一、建立Netflow關鍵字及條件
flow record Netflow_record
description test
match ipv4 source address
match ipv4 destination address
collect interface input
collect interface output
collect counter bytes
collect counter packets
二、輸出的設備設定
flow exporter Netflow_exporter
destination 10.10.0.5
transport udp 9999
三、設定監控流量套用
flow monitor Netflow_monitor
record Netflow_record exporter Netflow_exporter
cache entries 1000
四、VLAN流量監控設定
Vlan configuration 10,50,199
ip flow monitor Netflow_monitor input
五、介面流量監控設定
interface Gi 0/1
ip flow monitor Netflow_monitor input
六、相關指令
#show flow interface gi 0/1
Interface GigabitEthernet0/1
FNF: monitor: Netflow_monitor
direction: Input
traffic(ip): on
#show flow record Netflow_record
flow record Netflow_record:
Description: test
No. of users: 1
Total field space: 24 bytes
Fields:
match ipv4 source address
match ipv4 destination address
collect interface input
collect interface output
collect counter bytes
collect counter packets
#show flow monitor Netflow_monitor cache sort highest counter bytes
Processed 663 flows
Aggregated to 663 flows
Showing the top 20 flows
IPV4 SRC ADDR IPV4 DST ADDR intf input intf output bytes pkts
=========== ============= ==================== =================
10.120.10.229 10.131.11.29 Gi2/12 Gi2/1 13952467 11999
10.120.10.229 10.133.10.55 Gi2/12 Gi2/1 13589174 9588
10.120.10.229 10.131.17.107 Gi2/12 Gi2/7 12511448 9014
10.120.10.229 10.132.10.68 Gi2/12 Gi2/7 12194111 8637
10.120.10.229 10.131.11.88 Gi2/12 Gi2/1 9925116 7170
10.120.10.229 10.132.10.104 Gi2/12 Gi2/7 9099997 6637
10.120.10.229 10.120.14.75 Gi2/12 Gi3/13 8053120 7780
10.120.10.229 10.133.10.166 Gi2/12 Gi2/1 5207531 3694
10.120.10.229 10.120.12.13 Gi2/12 Po1 4349549 3287
10.120.10.229 10.132.33.26 Gi2/12 Gi2/7 3072925 2447
#sh flow monitor Netflow_monitor cache
Cache type: Normal
Cache size: 4096
Current entries: 591
High Watermark: 895
Flows added: 5626
Flows aged: 5035
- Active timeout ( 1800 secs) 0
- Inactive timeout ( 15 secs) 5035
- Event aged 0
- Watermark aged 0
- Emergency aged 0
IPV4 SRC ADDR IPV4 DST ADDR intf input intf output bytes pkts
=============== =============== ==================== ============
10.120.10.229 10.131.17.107 Gi2/12 Gi2/7 15933578 11531
10.120.10.229 10.131.14.201 Gi2/12 Gi2/7 374750 918
10.120.10.229 210.66.194.81 Gi2/12 Po1 69006 505
10.120.10.229 72.26.204.72 Gi2/12 Null 109456 1478
10.120.10.92 10.120.10.10 Gi2/12 Gi2/10 34581 188
----------------------------------------------------- -----------------------------------------------------
查看Release Notes功能只有Flexible Netflow - Ingress support 並沒支援ip flow egress
ip flow ingress 只有3.3及3.4
ip flow egress 全部版本皆否。
所有版本皆可下 ip flow monitor test_mm input 指令,而output皆不能
Router4506-1(config-if)#ip flow monitor test_mm output
% Flow Monitor: 'test_mm' could not be added to interface due to invalid sub-traffic type: 0
原廠文件資訊
The configuration of the flow exporter does" not support the option output features".
Configuring Flexible NetFlow
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/3.1.1SG/configuration/guide/fnf.html
相關網誌
留言列表
網路設備筆記 (6)