Вы находитесь на странице: 1из 8
Lab ID: 9.9K1013A210.SAI2.1 Stand-Alone Lab: NetFlow Objective existing NetFlow conguration. In this lab, you will

Lab ID: 9.9K1013A210.SAI2.1

Stand-Alone Lab: NetFlowLab ID: 9.9K1013A210.SAI2.1 Objective existing NetFlow conguration. In this lab, you will learn the basic commands

Lab ID: 9.9K1013A210.SAI2.1 Stand-Alone Lab: NetFlow Objective existing NetFlow conguration. In this lab, you will

ObjectiveLab ID: 9.9K1013A210.SAI2.1 Stand-Alone Lab: NetFlow existing NetFlow conguration. In this lab, you will learn the

existing NetFlow conguration. ID: 9.9K1013A210.SAI2.1 Stand-Alone Lab: NetFlow Objective In this lab, you will learn the basic commands to
existing NetFlow conguration.

In this lab, you will learn the basic commands to congure NetFlow on a Cisco router and to verify an

Lab Topology The topology diagram below represents the NetMap in the Simulator. Router3 Router1 Router2
Lab Topology
The topology diagram below represents the NetMap in the Simulator.
Router3
Router1
Router2
Switch1
Switch2

Command Summary

Command

Description

congure terminal

enters global conguration mode from privileged EXEC mode

enable

enters privileged EXEC mode

end

ends and exits conguration mode

exit

exits one level in the menu structure

Command Description interface type number changes from global conguration mode to interface conguration
Command Description interface type number changes from global conguration mode to interface conguration

Command

Description

interface type number

changes from global conguration mode to interface conguration mode

 

enables NetFlow for outbound trafc on an interface

 

enables NetFlow for inbound trafc on an interface

ip ow-export destination ip-address port

species the IP address and destination port for exported NetFlow records

ip ow-export version [1 | 5 | 9]

species the format of exported NetFlow records

show ip cache ow

displays basic NetFlow statistics

show ip ow export

displays the NetFlow date export conguration

show ip ow interface

displays the NetFlow conguration for each interface

show running-cong

displays the active conguration le

The IP addresses and subnet masks used in this lab are shown in the table below:

IP Addresses

Device

Interface

IP Address

Subnet Mask

Router1

FastEthernet 0/0

192.168.2.1

255.255.255.0

FastEthernet 0/1

10.10.10.1

255.255.255.0

Router2

FastEthernet 0/0

172.16.10.1

255.255.255.0

FastEthernet 0/1

192.168.1.2

255.255.255.0

Rotuer3

FastEthernet 0/0

192.168.2.1

255.255.255.0

FastEthernet 0/1

192.168.1.1

255.255.255.0

Lab Tasks

Task 1: Learn NetFlow Conguration Commands

This task introduces you to various commands used to congure the NetFlow feature on a Cisco router.

1. For what purpose would you typically use the Cisco NetFlow feature on a router?

ip ow egress you typically use the Cisco NetFlow feature on a router? ip ow ingress 2. What is
ip ow egress

ip ow ingress use the Cisco NetFlow feature on a router? ip ow egress 2. What is a drawback

2. What is a drawback to using the NetFlow feature?

3. Congure NetFlow for inbound trafc on the FastEthernet 0/0 interface of Router1.

4. Congure NetFlow for outbound trafc on the FastEthernet 0/1 interface of Router1.

5. What is the default NetFlow data export format on Cisco routers?

6. Congure Router1 with the highest supported version format for NetFlow export data. 7. Where
6. Congure Router1 with the highest supported version format for NetFlow export data. 7. Where

6. Congure Router1 with the highest supported version format for NetFlow export data.

7. Where is the data collected by NetFlow collector stored?

7. Where is the data collected by NetFlow collector stored?

7. Where is the data collected by NetFlow collector stored? 8. Congure Router1 to export NetFlow
8. Congure Router1 to export NetFlow data records to a NetFlow collector with an IP

8. Congure Router1 to export NetFlow data records to a NetFlow collector with an IP address of

1.2.3.4 listening on port 9999 .
1.2.3.4 listening on port 9999 .

