Cisco设备Netflow配置要点及实例
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
1.3. ip cef对接口上的ACL有影响,导致前几个包不接受ACL规则。
1.4. 查看ip flow支持功能
router2811#show ip flow ?
export Display export statistics
interface Display flow configuration on Interfaces
TCP-other 750 0.5 22 87 11.8 6.7 14.9
UDP-DNS 1 0.0 1 61 0.0 0.0 15.0
<cr>
router3745# show ip flow top-talkers ?
verbose Display extra information
| Output modifiers
<cr>
router3745#
1.5. 查看ip flow输出情况
Display aggregated top talkers:
<1-100> Number of aggregated top talkers to show
Display unaggregated top flows:
verbose Display extra information about unaggregated top flows
| Output modifiers
<cr>
router2811#
router3745# show ip flow export ?
template Display export template statistics
| Output modifiers
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
1 chunk, 0 chunks added
last clearing of statistics 00:23:43
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
Destination(1) 10.119ds
786 flows exported in 32 udp datagrams
0 flows failed due to lack of export packet
IP Flow Switching Cache, 278544 bytes
130 active, 3966 inactive, 11952 added
244407 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
ICMP 10833 7.6 2 66 18.0 1.5 15.4
IP-other 3 0.0 1 109 0.0 0.0 15.6
.000 .873 .116 .006 .001 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .002 .000 .000 .000 .000 .000 .000
router2811#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.117.3.5 (FastEthernet0/1)
Destination(1) 10.119.159.38 (9090)
Version 5 flow records
782 flows exported in 32 udp datagrams
0 flows failed due to lack of export packet
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
router2811#
router3745#show ip flow export
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 34056 bytes
129 active, 895 inactive, 1145 added, 1145 added to flow
0 alloc failures, 0 force free
Total: 11855 8.3 15 67 128.8 2.3 15.4
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.117.3.5 (FastEthernet0/1)
2203147 flows exported in 134556 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
router2811#show ip flow export verbose
router3745#
1.5. 查看ip flow采集接口
router2811#show ip flow interface
FastEthernet0/0
ip route-cache flow
ip flow ingress
FastEthernet0/1
ip route-cache flow
TCP-Telnet 21 0.0 162 40 2.4 37.7 11.5
TCP-X 19 0.0 11 40 0.1 0.0 14.5
top-talkers Display top talkers
router2811#show ip flow export ?
sctp Display SCTP export statistics
template Display export template statistics
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
verbose Display verbose export statistics
| Output modifiers
<cr>
router2811#show ip flow inter ?
| Output modifiers
<cr>
router2811#show ip flow top-talkers ?
Cisco设备Netflow配置指南
2013.08.09
1. Netflow配置要点
1.1. Netflow需要开启ip cef才能生效,还需要在接口启用ip flow ingress命令,
IOS 12.2之前命令为ip route-cache flow。
1.2. 在部分Cisco设备中,接口下的ip route-cache flow和ip flow ingress基本上是同一个命令。
ip flow ingress
router3745#
1.6. 查看ip flow缓存
router2811#show ip cache flow
IP packet size distribution (169104 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
ip flow ingress
router2811#
router3745#show ip flow interface
FastEthernet0/0
ip route-cache flow
ip flow ingress
FastEthernet0/1
ip route-cache flow
UDP-NTP 3 0.0 1 76 0.0 0.0 15.2
UDP-other 225 0.1 608 65 96.3 23.1 15.4
Flow export v5 is enabled for main cache
Exporting flows to 172.16.100.8 (2055)
Exporting using source interface FastEthernet0/1
Version 5 flow records, peer-as