a VLAN 38
Configuring Layer 2 NetFlow 39
Configuring WLAN to Apply Flow Monitor in Data Link Input/Output Direction 41
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction 42
Monitoring Flexible NetFlow 43
Configuration Examples for Flexible NetFlow 43
Example: Configuring a Flow 43
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction) 44
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN (Egress
Direction) 45
Example: Configuring IPv6 Flexible NetFlow in WLAN (Both Ingress and Egress
Directions) 45
Additional References 46
Feature Information for Flexible NetFlow 47
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
iv OL-28354-01
Preface
This book describes configuration information and examples for Flexible NetFlow on the switch.
• Document Conventions, page v
• Related Documentation, page vii
• Obtaining Documentation and Submitting a Service Request, page vii
Document Conventions
This document uses the following conventions:
DescriptionConvention
^ or Ctrl
Italic font
Courier font
...
|
Both the ^ symbol and Ctrl represent the Control (Ctrl) key on a keyboard.
For example, the key combination ^D or Ctrl-D means that you hold
down the Control key while you press the D key. (Keys are indicated in
capital letters but are not case sensitive.)
Commands and keywords and user-entered text appear in bold font.bold font
Document titles, new or emphasized terms, and arguments for which you
supply values are in italic font.
Terminal sessions and information the system displays appear in courier
font.
Bold Courier font indicates text that the user must enter.Bold Courier font
Elements in square brackets are optional.[x]
An ellipsis (three consecutive nonbolded periods without spaces) after
a syntax element indicates that the element can be repeated.
A vertical line, called a pipe, indicates a choice within a set of keywords
or arguments.
OL-28354-01 v
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Document Conventions
Preface
DescriptionConvention
[x | y]
Optional alternative keywords are grouped in brackets and separated by
vertical bars.
{x | y}
Required alternative keywords are grouped in braces and separated by
vertical bars.
[x {y | z}]
Nested set of square brackets or braces indicate optional or required
choices within optional or required elements. Braces and a vertical bar
within square brackets indicate a required choice within an optional
element.
string
A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Nonprinting characters such as passwords are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
!, #
An exclamation point (!) or a pound sign (#) at the beginning of a line
of code indicates a comment line.
Reader Alert Conventions
This document uses the following conventions for reader alerts:
Note
Tip
Caution
Timesaver
Warning
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Means the following information will help you solve a problem.
Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.
Means the described action saves time. You can save time by performing the action described in the
paragraph.
Means reader be warned. In this situation, you might perform an action that could result in bodily
injury.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
vi OL-28354-01
Preface
Related Documentation
Before installing or upgrading the switch, refer to the switch release notes.Note
• Cisco Catalyst 3850 Switch documentation, located at:
http://www.cisco.com/go/cat3850_docs
• Cisco SFP and SFP+ modules documentation, including compatibility matrixes, located at:
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
• Cisco Validated Designs documents, located at:
http://www.cisco.com/go/designzone
Related Documentation
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
OL-28354-01 vii
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Obtaining Documentation and Submitting a Service Request
Preface
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
viii OL-28354-01
CHAPTER 1
Using the Command-Line Interface
This chapter contains the following topics:
• Information About Using the Command-Line Interface, page 1
• How to Use the CLI to Configure Features, page 5
Information About Using the Command-Line Interface
This section describes the Cisco IOS command-line interface (CLI) and how to use it to configure your switch.
Command Modes
The Cisco IOS user interface is divided into many different modes. The commands available to you depend
on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands
available for each command mode.
When you start a session using Telnet, SSH, or console on the switch, you begin in user mode, often called
user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example,
most of the user EXEC commands are one-time commands, such as show commands, which show the current
configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are
not saved when the switch reboots.
To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password
to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter
global configuration mode.
Using the configuration modes (global, interface, and line), you can make changes to the running configuration.
If you save the configuration, these commands are stored and used when the switch reboots. To access the
various configuration modes, you must start at global configuration mode. From global configuration mode,
you can enter interface configuration mode and line configuration mode.
This table describes the main command modes, how to access each one, the prompt you see in that mode, and
how to exit the mode.
OL-28354-01 1
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Command Modes
Using the Command-Line Interface
Table 1: Command Mode Summary
About This ModeExit MethodPromptAccess MethodMode
User EXEC
Privileged EXEC
Global
configuration
Begin a session
using Telnet, SSH,
or console.
While in user EXEC
mode, enter the
enable command.
While in privileged
EXEC mode, enter
the configure
command.
Switch>
Switch#
Switch(config)#
Enter logout or
quit.
Enter disable to
exit.
To exit to privileged
EXEC mode, enter
exit or end, or press
Ctrl-Z.
Use this mode to
• Change
terminal
settings.
• Perform basic
tests.
• Display
system
information.
Use this mode to
verify commands
that you have
entered. Use a
password to protect
access to this mode.
Use this mode to
configure
parameters that
apply to the entire
switch.
VLAN
configuration
Interface
configuration
While in global
configuration mode,
enter the vlan
vlan-id command.
While in global
configuration mode,
enter the interface
command (with a
specific interface).
Switch(config-vlan)#
Switch(config-if)#
To exit to global
configuration mode,
enter the exit
command.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
Use this mode to
configure VLAN
parameters. When
VTP mode is
transparent, you can
create
extended-range
VLANs (VLAN IDs
greater than 1005)
and save
configurations in the
switch startup
configuration file.
Use this mode to
configure
parameters for the
Ethernet ports.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
2 OL-28354-01
Using the Command-Line Interface
Using the Help System
About This ModeExit MethodPromptAccess MethodMode
Line configuration Use this mode to
Using the Help System
You can enter a question mark (?) at the system prompt to display a list of commands available for each
command mode. You can also obtain a list of associated keywords and arguments for any command.
SUMMARY STEPS
help
1.
abbreviated-command-entry ?
2.
abbreviated-command-entry <Tab>
3.
?
4.
command ?
5.
command keyword ?
6.
While in global
configuration mode,
specify a line with
the line vty or line
console command.
Switch(config-line)#
To exit to global
configuration mode,
enter exit.
To return to
privileged EXEC
mode, press Ctrl-Z
or enter end.
configure
parameters for the
terminal line.
DETAILED STEPS
Step 1
Step 2
Step 3
help
Example:
Switch# help
abbreviated-command-entry ?
Example:
Switch# di?
dir disable disconnect
abbreviated-command-entry <Tab>
Example:
Switch# sh conf<tab>
Switch# show configuration
PurposeCommand or Action
Obtains a brief description of the help system in any
command mode.
Obtains a list of commands that begin with a particular
character string.
Completes a partial command name.
OL-28354-01 3
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Understanding Abbreviated Commands
Using the Command-Line Interface
PurposeCommand or Action
Step 4
Step 5
Step 6
?
Example:
Switch> ?
command ?
Example:
Switch> show ?
command keyword ?
Example:
Switch(config)# cdp holdtime ?
<10-255> Length of time (in sec) that receiver
must keep this packet
Understanding Abbreviated Commands
You need to enter only enough characters for the switch to recognize the command as unique.
This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:
Lists all commands available for a particular command
mode.
Lists the associated keywords for a command.
Lists the associated arguments for a keyword.
Switch# show conf
No and default Forms of Commands
Almost every configuration command also has a no form. In general, use the no form to disable a feature or
function or reverse the action of a command. For example, the no shutdown interface configuration command
reverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled feature
or to enable a feature that is disabled by default.
Configuration commands can also have a default form. The default form of a command returns the command
setting to its default. Most commands are disabled by default, so the default form is the same as the no form.
However, some commands are enabled by default and have variables set to certain default values. In these
cases, the default command enables the command and sets variables to their default values.
