Manualshelf

Datasheet

ManualsBrandsCisco ManualsNetworkingC3KX-SM-10G=
12345678910
© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 14
Finally, accuracy of NetFlow statistics can be better achieved closer to the endpoint being monitored, where packet
drops due to congestion or traffic policing are minor compared to aggregation and core.
Configuration Examples and Notes
This section provides some configuration example for Flexible NetFlow and illustrates some of the commands in
detail. Additional information on how to configure Flexible NetFlow on the service module is available under the
software configuration guides for Cisco Catalyst 3560-X and 3750-X Series.
Flexible NetFlow objects are modular and can be used for different monitoring requirements. The flow record
defines what header fields need to be analyzed. If the result of the Flexible NetFlow analysis can be viewed as a
table, where rows represent each distinct traffic flow, then the flow record is where the user can:
Define the table columns.
Define which of the columns are key fields. A key field controls the flow uniqueness: when the Flexible
NetFlow engine observes a new value of a key column, it creates a new row. Nonkey fields are for
computed values, typically counters or time stamps that characterize quantity and duration of each flow.
The following are two examples of a flow record, including Layer 2, Layer 3, and Layer 4 fields. Key fields are
defined using the “match” keyword, while nonkey fields use the “collect” keyword.
flow record L2L4input
description L2 IPv4 L4 fields for input downstream monitor
match datalink source-vlan-id
match datalink ethertype
match datalink mac source-address
match datalink mac destination-address
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter flows
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow record L2L4output
description L2 IPv4 L4 fields for output upstream monitor
match datalink destination-vlan-id
match datalink ethertype
match datalink dot1q priority
match datalink mac source-address
match datalink mac destination-address
match ipv4 tos