1.2.3.4

listening on port 9999.

9. Congure Router1 to export NetFlow data records to a NetFlow collector with an IP

9. Congure Router1 to export NetFlow data records to a NetFlow collector with an IP address of

4.3.2.1

listening on SCTP port 8888.

an IP address of 4.3.2.1 listening on SCTP port 8888 . Task 2: Verify a NetFlow
Task 2: Verify a NetFlow Conguration

Task 2: Verify a NetFlow Conguration

This task introduces you to the basic show commands used to verify a NetFlow conguration

This task introduces you to the basic show commands used to verify a NetFlow conguration on a Cisco router.

1. On Router1, view a summary output of the basic NetFlow conguration on each interface.

1. On Router1, view a summary output of the basic NetFlow conguration on each interface. Which

interfaces are congured to monitor inbound trafc with NetFlow?

interfaces are congured to monitor inbound trafc with NetFlow?

are congured to monitor inbound trafc with NetFlow?   2. On Router1, check the NetFlow data
 

2. On Router1, check the NetFlow data export format. Which data export format is being used?

data export format. Which data export format is being used? 3. How many NetFlow collector addresses
3. How many NetFlow collector addresses are congured?

3. How many NetFlow collector addresses are congured?

4. On Router1, display the NetFlow statistics that include the number of ows per protocol

4. On Router1, display the NetFlow statistics that include the number of ows per protocol and the

source and destination IP addresses associated with each ow. How many Transmission Control Protocol (TCP)-World

source and destination IP addresses associated with each ow. How many Transmission Control Protocol (TCP)-World Wide Web (WWW) ows are there? How many packets have been transmitted

between the 10.10.10.2 and 172.16.10.4 IP addresses?

between the 10.10.10.2 and 172.16.10.4 IP addresses?

Web (WWW) ows are there? How many packets have been transmitted between the 10.10.10.2 and 172.16.10.4
Web (WWW) ows are there? How many packets have been transmitted between the 10.10.10.2 and 172.16.10.4
Web (WWW) ows are there? How many packets have been transmitted between the 10.10.10.2 and 172.16.10.4
Lab Solutions Task 1: Learn NetFlow Conguration Commands 1. You would typically use the Cisco

Lab SolutionsTask 1: Learn NetFlow Conguration Commands 1. You would typically use the Cisco NetFlow feature

Task 1: Learn NetFlow Conguration CommandsLab Solutions 1. You would typically use the Cisco NetFlow feature to capture statistics about network

1. You would typically use the Cisco NetFlow feature to capture statistics about network trafc

1. You would typically use the Cisco NetFlow feature to capture statistics about network trafc ows

• Source IP address

• Destination IP address

that pass through a router. Although Cisco considers a series of packets a ow if

that pass through a router. Although Cisco considers a series of packets a ow if they share, at a

minimum, the same source and destination IP addresses, a ow is dened as a series

minimum, the same source and destination IP addresses, a ow is dened as a series of packets

that share the following characteristics:
that share the following characteristics:

that share the following characteristics:

• Protocol number

• Source protocol port

• Source protocol port

• Destination protocol port

• Destination protocol port

• Type of Service (ToS) bits

• Associated interface

• Associated interface

Note: You can congure NetFlow to monitor either ingress or egress trafc on an interface.

Note: You can congure NetFlow to monitor either ingress or egress trafc on an interface.

2. A drawback to the Netow feature is that, depending on the hardware platform and

2. A drawback to the Netow feature is that, depending on the hardware platform and the number of

3. You should issue the following commands to congure NetFlow for inbound trafc on Router1’s

simultaneous trafc ows, enabling the NetFlow feature can be very processor-intensive and can

simultaneous trafc ows, enabling the NetFlow feature can be very processor-intensive and can

have a large impact on device performance. Therefore, NetFlow should only be enabled when required
have a large impact on device performance. Therefore, NetFlow should only be enabled when required

have a large impact on device performance. Therefore, NetFlow should only be enabled when required on most hardware platforms.