CLI Error Messages
This table lists some error messages that you might encounter while using the CLI to configure your switch.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
4 OL-28354-01
Using the Command-Line Interface
Table 2: Common CLI Error Messages
% Ambiguous command: "show
con"
You did not enter enough
characters for your switch to
recognize the command.
Configuration Logging
How to Get HelpMeaningError Message
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
% Incomplete command.
% Invalid input detected at
‘^’ marker.
Configuration Logging
You can log and view changes to the switch configuration. You can use the Configuration Change Logging
and Notification feature to track changes on a per-session and per-user basis. The logger tracks each
configuration command that is applied, the user who entered the command, the time that the command was
entered, and the parser return code for the command. This feature includes a mechanism for asynchronous
notification to registered applications whenever the configuration changes. You can choose to have the
notifications sent to the syslog.
You did not enter all the keywords
or values required by this
command.
You entered the command
incorrectly. The caret (^) marks the
point of the error.
Reenter the command followed by
a question mark (?) with a space
between the command and the
question mark.
The possible keywords that you can
enter with the command appear.
Enter a question mark (?) to display
all the commands that are available
in this command mode.
The possible keywords that you can
enter with the command appear.
Only CLI or HTTP changes are logged.Note
How to Use the CLI to Configure Features
Configuring the Command History
The software provides a history or record of commands that you have entered. The command history feature
is particularly useful for recalling long or complex commands or entries, including access lists. You can
customize this feature to suit your needs.
OL-28354-01 5
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring the Command History
Changing the Command History Buffer Size
By default, the switch records ten command lines in its history buffer. You can alter this number for a current
terminal session or for all sessions on a particular line. These procedures are optional.
SUMMARY STEPS
terminal history [size number-of-lines]
1.
history [size number-of-lines]
2.
DETAILED STEPS
Using the Command-Line Interface
PurposeCommand or Action
Step 1
Step 2
terminal history [size number-of-lines]
Example:
Switch# terminal history size 200
history [size number-of-lines]
Example:
Switch(config)# history size 200
Recalling Commands
SUMMARY STEPS
Changes the number of command lines that the switch records during
the current terminal session in the privileged EXEC mode. You can
configure the size from 0 through 256.
Configures the number of command lines the switch records for all
sessions on a particular line in the configuration mode. You can
configure the size from 0 through 256.
To recall commands from the history buffer, perform one of the actions listed in this table. These actions are
optional.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
Ctrl-P or use the up arrow key
1.
Ctrl-N or use the down arrow key
2.
show history
3.
DETAILED STEPS
Step 1
6 OL-28354-01
Ctrl-P or use the up arrow key
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
PurposeCommand or Action
Recalls commands in the history buffer, beginning with the most recent command.
Repeat the key sequence to recall successively older commands.
Using the Command-Line Interface
Enabling and Disabling Editing Features
PurposeCommand or Action
Step 2
Step 3
Ctrl-N or use the down arrow key
show history
Example:
Switch# show history
Disabling the Command History Feature
The command history feature is automatically enabled. You can disable it for the current terminal session or
for the command line. These procedures are optional.
SUMMARY STEPS
terminal no history
1.
no history
2.
DETAILED STEPS
Returns to more recent commands in the history buffer after recalling commands
with Ctrl-P or the up arrow key. Repeat the key sequence to recall successively
more recent commands.
Lists the last several commands that you just entered in privileged EXEC mode.
The number of commands that appear is controlled by the setting of the terminal
history global configuration command and the history line configuration
command.
Step 1
Step 2
terminal no history
Example:
Switch# terminal no history
no history
Example:
Switch(config)# no history
Enabling and Disabling Editing Features
Although enhanced editing mode is automatically enabled, you can disable it, reenable it, or configure a
specific line to have enhanced editing. These procedures are optional.
PurposeCommand or Action
Disables the feature during the current terminal session in the
privileged EXEC mode.
Disables command history for the line in the configuration
mode.
OL-28354-01 7
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Enabling and Disabling Editing Features
SUMMARY STEPS
DETAILED STEPS
no editing
1.
terminal editing
2.
editing
3.
Using the Command-Line Interface
PurposeCommand or Action
Step 1
Example:
Switch(config)# no editing
Step 2
terminal editing
Example:
Switch# terminal editing
Step 3
Example:
Switch(config)# editing
Editing Commands through Keystrokes
The keystrokes help you to edit the command lines. These keystrokes are optional.
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
Disables the enhanced editing mode.no editing
Reenables the enhanced editing mode for the current terminal
session in the privileged EXEC mode.
Reconfigures a specific line to have enhanced editing mode.editing
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
8 OL-28354-01
Using the Command-Line Interface
SUMMARY STEPS
Ctrl-B or use the left arrow key
1.
Ctrl-F or use the right arrow key
2.
Ctrl-A
3.
Ctrl-E
4.
Esc B
5.
Esc F
6.
Ctrl-T
7.
Ctrl-Y
8.
Esc Y
9.
Delete or Backspace key
10.
Ctrl-D
11.
Ctrl-K
12.
Ctrl-U or Ctrl-X
13.
Ctrl-W
14.
Esc D
15.
Esc C
16.
Esc L
17.
Esc U
18.
Ctrl-V or Esc Q
19.
Return key
20.
Space bar
21.
Ctrl-L or Ctrl-R
22.
Enabling and Disabling Editing Features
DETAILED STEPS
Step 1
key
Step 2
key
Step 3
Step 4
Step 5
Step 6
Step 7
Ctrl-T
Step 8
OL-28354-01 9
PurposeCommand or Action
Moves the cursor back one character.Ctrl-B or use the left arrow
Moves the cursor forward one character.Ctrl-F or use the right arrow
Moves the cursor to the beginning of the command line.Ctrl-A
Moves the cursor to the end of the command line.Ctrl-E
Moves the cursor back one word.Esc B
Moves the cursor forward one word.Esc F
Transposes the character to the left of the cursor with the character located
at the cursor.
Recalls the most recent entry in the buffer.Ctrl-Y
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Enabling and Disabling Editing Features
Using the Command-Line Interface
PurposeCommand or Action
Recall commands from the buffer and paste them in the command line. The
switch provides a buffer with the last ten items that you deleted.
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
Step 18
Step 19
Step 20
Ctrl-V or Esc Q
Return key
Recalls the next buffer entry.Esc Y
The buffer contains only the last 10 items that you have deleted or cut. If you
press Esc Y more than ten times, you cycle to the first buffer entry.
Erases the character to the left of the cursor.Delete or Backspace key
Deletes the character at the cursor.Ctrl-D
Deletes all characters from the cursor to the end of the command line.Ctrl-K
Deletes all characters from the cursor to the beginning of the command line.Ctrl-U or Ctrl-X
Deletes the word to the left of the cursor.Ctrl-W
Deletes from the cursor to the end of the word.Esc D
Capitalizes at the cursor.Esc C
Changes the word at the cursor to lowercase.Esc L
Capitalizes letters from the cursor to the end of the word.Esc U
Designates a particular keystroke as an executable command, perhaps as a
shortcut.
Scrolls down a line or screen on displays that are longer than the terminal
screen can display.
Note
The More prompt is used for any output that has more lines than can
be displayed on the terminal screen, including show command
output. You can use the Return and Space bar keystrokes whenever
you see the More prompt.
Step 21
Step 22
Ctrl-L or Ctrl-R
Editing Command Lines That Wrap
You can use a wraparound feature for commands that extend beyond a single line on the screen. When the
cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten
characters of the line, but you can scroll back and check the syntax at the beginning of the command. The
keystroke actions are optional.
To scroll back to the beginning of the command entry, press Ctrl-B or the left arrow key repeatedly. You can
also press Ctrl-A to immediately move to the beginning of the line.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
10 OL-28354-01
Scrolls down one screen.Space bar
Redisplays the current command line if the switch suddenly sends a message
to your screen.
