Configuring NetFlow-Lite for Cisco 2960-X Series
The Cisco Catalyst 2960-X NetFlow-Lite configuration is pretty straight f...
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime la...
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/2
ip flow monitor nftest sampler my-...
products at competitive price and ship to worldwide.
Our website: http://www.3anetwork.com
Telephone: +852-3069-7733
Email...
Upcoming SlideShare
Loading in...5
×

Configuring net flow lite for cisco 2960-x series

456

Published on

Leading Cisco networking products distributor-3network.com
Configuring NetFlow-Lite for Cisco 2960-X Series

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
456
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Configuring net flow lite for cisco 2960-x series

  1. 1. Configuring NetFlow-Lite for Cisco 2960-X Series The Cisco Catalyst 2960-X NetFlow-Lite configuration is pretty straight forward however it is very different from the IPFIX PSAMP “NetFlow-Lite” we configured on the Cisco 4948E NetFlow-Lite. The 2960x uses flow sampling without any form of packet capture. There are two types of possible NetFlow Lite sampling configurations on the 2960x: 1 Deterministic Sampling 2Random Sampling Deterministic Sampling Deterministic samplers sample packets exactly as specified (I.e. the first flow out of every 100 flows). Deterministic samplers can only be applied on up to 4 interfaces. For this reason, we decided to configure random sampling. Random Sampling Random sampling samples a random flow out of ever X flows. The maximum sample rate for both Deterministic and Random is 1 out-of 32. It is not limited to 4 interfaces like Deterministic sampling. In the configuration below we used Random sampling. I was able to add the configuration to all interfaces using a random sampler called “my-random- sampler”. The random sampler called “my-random-sampler” was configured to randomly sample 1 out of every 100 flows on the interfaces it was applied to. Setting up NetFlow Lite on the 2960x: ! ! step 1: create a flow record flow record flows match datalink mac source address input match datalink mac destination address input match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect transport tcp flags collect interface input collect flow sampler ! below I specified ‘long’ because the 2960x supports 64 bit counters 1
  2. 2. collect counter bytes long collect counter packets long collect timestamp sys-uptime first collect timestamp sys-uptime last ! ! ! step 2: create a flow exporter flow exporter export-to-inside description flexible NF v9 destination 10.1.1.1 source Vlan7 transport udp 2055 template data timeout 60 ! ! lets export some cool option templates option interface-table option exporter-stats option sampler-table ! ! ! step 3: create a flow monitor flow monitor nftest record flows exporter export-to-inside cache timeout active 60 statistics packet protocol ! ! Below was used for the deterministic sampling configuration ! that I didn’t like because of the 4 interface limitation ! sampler full ! mode deterministic 1 out-of 32 ! ! below is the random sampler configuration that I replaced ! the above with. sampler my-random-sampler mode random 1 out-of 100 ! ! ! ! step 4: apply the flow monitor ‘nftest’ to each interface with ! the defined sampler ‘my-random-sampler’ ! input is for ingress. Egress was not supported in this release… interface GigabitEthernet1/0/1 2
  3. 3. ip flow monitor nftest sampler my-random-sampler input ! interface GigabitEthernet1/0/2 ip flow monitor nftest sampler my-random-sampler input ! interface GigabitEthernet1/0/3 ip flow monitor nftest sampler my-random-sampler input ! interface GigabitEthernet1/0/4 ip flow monitor nftest sampler my-random-sampler input ! ! ################################# ! ### Repeat the above for all the interfaces ### ! ################################# ! interface GigabitEthernet1/0/50 ip flow monitor nftest sampler my-random-sampler input switchport mode access ! interface TenGigabitEthernet1/0/1 ! interface TenGigabitEthernet1/0/2 It is referred from: http://www.plixer.com/blog/netflow-lite-2/cisco-2960-x-netflow-lite- configuration/ More related: Cisco Catalyst 2960-X Series Switch Overview PoE Capacity of Cisco Catalyst 2960-X Series Switches What are the notable differences between the Cisco Catalyst 2960-S and 2960-X Series Switches? More Cisco products and Reviews you can visit: http://www.3anetwork.com/blog 3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards 3
  4. 4. products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 4

×