Transcription
Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E(Catalyst 3750-X and 3560-X Switches)First Published: June 05, 2014Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883Text Part Number: OL-32528-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R) 2011-2014Cisco Systems, Inc. All rights reserved.
CONTENTSPrefacePreface vDocument Conventions vRelated Documentation viiObtaining Documentation and Submitting a Service Request viiCHAPTER 1Using the Command-Line Interface 1Information About Using the Command-Line Interface 1Command Modes 1Understanding Abbreviated Commands 3No and Default Forms of Commands 3CLI Error Messages 4Configuration Logging 4Using the Help System 4How to Use the CLI to Configure Features 6Configuring the Command History 6Changing the Command History Buffer Size 6Recalling Commands 6Disabling the Command History Feature 7Enabling and Disabling Editing Features 7Editing Commands Through Keystrokes 8Editing Command Lines That Wrap 9Searching and Filtering Output of show and more Commands 10Accessing the CLI Through a Console Connection or Through Telnet 11CHAPTER 2Configuring Flexible NetFlow 13Finding Feature Information 13Prerequisites for Flexible NetFlow 13Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-01iii
ContentsRestrictions for Flexible NetFlow 14Information About Flexible Netflow 15Flexible NetFlow Overview 15Benefits of Flexible NetFlow 15Flexible NetFlow Components 16Flow Records 17User-Defined Records 17Flow Exporters 17Flow Monitors 19Flow Samplers 21Supported Flexible NetFlow Fields 22Default Settings 26How to Configure Flexible NetFlow 26Configuring a Flow Record 26Creating a Flow Exporter 29Creating a Flow Monitor 32Creating a Flow Sampler 35Applying a Flow to an Interface 37Monitoring Flexible NetFlow 38Configuration Examples for Flexible NetFlow 39Example: Configuring a Flow 39Additional References 40Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)ivOL-32528-01
PrefaceThis book describes configuration information and examples for Flexible NetFlow on the switch. Document Conventions, page v Related Documentation, page vii Obtaining Documentation and Submitting a Service Request, page viiDocument ConventionsThis document uses the following conventions:ConventionDescription or CtrlBoth the symbol and Ctrl represent the Control (Ctrl) key on a keyboard. Forexample, the key combination D or Ctrl-D means that you hold down the Controlkey while you press the D key. (Keys are indicated in capital letters but are notcase sensitive.)bold fontCommands and keywords and user-entered text appear in bold font.Italic fontDocument titles, new or emphasized terms, and arguments for which you supplyvalues are in italic font.CourierfontBold CourierTerminal sessions and information the system displays appear in courier font.fontBold Courierfont indicates text that the user must enter.[x]Elements in square brackets are optional.An ellipsis (three consecutive nonbolded periods without spaces) after a syntaxelement indicates that the element can be repeated. A vertical line, called a pipe, indicates a choice within a set of keywords orarguments.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-01v
PrefaceDocument ConventionsConventionDescription[x y]Optional alternative keywords are grouped in brackets and separated by verticalbars.{x y}Required alternative keywords are grouped in braces and separated by verticalbars.[x {y z}]Nested set of square brackets or braces indicate optional or required choiceswithin optional or required elements. Braces and a vertical bar within squarebrackets indicate a required choice within an optional element.stringA nonquoted set of characters. Do not use quotation marks around the string orthe string will include the quotation marks. Nonprinting characters such as passwords are in angle brackets.[]Default responses to system prompts are in square brackets.!, #An exclamation point (!) or a pound sign (#) at the beginning of a line of codeindicates a comment line.Reader Alert ConventionsThis document may use the following conventions for reader alerts:NoteTipCautionTimesaverMeans reader take note. Notes contain helpful suggestions or references to material not covered in themanual.Means the following information will help you solve a problem.Means reader be careful. In this situation, you might do something that could result in equipment damageor loss of data.Means the described action saves time. You can save time by performing the action described in theparagraph.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)viOL-32528-01
PrefaceRelated DocumentationWarningIMPORTANT SAFETY INSTRUCTIONSThis warning symbol means danger. You are in a situation that could cause bodily injury. Before youwork on any equipment, be aware of the hazards involved with electrical circuitry and be familiar withstandard practices for preventing accidents. Use the statement number provided at the end of each warningto locate its translation in the translated safety warnings that accompanied this device. Statement 1071SAVE THESE INSTRUCTIONSRelated DocumentationNoteBefore installing or upgrading the switch, refer to the switch release notes. Cisco Catalyst 3750-X and 3560-X Switch documentation, located at:http://www.cisco.com/go/cat3750x docs Cisco SFP module documentation, including compatibility matrixes, located ps5455/tsd products support series home.html Error Message Decoder, located der/index.cgiObtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, submitting a service request, and gathering additional information,see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Ciscotechnical documentation, atsnew/whatsnew.htmlSubscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feedand set content to be delivered directly to your desktop using a reader application. The RSS feeds are a freeservice and Cisco currently supports RSS version 2.0.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-01vii