Using the Command-Line Interface
SUMMARY STEPS
DETAILED STEPS
Searching and Filtering Output of show and more Commands
The arrow keys function only on ANSI-compatible terminals such as VT100s.Note
The following example shows how to wrap a command line that extend beyond a single line on the screen.
access-list
1.
Ctrl-A
2.
Return key
3.
PurposeCommand or Action
Step 1
Step 2
Step 3
access-list
Example:
Switch(config)# access-list 101 permit tcp
10.15.22.25 255.255.255.0 10.15.22.35
Switch(config)# $ 101 permit tcp
10.15.22.25 255.255.255.0 10.15.22.35
255.25
Switch(config)# $t tcp 10.15.22.25
255.255.255.0 131.108.1.20 255.255.255.0
eq
Switch(config)# $15.22.25 255.255.255.0
10.15.22.35 255.255.255.0 eq 45
Example:
Switch(config)# access-list 101 permit tcp
10.15.22.25 255.255.255.0 10.15.2$
Displays the global configuration command entry that extends beyond
one line.
When the cursor first reaches the end of the line, the line is shifted ten
spaces to the left and redisplayed. The dollar sign ($) shows that the
line has been scrolled to the left. Each time the cursor reaches the end
of the line, the line is again shifted ten spaces to the left.
Checks the complete syntax.Ctrl-A
The dollar sign ($) appears at the end of the line to show that the line
has been scrolled to the right.
Execute the commands.Return key
The software assumes that you have a terminal screen that is 80 columns
wide. If you have a different width, use the terminal width privileged
EXEC command to set the width of your terminal.
Use line wrapping with the command history feature to recall and
modify previous complex command entries.
Searching and Filtering Output of show and more Commands
You can search and filter the output for show and more commands. This is useful when you need to sort
through large amounts of output or if you want to exclude output that you do not need to see. Using these
commands is optional.
OL-28354-01 11
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Accessing the CLI on a Switch Stack
SUMMARY STEPS
DETAILED STEPS
{show | more} command | {begin | include | exclude} regular-expression
1.
PurposeCommand or Action
Using the Command-Line Interface
Step 1
{show | more} command | {begin | include | exclude}
regular-expression
Example:
Switch# show interfaces | include protocol
Vlan1 is up, line protocol is up
Vlan10 is up, line protocol is down
GigabitEthernet1/0/1 is up, line protocol is down
GigabitEthernet1/0/2 is up, line protocol is up
Accessing the CLI on a Switch Stack
You can access the CLI through a console connection, through Telnet, or by using the browser.
You manage the switch stack and the stack member interfaces through the active switch. You cannot manage
stack members on an individual switch basis. You can connect to the active switch through the console port
or the Ethernet management port of one or more stack members. Be careful with using multiple CLI sessions
to the active switch. Commands that you enter in one session are not displayed in the other sessions. Therefore,
it is possible to lose track of the session from which you entered commands.
We recommend using one CLI session when managing the switch stack.Note
Searches and filters the output.
Expressions are case sensitive. For example, if you enter
| exclude output, the lines that contain output are not
displayed, but the lines that contain output appear.
If you want to configure a specific stack member port, you must include the stack member number in the CLI
command interface notation.
To debug a specific stack member, you can access it from the active switch by using the session
stack-member-number privileged EXEC command. The stack member number is appended to the system
prompt. For example, Switch-2# is the prompt in privileged EXEC mode for stack member 2, and where the
system prompt for the active switch is Switch. Only the show and debug commands are available in a CLI
session to a specific stack member.
Accessing the CLI through a Console Connection or through Telnet
Before you can access the CLI, you must connect a terminal or a PC to the switch console or connect a PC to
the Ethernet management port and then power on the switch, as described in the hardware installation guide
that shipped with your switch.
If your switch is already configured, you can access the CLI through a local console connection or through a
remote Telnet session, but your switch must first be configured for this type of access.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
12 OL-28354-01
Using the Command-Line Interface
You can use one of these methods to establish a connection with the switch:
• Connect the switch console port to a management station or dial-up modem, or connect the Ethernet
management port to a PC. For information about connecting to the console or Ethernet management
port, see the switch hardware installation guide.
• Use any Telnet TCP/IP or encrypted Secure Shell (SSH) package from a remote management station.
The switch must have network connectivity with the Telnet or SSH client, and the switch must have an
enable secret password configured.
After you connect through the console port, through the Ethernet management port, through a Telnet
session or through an SSH session, the user EXEC prompt appears on the management station.
Accessing the CLI on a Switch Stack
• The switch supports up to 16 simultaneous Telnet sessions. Changes made by one Telnet user are
reflected in all other Telnet sessions.
• The switch supports up to five simultaneous secure SSH sessions.
OL-28354-01 13
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Accessing the CLI on a Switch Stack
Using the Command-Line Interface
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
14 OL-28354-01
CHAPTER 2
Configuring Flexible NetFlow
• Finding Feature Information, page 15
• Prerequisites for Flexible NetFlow, page 15
• Restrictions for Flexible NetFlow, page 16
• Information About Flexible NetFlow, page 17
• How to Configure Flexible NetFlow, page 29
• Monitoring Flexible NetFlow, page 43
• Configuration Examples for Flexible NetFlow, page 43
• Additional References, page 46
• Feature Information for Flexible NetFlow, page 47
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not
required.
Prerequisites for Flexible NetFlow
The following are prerequisites for your Flexible NetFlow configuration:
• You must configure a source interface. If you do not configure a source interface, the exporter will
remain in a disabled state.
• You must configure a valid record name for every flow monitor.
OL-28354-01 15
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Prerequisites for Wireless Flexible NetFlow
Prerequisites for Wireless Flexible NetFlow
The following are the prerequisites for wireless Flexible NetFlow:
• Ensure that the networking device is running a Cisco release that supports wireless Flexible NetFlow.
• Ensure that the target is connected to a WLAN.
• The networking device must be configured to support protocol types such as IP, IPv6, and datalink.
• Valid flow record and monitor are required before generating the flow.
Restrictions for Flexible NetFlow
The following are restrictions for Flexible NetFlow:
• Traditional NetFlow (TNF) accounting is not supported.
Configuring Flexible NetFlow
• Flexible NetFlow v5 export format is not supported, only NetFlow v9 export format is supported.
• Both ingress and egress NetFlow accounting is supported.
• Microflow policing feature shares the NetFlow hardware resource with FNF.
• Only one flow monitor per interface and per direction is supported.
• Layer 2, IPv4, and IPv6 traffic types are supported; however, the switch can apply a flow monitor to
only one of these types at a time for a given direction and interface.
• Layer 2, VLAN, and Layer 3 interfaces are supported, but the switch does not support SVI and tunnels.
• The following NetFlow table sizes are supported:
Egress NetFlow TableIngress NetFlow TableTrim Level
Not supportedNot supportedLAN Base
16 K8 KIP Base
16 K8 KIP Services
• Depending on the switch type, a switch will have one or two forwarding ASICs. The capacities listed
in the above table are on a per-ASIC basis.
• The NetFlow tables are on separate compartments and cannot be combined. Depending on which ASIC
processed the packet, the flows will be created in the table in the corresponding ASIC.
• Both full flow accounting and sampled NetFlow accounting are supported.
• NetFlow hardware implementation supports four hardware samplers. You can select a sampler rate from
1 out of 2 to 1 out of 1024. Only random sampling mode is supported.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
16 OL-28354-01
Configuring Flexible NetFlow
Information About Flexible NetFlow
• With the microflow policing feature (which is enabled only for wireless implementation), NetFlow can
and should be used only in full flow mode i.e. NetFlow policing cannot be used. For wireless traffic,
applying a sampler is not permitted, as it hinders microflow QoS.
