Difference between revisions of "Cisco NetFlow"

From HackerNet
Jump to: navigation, search
Line 44: Line 44:
 
  show flow monitor
 
  show flow monitor
 
  show flow exporter statistics
 
  show flow exporter statistics
 +
 +
===Nexus===
 +
feature netflow
 +
 +
flow exporter COLLECTOR
 +
  destination 10.0.0.10 use-vrf management
 +
  export Version 9
 +
  transport udp 2055
 +
  source mgmt 0
 +
flow monitor FLOW-MONITOR
 +
  exporter COLLECTOR
 +
  record netflow-original
 +
 +
Ska man samla in netflow på ett interface i ett F3-kort måste samplar användas.
 +
sampler SAMPLER-1
 +
  mode 1 out-of 5
 +
Interface
 +
interface Ethernet1/1
 +
  ip flow monitor FLOW-MONITOR input sampler SAMPLER-1
 +
 +
Verify
 +
show flow record netflow-original
 +
show flow exporter
 +
show flow monitor
 +
show flow interface
  
 
[[Category:Cisco]]
 
[[Category:Cisco]]

Revision as of 12:59, 20 April 2016

Netflow är ett Cisco-properitärt protokoll som används för att se vilka protokoll som används i ett nätverk och hur mycket trafik de genererar.

Komponenter:

Konfiguration

int gi0/0
 ip flow ingress
 ip flow egress

Top-talkers

ip flow-top-talkers
 sort-by bytes
 top 5

Show

show ip flow top-talkers 
show ip cache flow 

ASR

OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten

flow exporter COLLECTOR
 destination 10.0.0.10
 transport udp 2055
 source gi0/1
 export-protocol netflow-v9
flow monitor FLOW-MONITOR
 record netflow ipv4 original-input
 exporter COLLECTOR
 cache timeout active 60
interface gi0/3
 ip flow monitor FLOW-MONITOR input

"Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco

sampler SAMPLER-1
 mode random 1 out-of 1000
interface gi0/3
 ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input

Verify

show flow exporter
show flow interface
show flow monitor
show flow exporter statistics

Nexus

feature netflow
flow exporter COLLECTOR
 destination 10.0.0.10 use-vrf management
 export Version 9
 transport udp 2055
 source mgmt 0
flow monitor FLOW-MONITOR
 exporter COLLECTOR
 record netflow-original

Ska man samla in netflow på ett interface i ett F3-kort måste samplar användas.

sampler SAMPLER-1
 mode 1 out-of 5

Interface

interface Ethernet1/1
 ip flow monitor FLOW-MONITOR input sampler SAMPLER-1

Verify

show flow record netflow-original
show flow exporter
show flow monitor 
show flow interface