PrefaceObtaining Documentation and Submitting a Service RequestFlexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)viiiOL-32528-01
CHAPTER1Using the Command-Line Interface Information About Using the Command-Line Interface, page 1 How to Use the CLI to Configure Features, page 6Information About Using the Command-Line InterfaceCommand ModesThe Cisco IOS user interface is divided into many different modes. The commands available to you dependon which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commandsavailable for each command mode.You can start a CLI session through a console connection, through Telnet, an SSH, or by using the browser.When you start a session, you begin in user mode, often called user EXEC mode. Only a limited subset ofthe commands are available in user EXEC mode. For example, most of the user EXEC commands are one-timecommands, such as show commands, which show the current configuration status, and clear commands,which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a passwordto enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enterglobal configuration mode.Using the configuration modes (global, interface, and line), you can make changes to the running configuration.If you save the configuration, these commands are stored and used when the switch reboots. To access thevarious configuration modes, you must start at global configuration mode. From global configuration mode,you can enter interface configuration mode and line configuration mode .This table describes the main command modes, how to access each one, the prompt you see in that mode, andhow to exit the mode. The examples in the table use the hostname SwitchFlexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-011
Using the Command-Line InterfaceCommand ModesTable 1: Command Mode SummaryModeAccess MethodUser EXECBegin a sessionusing Telnet, SSH,or console.PromptSwitch Exit MethodAbout This ModeEnter logout or Use this mode toquit. Changeterminalsettings. Perform basictests. Display systeminformation.Privileged EXECWhile in userEXEC mode, enterthe enablecommand.GlobalconfigurationWhile in privilegedEXEC mode, enterthe configurecommand.VLANconfigurationWhile in globalconfigurationmode, enter thevlan vlan-idcommand.InterfaceconfigurationWhile in globalconfigurationmode, enter theinterface command(with a nfig-vlan)#Enter disableto exit.Use this mode toverify commandsthat you haveentered. Use apassword to protectaccess to this mode.To exit toprivilegedEXEC mode,enter exit orend, or pressCtrl-Z.Use this mode toconfigure parametersthat apply to theentire switch.To exit toglobalconfigurationmode, enter theexit command.Use this mode toconfigure VLANparameters. WhenVTP mode istransparent, you cancreateTo return toextended-rangeprivilegedVLANs (VLAN IDsEXEC mode,greater than 1005)press Ctrl-Z orand saveenter end.configurations in theswitch startupconfiguration file.Switch(config-if)#Use this mode toconfigure parametersfor the Ethernetports.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)2OL-32528-01
Using the Command-Line InterfaceUnderstanding Abbreviated CommandsModeAccess MethodPromptExit MethodAbout This ModeTo exit toglobalconfigurationmode, enterexit.To return toprivilegedEXEC mode,press Ctrl-Z orenter end.Line configuration While in globalconfigurationmode, specify a linewith the line vty orline consolecommand.Switch(config-line)#To exit toglobalconfigurationmode, enterexit.Use this mode toconfigure parametersfor the terminal line.To return toprivilegedEXEC mode,press Ctrl-Z orenter end.Understanding Abbreviated CommandsYou need to enter only enough characters for the switch to recognize the command as unique.This example shows how to enter the show configuration privileged EXEC command in an abbreviated form:Switch# show confNo and Default Forms of CommandsAlmost every configuration command also has a no form. In general, use the no form to disable a feature orfunction or reverse the action of a command. For example, the no shutdown interface configuration commandreverses the shutdown of an interface. Use the command without the keyword no to reenable a disabled featureor to enable a feature that is disabled by default.Configuration commands can also have a default form. The default form of a command returns the commandsetting to its default. Most commands are disabled by default, so the default form is the same as the no form.However, some commands are enabled by default and have variables set to certain default values. In thesecases, the default command enables the command and sets variables to their default values.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-013