• Only full flow accounting is supported for wireless traffic.
• NetFlow hardware uses hash tables internally. Hash collisions can occur in the hardware. Therefore, in
spite of the internal overflow Content Addressable Memory (CAM), the actual NetFlow table utilization
could be about 80 percent.
• Depending on what fields are used for the flow, a single flow could take two consecutive entries. IPv6
flows also take two entries. In these situations, the effective usage of NetFlow entries is half the table
size, which is separate from the above hash collision limitation.
• The switch supports up to 16 flow monitors.
• Microflow policing uses a separate set of flow monitors (limit 3).
• SSID-based NetFlow accounting is supported. SSID is treated in a manner similar to an interface.
However, certain fields are not supported (such as AP MAC address and user ID ).
• NetFlow v9 format NetFlow export is supported.
• The NetFlow software implementation supports distributed NetFlow export, so the flows are exported
from the same switch in which the flow was created.
• Ingress flows are present in the ASIC that first received the packets for the flow. Egress flows are present
in the ASIC from which the packets actually left the switch set up.
• The reported value for the bytes count field (called “bytes long”) is Layer-2-packet-size—18 bytes. For
classic Ethernet traffic (802.3), this will be accurate. For all other Ethernet types, this field will not be
accurate. Use the "bytes layer2” field, which always reports the accurate Layer 2 packet size. For
information about supported Flexible NetFlow fields, see Supported Flexible NetFlow Fields, on page
24.
Information About Flexible NetFlow
NetFlow is a Cisco technology that provides statistics on packets flowing through the switch. NetFlow is the
standard for acquiring IP operational data from IP networks. NetFlow provides data to enable network and
security monitoring, network planning, traffic analysis, and IP accounting. Flexible NetFlow improves on
original NetFlow by adding the capability to customize the traffic analysis parameters for your specific
requirements. Flexible NetFlow facilitates the creation of more complex configurations for traffic analysis
and data export through the use of reusable configuration components.
Flexible NetFlow Overview
Flexible NetFlow uses flows to provide statistics for accounting, network monitoring, and network planning.
A flow is a unidirectional stream of packets that arrives on a source interface and has the same values for the
keys. A key is an identified value for a field within the packet. You create a flow using a flow record to define
the unique keys for your flow.
OL-28354-01 17
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Flexible NetFlow Overview
The switch supports the Flexible NetFlow feature that enables enhanced network anomalies and security
detection. Flexible NetFlow allows you to define an optimal flow record for a particular application by selecting
the keys from a large collection of predefined fields.
All key values must match for the packet to count in a given flow. A flow might gather other fields of interest,
depending on the export record version that you configure. Flows are stored in the Flexible NetFlow cache.
You can export the data that Flexible NetFlow gathers for your flow by using an exporter and export this data
to a remote Flexible NetFlow collector.
You define the size of the data that you want to collect for a flow using a monitor. The monitor combines the
flow record and exporter with the Flexible NetFlow cache information.
Wireless Flexible NetFlow Overview
The wireless Flexible NetFlow infrastructure supports the following:
• Flexible NetFlow Version 9.0
• User-based rate limiting
Configuring Flexible NetFlow
Note
• Microflow policing
• Voice and video flow monitoring
• Reflexive access control list (ACL)
Microflow Policing and User-Based Rate Limiting
Microflow policing associates a 2-color 1-rate policer and related drop statistics to each flow present in the
NetFlow table. When the flow mask comprises all packet fields, this functionality is known as microflow
policing. When the flow mask comprises either source or destination only, this functionality is known as
user-based rate limiting.
Voice and Video Flow Monitoring
Voice and video flows are full flow mask-based entries. The ASIC provides the flexibility to program the
policer parameters, share policers across multiple flows and rewrite the IP address and Layer 4 port numbers
of these flows.
For dynamic entries, the NetFlow engine will use the policer parameters that are derived for the flow based
on the policy (ACL/QoS-based policies). Dynamic entries cannot share policer across multiple flows.
Reflexive ACL
Reflexive ACLs allow IP packets to be filtered based on upper-layer session information. The ACLs allow
outbound traffic and limit inbound traffic in response to the sessions that originate inside the trusted network.
The reflexive ACLs are transparent to the filtering mechanism until a data packet that matches the reflexive
entry activates it. At this time, a temporary ACL entry is created and added to the IP-named access lists. The
information obtained from the data packet to generate the reflexive ACL entry is permit/deny bit, the source
IP address and port, the destination IP address, port, and the protocol type. During reflexive ACL entry
evaluation, if the protocol type is either TCP or UDP, then the port information must match exactly. For other
protocols, there is no port information to match. After this ACL is installed, the firewall is then opened for
the reply packets to pass through. At this time, a potential hacker could have access to the network behind the
firewall. To narrow this window, an idle timeout period can be defined. However, in the case of TCP, if two
FIN bits or an RST is detected, the ACL entry can be removed.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
18 OL-28354-01
Configuring Flexible NetFlow
Flow Records
Flow Records
Related Topics
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction, on page 42
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction), on page 44
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN (Egress Direction), on page
45
Example: Configuring IPv6 Flexible NetFlow in WLAN (Both Ingress and Egress Directions), on page
45
A flow record defines the keys that Flexible NetFlow uses to identify packets in the flow, as well as other
fields of interest that Flexible NetFlow gathers for the flow. You can define a flow record with any combination
of keys and fields of interest. The switch supports a rich set of keys. A flow record also defines the types of
counters gathered per flow. You can configure 64-bit packet or byte counters. The switch enables the following
match fields as the defaults when you create a flow record:
• match datalink—Layer 2 attributes
• match flow—Flow identifying attributes
• match interface—Interface attributes
• match ip4—IPv4 attributes
• match ipv6—IPv6 attributes
• match transport—Transport layer fields
Related Topics
Creating a Flow Record, on page 29
Flexible NetFlow Match Parameters
The following table describes Flexible NetFlow match parameters. You must configure at least one of the
following match parameters for the flow records.
OL-28354-01 19
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Flow Records
Configuring Flexible NetFlow
Table 3: Match Parameters
PurposeCommand
match datalink {dot1q | ethertype | mac | vlan }
match interface {input | output}
match ipv4 {destination | protocol | source | tos |
ttl | version}
Specifies a match to datalink or Layer 2 fields. The
following command options are available:
• dot1q—Matches to the dot1q field.
• ethertype—Matches to the ethertype of the
packet.
• mac—Matches the source or destination MAC
fields.
• vlan—Matches to the VLAN that the packet is
located on (input or output).
Specifies a match to the flow identifying fields.match flow direction
Specifies a match to the interface fields. The
following command options are available:
• input—Matches to the input interface.
• output—Matches to the output interface.
Specifies a match to the IPv4 fields. The following
command options are available:
• destination—Matches to the IPv4 destination
address-based fields.
• protocol—Matches to the IPv4 protocols.
• source—Matches to the IPv4 source address
based fields.
• tos—Matches to the IPv4 Type of Service
fields.
• ttl—Matches to the IPv4 Time To Live fields.
• version—Matches to the IP version from the
IPv4 header.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
20 OL-28354-01
Configuring Flexible NetFlow
Flow Records
PurposeCommand
match ipv6 {destination | hop-limit | protocol |
source | traffic-class | version }
match transport {destination-port | igmp | icmp |
source-port}
Specifies a match to the IPv6 fields. The following
command options are available:
• destination—Matches to the IPv6 destination
address-based fields.
• hop-limit—Matches to the IPv6 hop limit fields.
• protocol—Matches to the IPv6 payload protocol
fields.
• source—Matches to the IPv6 source address
based fields.
• traffic-class—Matches to the IPv6 traffic class.
• version—Matches to the IP version from the
IPv6 header.
Specifies a match to the Transport Layer fields. The
following command options are available:
• destination-port—Matches to the transport
destination port.
• icmp—Matches to ICMP fields, including
ICMP IPv4 and IPv6 fields.
Flexible NetFlow Collect Parameters
The following table describes the Flexible NetFlow collect parameters.
Table 4: Collect Parameters
collect counter { bytes { layer2 { long } | long } |
packets { long } }
collect timestamp absolute {first | last}
• igmp—Matches to IGMP fields.
• source-port—Matches to the transport source
port.
PurposeCommand
Collects the counter fields total bytes and total
packets.
Collects the fields from the input or output interface.collect interface {input | output}
Collects the fields for the absolute time the first packet
was seen or the absolute time the most recent packet
was last seen (in milliseconds).
OL-28354-01 21
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Exporters
Configuring Flexible NetFlow
PurposeCommand
Exporters
collect transport tcp flags
Collects the following transport TCP flags:
• ack—TCP acknowledgement flag
• cwr—TCP congestion window reduced flag
• ece—TCP ECN echo flag
• fin—TCP finish flag
• psh—TCP push flag
• rst—TCP reset flag
• syn—TCP synchronize flag
• urg—TCP urgent flag
Note
On the switch, you cannot specify which
TCP flag to collect. You can only specify to
collect transport TCP flags. All TCP flags
will be collected with this command.
An exporter contains network layer and transport layer details for the Flexible NetFlow export packet. The
following table lists the configuration options for an exporter.
Table 5: Flexible NetFlow Exporter Configuration Options
DescriptionExporter Configuration
Sets a command to its default values.default
Provides a description for the flow exporter.description
Export destination.destination
Optional DSCP value.dscp
Exits from the flow exporter configuration mode.exit
Export protocol version.export-protocol
Negates the command or its default.no
Selects option for exporting.option
Originating interface for the net flow.source
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
22 OL-28354-01
Configuring Flexible NetFlow
The switch exports data to the collector whenever a timeout occurs or when the flow is terminated (TCP Fin
or Rst received, for example). You can configure the following timers to force a flow export:
Related Topics
Monitors
DescriptionExporter Configuration
Flow exporter template configuration.template
Transport protocol.transport
Optional TTL or hop limit.ttl
•
Active timeout—The flow continues to have the packets for the past m seconds since the flow was
created.
•
Inactive timeout—The flow does not have any packets for the past n seconds.
Creating a Flow Exporter, on page 31
Export Formats
Monitors
The switch supports only NetFlow Version 9 export formats. NetFlow Version 9 export format provides the
following features and functionality:
• Variable field specification format
• Support for IPv6, Layer 2, and MPLS fields
• More efficient network utilization
For information about the Version 9 export format, see RFC 3954.Note
A monitor references the flow record and flow exporter. You apply a monitor to an interface on the switch.
Note the following when applying a flow monitor to an interface:
• If you apply a flow monitor in the input direction:
◦ Use the match keyword and use the input interface as a key field.
◦ Use the collect keyword and use the output interface as a collect field. This field will be present
in the exported records but with a value of 0.
• If you apply a flow monitor in the output direction:
◦ Use the match keyword and use the output interface as a key field.
OL-28354-01 23
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Samplers
◦ Use the collect keyword and use the input interface as a collect field. This field will be present in
the exported records but with a value of 0.
Related Topics
Creating a Flow Monitor, on page 33
Samplers
If you are using sampled mode, you use the sampler to specify the rate at which packets are sampled.
Related Topics
Creating a Sampler, on page 35
Supported Flexible NetFlow Fields
Configuring Flexible NetFlow
The following tables provide a consolidated list of supported fields in Flexible NetFlow (FNF) for various
traffic types and traffic direction.
If the packet has a VLAN field, then that length is not accounted for.Note
Field
Key or
Collect
Fields
input
Layer 2
In
Out
—Yes—Yes—YesInterface
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2
If you apply a flow monitor in
the input direction:
• Use the match keyword
and use the input
interface as a key field.
• Use the collect keyword
and use the output
interface as a collect
field. This field will be
present in the exported
records but with a value
of 0.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
24 OL-28354-01
Configuring Flexible NetFlow
Supported Flexible NetFlow Fields
Field
output
Key Fields
direction
Layer 2
In
Out
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2
Yes—Yes—Yes—Interface
If you apply a flow monitor in
the output direction:
• Use the match keyword
and use the output
interface as a key field.
• Use the collect keyword
and use the input
interface as a collect
field. This field will be
present in the exported
records but with a value
of 0.
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2 OutLayer 2 InField
YesYesYesYesYesYesFlow
input
output
VLAN
input
VLAN
output
priority
————YesYesEthertype
—Yes—Yes—YesVLAN
Supported
only for a
switch port.
Yes—Yes—Yes—VLAN
Supported
only for a
switch port.
—Yes—Yes—Yesdot1q
Supported
only for a
switch port.
Yes—Yes—Yes—dot1q
Supported
only for a
switch port.
YesYesYesYesYesYesdot1q
Supported
only for a
switch port.
OL-28354-01 25
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Supported Flexible NetFlow Fields
source
address
input
source
address
output
destination
address
input
destination
address
output
Configuring Flexible NetFlow
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2 OutLayer 2 InField
YesYesYesYesYesYesMAC
——————MAC
—Yes—Yes—YesMAC
Yes—Yes—Yes—MAC
version
protocol
address
destination
address
type
YesYesYesYes——IPv4
YesYesYesYes——IPv4 TOS
YesYesYesYes——IPv4
Must use if
any of
src/dest
port, ICMP
code/type,
IGMP type
or TCP
flags are
used.
YesYesYesYes——IPv4 TTL
——YesYes——IPv4 source
——YesYes——IPv4
——YesYes——ICMP IPv4
code
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
26 OL-28354-01
——YesYes——ICMP IPv4
Configuring Flexible NetFlow
Key Fields
continued
Supported Flexible NetFlow Fields
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2 OutLayer 2 InField
——YesYes——IGMP type
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2 OutLayer 2 InField
version
protocol
address
destination
address
traffic-class
YesYesYesYes——IPv6
Same as IP
version.
YesYesYesYes——IPv6
Same as IP
protocol.
Must use if
any of
src/dest
port, ICMP
code/type,
IGMP type
or TCP
flags are
used.
YesYes————IPv6 source
YesYes————IPv6
YesYesYesYes——IPv6
Same as IP
TOS.
hop-limit
type
code
OL-28354-01 27
YesYesYesYes——IPv6
YesYes————ICMP IPv6
YesYes————ICMP IPv6
YesYesYesYes——source-port
YesYesYesYes——dest-port
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Same as IP
TTL.
Default Settings
Configuring Flexible NetFlow
NotesIPv6 OutIPv6 InIP v4 OutIPv4 InLayer 2 OutLayer 2 InField
Collect
Fields
long
absolute
first
absolute
last
YesYesYesYesYesYesBytes long
Packet size
= (Ethernet
frame size
including
FCS - 18
bytes)
Recommended:
Avoid this
field and
use Bytes
layer2 long.
YesYesYesYesYesYesPackets
YesYesYesYesYesYesTimestamp
YesYesYesYesYesYesTimestamp
YesYesYesYesYesYesTCP flags
Collects all
flags.
layer2 long
Default Settings
The following table lists the Flexible NetFlow default settings for the switch.
Table 6: Default Flexible NetFlow Settings
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
28 OL-28354-01
YesYesYesYesYesYesBytes
DefaultSetting
1800 secondsFlow active timeout
Enabled, 15 secondsFlow timeout inactive
Configuring Flexible NetFlow
How to Configure Flexible NetFlow
To configure Flexible NetFlow, follow these general steps:
1
Create a flow record by specifying keys and non-key fields to the flow.