Using the Command-Line InterfaceCLI Error MessagesCLI Error MessagesThis table lists some error messages that you might encounter while using the CLI to configure your switch.Table 2: Common CLI Error MessagesError MessageMeaningHow to Get Help% Ambiguous command: "showcon"You did not enter enoughcharacters for your switch torecognize the command.Reenter the command followed bya question mark (?) without anyspace between the command andthe question mark.The possible keywords that you canenter with the command appear.% Incomplete command.You did not enter all of theReenter the command followed bykeywords or values required by this a question mark (?) with a spacecommand.between the command and thequestion mark.The possible keywords that you canenter with the command appear.% Invalid input detected at‘ ’ marker.You entered the commandEnter a question mark (?) to displayincorrectly. The caret ( ) marks the all of the commands that arepoint of the error.available in this command mode.The possible keywords that you canenter with the command appear.Configuration LoggingYou can log and view changes to the switch configuration. You can use the Configuration Change Loggingand Notification feature to track changes on a per-session and per-user basis. The logger tracks eachconfiguration command that is applied, the user who entered the command, the time that the command wasentered, and the parser return code for the command. This feature includes a mechanism for asynchronousnotification to registered applications whenever the configuration changes. You can choose to have thenotifications sent to the syslog.NoteOnly CLI or HTTP changes are logged.Using the Help SystemYou can enter a question mark (?) at the system prompt to display a list of commands available for eachcommand mode. You can also obtain a list of associated keywords and arguments for any command.Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)4OL-32528-01
Using the Command-Line InterfaceUsing the Help SystemSUMMARY STEPS1. help2. abbreviated-command-entry ?3. abbreviated-command-entry Tab 4. ?5. command ?6. command keyword ?DETAILED STEPSStep 1Command or ActionPurposehelpObtains a brief description of the help system in anycommand mode.Example:Switch# helpStep 2abbreviated-command-entry ?Obtains a list of commands that begin with a particularcharacter string.Example:Switch# di?dir disable disconnectStep 3abbreviated-command-entry Tab Completes a partial command name.Example:Switch# sh conf tab Switch# show configurationStep 4Lists all commands available for a particular commandmode.?Example:Switch ?Step 5command ?Lists the associated keywords for a command.Example:Switch show ?Step 6command keyword ?Lists the associated arguments for a keyword.Example:Switch(config)# cdp holdtime ? 10-255 Length of time (in sec) that receivermust keep this packetFlexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)OL-32528-015
Using the Command-Line InterfaceHow to Use the CLI to Configure FeaturesHow to Use the CLI to Configure FeaturesConfiguring the Command HistoryThe software provides a history or record of commands that you have entered. The command history featureis particularly useful for recalling long or complex commands or entries, including access lists. You cancustomize this feature to suit your needs.Changing the Command History Buffer SizeBy default, the switch records ten command lines in its history buffer. You can alter this number for a currentterminal session or for all sessions on a particular line. This procedure is optional.SUMMARY STEPS1. terminal history [size number-of-lines]DETAILED STEPSStep 1Command or ActionPurposeterminal history [size number-of-lines]Changes the number of command lines that the switch records duringthe current terminal session in privileged EXEC mode. You canconfigure the size from 0 to 256.Example:Switch# terminal history size 200Recalling CommandsTo recall commands from the history buffer, perform one of the actions listed in this table. These actions areoptional.NoteThe arrow keys function only on ANSI-compatible terminals such as VT100s.SUMMARY STEPS1. Ctrl-P or use the up arrow key2. Ctrl-N or use the down arrow key3. show historyFlexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches)6OL-32528-01
Using the Command-Line InterfaceEnabling and Disabling Editing FeaturesDETAILED STEPSCommand or ActionPurposeStep 1Ctrl-P or use the up arrow keyRecalls commands in the history buffer, beginning with the most recent command.Repeat the key sequence to recall successively older commands.Step 2Ctrl-N or use the down arrow key Returns to more recent commands in the history buffer after recalling commandswith Ctrl-P or the up arrow key. Repeat the key sequence to recall successivelymore recent commands.Step 3show historyExample:Switch# show historyLists the last several commands that you just entered in privileged EXEC mode.The number of commands that appear is controlled by the setting of the terminalhistory global configuration command and the history line configurationcommand.Disabling the Command History FeatureThe command history feature is automatically enabled. You can disable it for the current terminal session orfor the command line. This procedure is optional.SUMMARY STEPS1. terminal no historyDETAILED STEPSStep 1Command or ActionPurposeterminal no historyDisables the feature during the current terminal session inprivileged EXEC mode.Example:Switch# terminal no historyEnabling and Disabling Editing FeaturesAlthough enhanced editing mode is automatically enabled, you can disable it and reenable it.SUMMARY STEPS1. terminal editi
Flexible NetFlow Configuration Guide, Cisco IOS Release 15.2(2)E (Catalyst 3750-X and 3560-X Switches) OL-32528-01 11 Using the Command-Line Interface Accessing the CLI Through a Console Connection or Through Telnet