2
Create an optional flow exporter by specifying the protocol and transport destination port, destination,
and other parameters.
3
Create a flow monitor based on the flow record and flow exporter.
4
Create a sampler.
5
Apply the flow monitor to a Layer 2 port, Layer 3 port, or VLAN.
6
If applicable to your configuration, configure a WLAN to apply a flow monitor to.
Creating a Flow Record
How to Configure Flexible NetFlow
SUMMARY STEPS
DETAILED STEPS
Step 1
Example:
Switch# configure terminal
You can create a flow record and add keys to match on and fields to collect in the flow.
configure terminal
1.
flow record name
2.
description string
3.
match type
4.
collect type
5.
end
6.
show flow record [name record-name]
7.
copy running-config startup-config
8.
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Step 2
OL-28354-01 29
flow record name
Example:
Switch(config)# flow record test
Switch(config-flow-record)#
Creates a flow record and enters flow record
configuration mode.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Creating a Flow Record
Configuring Flexible NetFlow
PurposeCommand or Action
Step 3
Step 4
Step 5
description string
Example:
Switch(config-flow-record)# description Ipv4Flow
match type
Example:
Switch(config-flow-record)# match ipv4 source address
Switch(config-flow-record)# match ipv4 destination
address
Switch(config-flow-record)# match flow direction
collect type
Example:
Switch(config-flow-record)# collect counter bytes
layer2 long
Switch(config-flow-record)# collect counter bytes
long
Switch(config-flow-record)# collect timestamp
absolute first
Switch(config-flow-record)# collect transport tcp
flags
(Optional) Describes this flow record as a maximum
63-character string.
Specifies a match key. For information about possible
match key values, see Flexible NetFlow Match
Parameters, on page 19.
Specifies the collection field. For information about
possible collection field values, see Flexible NetFlow
Collect Parameters, on page 21.
Step 6
Step 7
Step 8
Returns to privileged EXEC mode.end
Example:
Switch(config-flow-record)# end
show flow record [name record-name]
(Optional) Displays information about NetFlow flow
records.
Example:
Switch show flow record test
(Optional) Saves your entries in the configuration file.copy running-config startup-config
Example:
Switch# copy running-config
startup-config
What to Do Next
Define an optional flow exporter by specifying the export format, protocol, destination, and other parameters.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
30 OL-28354-01
Configuring Flexible NetFlow
Related Topics
Flow Records, on page 19
Creating a Flow Exporter
You can create a flow export to define the export parameters for a flow.
SUMMARY STEPS
configure terminal
1.
flow exporter name
2.
description string
3.
dscp value
4.
destination { ipv4-address }
5.
source { source type }
6.
transport udp number
7.
end
8.
show flow exporter [name record-name]
9.
copy running-config startup-config
10.
Creating a Flow Exporter
DETAILED STEPS
Step 1
Step 2
Step 3
Example:
Switch# configure terminal
flow exporter name
Example:
Switch(config)# flow exporter ExportTest
Switch (config-flow-exporter)#
description string
Example:
Switch(config-flow-exporter)# description
ExportV9
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Creates a flow exporter and enters flow exporter configuration
mode.
(Optional) Describes this flow record as a maximum 63-character
string.
OL-28354-01 31
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Creating a Flow Exporter
Configuring Flexible NetFlow
PurposeCommand or Action
Step 4
Step 5
Step 6
dscp value
Example:
Switch(config-flow-exporter)# dscp 0
destination { ipv4-address }
Example:
Switch(config-flow-exporter)# destination
192.0.2.1
source { source type }
Example:
Switch(config-flow-exporter)# source
gigabitEthernet1/0/1
(Optional) Specifies the differentiated services codepoint value.
The range is from 0 to 63.
Sets the destination IPv4 address or hostname for this exporter.
Specifies the interface to use to reach the NetFlow collector at
the configured destination. The following interfaces can be
configured as source:
• Auto Template—Auto-Template interface
• Capwap—CAPWAP tunnel interface
• GigabitEthernet—Gigabit Ethernet IEEE 802
• GroupVI—Group virtual interface
• Internal Interface—Internal interface
• Loopback—Loopback interface
Step 7
Step 8
Step 9
transport udp number
Example:
Switch(config-flow-exporter)# transport udp
200
Example:
Switch(config-flow-record)# end
show flow exporter [name record-name]
• Null—Null interface
• Port-channel—Ethernet Channel of interface
• TenGigabitEthernet—10-Gigabit Ethernet
• Tunnel—Tunnel interface
• Vlan—Catalyst VLANs
(Optional) Specifies the UDP port to use to reach the NetFlow
collector. The range is from 0 to 65535.
Returns to privileged EXEC mode.end
(Optional) Displays information about NetFlow flow exporters.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
32 OL-28354-01
Configuring Flexible NetFlow
Example:
Switch show flow exporter ExportTest
Creating a Flow Monitor
PurposeCommand or Action
Step 10
Example:
Switch# copy running-config
startup-config
What to Do Next
Define a flow monitor based on the flow record and flow exporter.
Related Topics
Exporters, on page 22
Creating a Flow Monitor
You can create a flow monitor and associate it with a flow record and a flow exporter.
SUMMARY STEPS
configure terminal
1.
flow monitor name
2.
description string
3.
exporter name
4.
record name
5.
cache { timeout {active | inactive} seconds | type normal }
6.
end
7.
show flow monitor [name record-name]
8.
copy running-config startup-config
9.
(Optional) Saves your entries in the configuration file.copy running-config startup-config
OL-28354-01 33
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Creating a Flow Monitor
DETAILED STEPS
Configuring Flexible NetFlow
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Example:
Switch# configure terminal
flow monitor name
Example:
Switch(config)# flow monitor MonitorTest
Switch (config-flow-monitor)#
description string
Example:
Switch(config-flow-monitor)# description Ipv4Monitor
exporter name
Example:
Switch(config-flow-monitor)# exporter ExportTest
record name
Example:
Enters the global configuration mode.configure terminal
Creates a flow monitor and enters flow monitor
configuration mode.
(Optional) Describes this flow record as a maximum
63-character string.
Associates a flow exporter with this flow monitor.
Associates a flow record with the specified flow
monitor.
Switch(config-flow-monitor)# record test
Step 6
cache { timeout {active | inactive} seconds | type normal
}
Example:
Switch(config-flow-monitor)# cache timeout active
15000
Step 7
Example:
Switch(config-flow-monitor)# end
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
34 OL-28354-01
Associates a flow cache with the specified flow
monitor.
Returns to privileged EXEC mode.end
Configuring Flexible NetFlow
Creating a Sampler
PurposeCommand or Action
Step 8
Step 9
show flow monitor [name record-name]
Example:
Switch show flow monitor name MonitorTest
copy running-config startup-config
Example:
Switch# copy running-config
startup-config
What to Do Next
Apply the flow monitor to a Layer 2 interface, Layer 3 interface, or VLAN.
Related Topics
Monitors, on page 23
Creating a Sampler
(Optional) Displays information about NetFlow flow
monitors.
(Optional) Saves your entries in the configuration
file.
SUMMARY STEPS
You can create a sampler to define the NetFlow sampling rate for a flow.
configure terminal
1.
sampler name
2.
description string
3.
mode {random}
4.
end
5.
show sampler [name]
6.
copy running-config startup-config
7.
OL-28354-01 35
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Creating a Sampler
DETAILED STEPS
Configuring Flexible NetFlow
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Example:
Switch# configure terminal
sampler name
Example:
Switch(config)# sampler SampleTest
Switch(config-flow-sampler)#
description string
Example:
Switch(config-flow-sampler)# description samples
Example:
Switch(config-flow-sampler)# mode random 1 out-of
1024
Enters the global configuration mode.configure terminal
Creates a sampler and enters flow sampler
configuration mode.
(Optional) Describes this flow record as a maximum
63-character string.
Defines the random sample mode.mode {random}
Returns to privileged EXEC mode.end
Step 6
Step 7
Example:
Switch(config-flow-sampler)# end
show sampler [name]
(Optional) Displays information about NetFlow
samplers.
Example:
Switch show sample SampleTest
copy running-config startup-config
(Optional) Saves your entries in the configuration
file.
Example:
Switch# copy running-config
startup-config
What to Do Next
Apply the flow monitor to a source interface, subinterface, VLAN interface, or a VLAN.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
36 OL-28354-01
Configuring Flexible NetFlow
Related Topics
Samplers, on page 24
Applying a Flow to an Interface
You can apply a flow monitor and an optional sampler to an interface.
Note the following when applying a flow monitor to an interface:
• If you apply a flow monitor in the input direction:
◦ Use the match keyword and use the input interface as a key field.
◦ Use the collect keyword and use the output interface as a collect field. This field will be present
in the exported records but with a value of 0.
• If you apply a flow monitor in the output direction:
◦ Use the match keyword and use the output interface as a key field.
Applying a Flow to an Interface
SUMMARY STEPS
DETAILED STEPS
Step 1
Example:
Switch# configure terminal
◦ Use the collect keyword and use the input interface as a collect field. This field will be present in
the exported records but with a value of 0.
configure terminal
1.
interface type
2.
ip flow monitor name [sampler name] { input |output }
3.
end
4.
show flow interface [interface-type number]
5.
copy running-config startup-config
6.
PurposeCommand or Action
Enters the global configuration mode.configure terminal
Step 2
OL-28354-01 37
interface type
Example:
Switch(config)# interface
GigabitEthernet1/0/1
Switch(config-if)#
Enters interface configuration mode and configures an interface.
Command parameters for the interface configuration include:
• Auto— Auto-Template interface
• Capwap—CAPWAP tunnel interface
• GigabitEthernet—GigabitEthernet IEEE 802
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring a Bridged NetFlow on a VLAN
Configuring Flexible NetFlow
PurposeCommand or Action
• GroupVI—Group Virtual interface
• Internal Interface—Internal Interface
• Loopback—Loopback interface
• Null—Null interface
• Port-channel—Ethernet channel of interface
• TenGigabitEthernet—10- Gigabit Ethernet
• Tunnel—Tunnel interface
• Vlan—Catalyst VLANs
• Range—Interface range
Step 3
Step 4
Step 5
Step 6
ip flow monitor name [sampler name] { input
|output }
Example:
Switch(config-if)# ip flow monitor
MonitorTest input
Example:
Switch(config-flow-monitor)# end
show flow interface [interface-type number]
Example:
Switch# show flow interface
Example:
Switch# copy running-config
startup-config
Associates an IPv4 flow monitor and an optional sampler to the
interface for input or output packets.
Returns to privileged EXEC mode.end
(Optional) Displays information about NetFlow on an interface.
(Optional) Saves your entries in the configuration file.copy running-config startup-config
Configuring a Bridged NetFlow on a VLAN
You can apply a flow monitor and an optional sampler to a VLAN.
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
38 OL-28354-01
Configuring Flexible NetFlow
SUMMARY STEPS
DETAILED STEPS
configure terminal
1.
vlan [configuration] vlan-id
2.
ip flow monitor name [sampler name] {input |output}
3.
copy running-config startup-config
4.
Configuring Layer 2 NetFlow
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Example:
Switch# configure terminal
vlan [configuration] vlan-id
Example:
Switch(config)# vlan configuration 30
Switch(config-vlan-config)#
ip flow monitor name [sampler name] {input |output}
Example:
Switch(config-vlan-config)# ip flow monitor
MonitorTest input
copy running-config startup-config
Example:
Switch# copy running-config
startup-config
Enters the global configuration mode.configure terminal
Enters VLAN or VLAN configuration mode.
Associates a flow monitor and an optional sampler
to the VLAN for input or output packets.
(Optional) Saves your entries in the configuration
file.
Configuring Layer 2 NetFlow
You can define Layer 2 keys in Flexible NetFlow records that you can use to capture flows in Layer 2 interfaces.
OL-28354-01 39
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring Layer 2 NetFlow
SUMMARY STEPS
DETAILED STEPS
configure terminal
1.
flow record name
2.
match datalink {dot1q |ethertype | mac | vlan}
3.
end
4.
show flow record [name ]
5.
copy running-config startup-config
6.
Configuring Flexible NetFlow
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Example:
Switch# configure terminal
flow record name
Example:
Switch(config)# flow record L2_record
Switch(config-flow-record)#
Example:
Switch(config-flow-record)# match datalink ethertype
Example:
Switch(config-flow-record)# end
show flow record [name ]
Example:
Enters the global configuration mode.configure terminal
Enters flow record configuration mode.
Specifies the Layer 2 attribute as a key.match datalink {dot1q |ethertype | mac | vlan}
Returns to privileged EXEC mode.end
(Optional) Displays information about NetFlow
on an interface.
Switch# show flow record
Step 6
copy running-config startup-config
Example:
Switch# copy running-config
startup-config
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
40 OL-28354-01
(Optional) Saves your entries in the configuration
file.
Configuring Flexible NetFlow
Configuring WLAN to Apply Flow Monitor in Data Link Input/Output Direction
Configuring WLAN to Apply Flow Monitor in Data Link Input/Output Direction
SUMMARY STEPS
configure terminal
1.
wlan wlan-name
2.
datalink flow monitor monitor-name {input | output}
3.
end
4.
show wlan wlan-name
5.
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Example:
Switch# configure terminal
wlan wlan-name
Example:
Switch (config) # wlan mywlan
datalink flow monitor monitor-name {input | output}
Example:
Switch (config-wlan) # datalink flow monitor
flow-monitor-1 {input | output}
Example:
Switch (config) # end
show wlan wlan-name
PurposeCommand or Action
Enters global configuration mode.configure terminal
Enters WLAN configuration submode. For wlan-name,
enter the profile name. The range is 1 to 32 characters.
Applies flow monitor to Layer 2 traffic in the direction
of interest.
Returns to privileged EXEC mode.end
(Optional) Verifies your configuration.
Example:
Switch # show wlan mywlan
OL-28354-01 41
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring Flexible NetFlow
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output
Direction
SUMMARY STEPS
configure terminal
1.
wlan wlan-id
2.
{ipv4 |ipv6} flow monitor monitor-name {input | output}
3.
end
4.
show wlan wlan-name
5.
DETAILED STEPS
PurposeCommand or Action
Step 1
Step 2
Step 3
Step 4
Step 5
Example:
Switch# configure terminal
wlan wlan-id
Example:
Switch (config) # wlan 1
{ipv4 |ipv6} flow monitor monitor-name {input |
output}
Example:
Switch (config-wlan) # ip flow monitor
flow-monitor-1 input
Example:
Switch (config) # end
show wlan wlan-name
Enters global configuration mode.configure terminal
Enters WLAN configuration submode. For wlan-id,
enter the WLAN ID. The range is 1 to 64.
Associates a flow monitor to the WLAN for input or
output packets.
Returns to privileged EXEC mode.end
(Optional) Verifies your configuration.
Example:
Switch # show wlan mywlan
Related Topics
Wireless Flexible NetFlow Overview, on page 18
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
42 OL-28354-01
Configuring Flexible NetFlow
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction), on page 44
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN (Egress Direction), on page
45
Example: Configuring IPv6 Flexible NetFlow in WLAN (Both Ingress and Egress Directions), on page
45
Monitoring Flexible NetFlow
The commands in the following table can be used to monitor Flexible NetFlow.
Table 7: Flexible NetFlow Monitoring Commands
Monitoring Flexible NetFlow
PurposeCommand
show flow exporter [broker | export-ids | name |
name | statistics | templates]
show flow exporter [ name exporter-name]
show flow monitor [ name exporter-name]
show flow record [ name record-name]
show flow ssid
show sampler [broker | name | name]
show wlan wlan-name
Displays information about NetFlow flow exporters
and statistics.
Displays information about NetFlow flow exporters
and statistics.
Displays information about NetFlow interfaces.show flow interface
Displays information about NetFlow flow monitors
and statistics.
Displays information about NetFlow flow records.
Displays NetFlow monitor installation status for a
WLAN.
Displays information about NetFlow samplers.
Displays the WLAN configured on the device.
Configuration Examples for Flexible NetFlow
Example: Configuring a Flow
This example shows how to create a flow and apply it to an interface:
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# flow export export1
Switch(config-flow-exporter)# destination 10.0.101.254
Switch(config-flow-exporter)# transport udp 2055
OL-28354-01 43
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Configuring Flexible NetFlow
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction)
Switch(config-flow-exporter)# exit
Switch(config)# flow record record1
Switch(config-flow-record)# match ipv4 source address
Switch(config-flow-record)# match ipv4 destination address
Switch(config-flow-record)# match ipv4 protocol
Switch(config-flow-record)# match transport source-port
Switch(config-flow-record)# match transport destination-port
Switch(config-flow-record)# collect counter byte long
Switch(config-flow-record)# collect counter packet long
Switch(config-flow-record)# collect timestamp absolute first
Switch(config-flow-record)# collect timestamp absolute last
Switch(config-flow-record)# exit
Switch(config)# flow monitor monitor1
Switch(config-flow-monitor)# record record1
Switch(config-flow-monitor)# exporter export1
Switch(config-flow-monitor)# exit
Switch(config)# interface tenGigabitEthernet 1/0/1
Switch(config-if)# ip flow monitor monitor1 input
Switch(config-if)# end
Example: Configuring IPv4 Flexible NetFlow in WLAN (Ingress Direction)
The following example shows how to configure IPv4 Flexible NetFlow on WLAN ingress direction:
Switch# configure terminal
Switch (config)# flow record fr_v4
Switch (config-flow-record)# match ipv4 destination
Switch (config-flow-record)# match ipv4 source
Switch (config-flow-record)# match ipv4 protocol
Switch (config-flow-record)# match ipv4 tos
Switch (config-flow-record)# match ipv4 ttl
Switch (config-flow-record)# match ipv4 version
Switch (config-flow-record)# collect counter packets long
Switch (config-flow-record)# collect counter bytes long
Switch (config-flow-record)# collect timestamp sys-uptime first
Switch (config-flow-record)# collect timestamp sys-uptime last
Switch (config-flow-record)# exit
Switch (config)# flow monitor fm_v4
Switch (config-flow-monitor)# record fr_v4
Switch (config-flow-record)# exit
Switch (config)# wlan 1
Switch (config-wlan)# ip flow monitor fm_v4 in
Switch (config-wlan)# end
Switch# show flow monitor fm_v4 cache
Related Topics
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction, on page 42
Wireless Flexible NetFlow Overview, on page 18
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
44 OL-28354-01
Configuring Flexible NetFlow
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN (Egress Direction)
Example: Configuring IPv6 and Transport Flag Flexible NetFlow in WLAN
(Egress Direction)
The following example shows how to configure IPv6 and transport flag Flexible NetFlow on WLAN egress
direction:
Switch# configure terminal
Switch (config)# flow record fr_v6
Switch (config-flow-record)# match ipv6 destination
Switch (config-flow-record)# match ipv6 source
Switch (config-flow-record)# match ipv6 hop-limit
Switch (config-flow-record)# match ipv6 protocol
Switch (config-flow-record)# match ipv6 traffic class
Switch (config-flow-record)# match ipv6 version
Switch (config-flow-record)# collect counter bytes long
Switch (config-flow-record)# collect transport tcp flags
Switch (config-flow-record)# exit
Switch (config)# flow monitor fm_v6
Switch (config-flow-monitor)# record fr_v6
Switch (config-flow-monitor)# exit
Switch (config)# wlan 1
Switch (config-wlan)# ipv6 flow monitor fm_v6 out
Switch (config-wlan)# end
Switch# show flow monitor fm_v6 cache
Note
On the switch, you cannot specify which TCP flag to collect. You can only specify to collect transport
TCP flags.
Related Topics
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction, on page 42
Wireless Flexible NetFlow Overview, on page 18
Example: Configuring IPv6 Flexible NetFlow in WLAN (Both Ingress and Egress
Directions)
The following example shows how to configure IPv6 Flexible NetFlow on WLAN in both directions:
Switch# configure terminal
Switch (config)# flow record fr_v6
Switch (config-flow-record)# match ipv6 destination
Switch (config-flow-record)# match ipv6 source
Switch (config-flow-record)# match ipv6 hop-limit
Switch (config-flow-record)# match ipv6 protocol
Switch (config-flow-record)# match ipv6 traffic class
Switch (config-flow-record)# match ipv6 version
Switch (config-flow-record)# collect counter packets long
Switch (config-flow-record)# exit
OL-28354-01 45
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Additional References
Switch (config)# flow monitor fm_v6
Switch (config-flow-monitor)# record fr_v6
Switch (config-flow-monitor)# exit
Switch (config)# wlan 1
Switch (config-wlan)# ipv6 flow monitor fm_v6 in
Switch (config-wlan)# ipv6 flow monitor fm_v6 out
Switch (config-wlan)# end
Switch# show flow monitor fm_v6 cache
Related Topics
Configuring WLAN to Apply Flow Monitor in IPV4 and IPv6 Input/Output Direction, on page 42
Wireless Flexible NetFlow Overview, on page 18
Additional References
Related Documents
Configuring Flexible NetFlow
Flexible NetFlow CLI Commands
Platform-independent configuration information for Flexible NetFlow
Standards and RFCs
TitleStandard/RFC
Cisco Systems NetFlow Services Export Version 9RFC 3954
MIBs
MIBs LinkMIB
All supported MIBs for this release.
To locate and download MIBs for selected platforms,
Cisco IOS releases, and feature sets, use Cisco MIB
Locator found at the following URL:
http://www.cisco.com/go/mibs
Document TitleRelated Topic
Flexible NetFlow Command
Reference Guide, Cisco IOS XE
Release 3SE (Catalyst 3850
Switches)
Flexible Netflow Configuration
Guide, Cisco IOS XE Release 3SE
(Catalyst 3850 Switches)
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
46 OL-28354-01
Configuring Flexible NetFlow
Technical Assistance
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.
Feature Information for Flexible NetFlow
LinkDescription
http://www.cisco.com/supportThe Cisco Support website provides extensive online
Feature Information for Flexible NetFlow
Cisco IOS XE 3.2SEFlexible NetFlow feature support
Feature InformationReleasesFeature Name
Flexible NetFlow uses flows to
provide statistics for accounting,
network monitoring, and network
planning.
OL-28354-01 47
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Feature Information for Flexible NetFlow
Configuring Flexible NetFlow
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
48 OL-28354-01
INDEX
B
bridged NetFlow 38
C
Cisco Flexible NetFlow Configuration Guide
collect parameters 21
D
default settings 28
E
export formats 23
exporters 22
F
I
interface configuration 37
L
Layer 2 NetFlow 39
M
match 19
datalink 19
flow 19
interface 19
ipv4 19
ipv6 19
transport 19
match parameters 19
monitoring 43
monitors 23
flow exporter 31
flow monitor 33
flow record 19, 29
OL-28354-01 IN-1
S
sampler 24, 35
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
Index
Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)
IN-2 OL-28354-01
Loading...