FastEthernet 0/0 interface:

Router1>enable
Router1>enable

Router1>enable

Router1#configure terminal Router1(config)#interface fastethernet 0/0

Router1(config-if)#ip flow ingress

Router1(config-if)#ip flow ingress

4. You should issue the following commands to congure NetFlow for outbound trafc on the

4. You should issue the following commands to congure NetFlow for outbound trafc on the

FastEthernet 0/1 interface:

FastEthernet 0/1 interface:

Router1(config-if)#interface fastethernet 0/1 Router1(config-if)#ip flow egress

Router1(config-if)#interface fastethernet 0/1 Router1(config-if)#ip flow egress

5. By default, NetFlow data is exported using version 1, but Cisco recommends that you change the export version to the highest version supported by your NetFlow collector. Most NetFlow devices support export versions 1, 5, and 9.

6. You should use the context-sensitive help to determine the NetFlow export data formats supported
6. You should use the context-sensitive help to determine the NetFlow export data formats supported

6. You should use the context-sensitive help to determine the NetFlow export data formats supported by Router1. The following output from the ip ow-export version ? command reveals that Router1

supports export versions 1, 5, and 9:

Router1(config-if)#exit Router1(config)#ip flow-export version ? 1 5 9 You should then issue the following command
Router1(config-if)#exit Router1(config)#ip flow-export version ?

Router1(config-if)#exit

Router1(config)#ip flow-export version ?

1

1

5

5

9

You should then issue the following command to specify version 9, which is the highest

You should then issue the following command to specify version 9, which is the highest version format for NetFlow export data that Router1 supports:

format for NetFlow export data that Router1 supports: Router1(config)#ip flow-export version 9 7. By default, the
Router1(config)#ip flow-export version 9

Router1(config)#ip flow-export version 9

7. By default, the data gathered by NetFlow is stored locally in dedicated NetFlow tables

7. By default, the data gathered by NetFlow is stored locally in dedicated NetFlow tables on each

congured device. You can access the information stored in the NetFlow tables of a device

congured device. You can access the information stored in the NetFlow tables of a device by issuing the appropriate NetFlow-related show commands from privileged EXEC mode. Alternatively,

you can congure the device to export NetFlow statistics to a central location, which is

you can congure the device to export NetFlow statistics to a central location, which is referred to as a NetFlow collector.

location, which is referred to as a NetFlow collector. 8. You should issue the following command
8. You should issue the following command on Router1 to export NetFlow data records to

8. You should issue the following command on Router1 to export NetFlow data records to a NetFlow collector with an IP address of 1.2.3.4 listening on port 9999.

Router1(config)#ip flow-export destination 1.2.3.4 9999

. Router1(config)#ip flow-export destination 1.2.3.4 9999 9. Although NetFlow records are exported as User Datagram
9. Although NetFlow records are exported as User Datagram Protocol (UDP) datagrams by default, some

9. Although NetFlow records are exported as User Datagram Protocol (UDP) datagrams by default, some platforms support Stream Control Transmission Protocol (SCTP) as an alternate transport

protocol. You can use the sctp keyword with the ip ow-export destination command to specify

protocol. You can use the sctp keyword with the ip ow-export destination command to specify

that SCTP should be used instead of UDP to transmit NetFlow data. You should issue

that SCTP should be used instead of UDP to transmit NetFlow data. You should issue the following command to specify a NetFlow collector with an IP address of 4.3.2.1 that is listening for NetFlow

data on SCTP port 8888 .

data on SCTP port 8888.

Router1(config)#ip flow-export destination 4.3.2.1 8888 sctp

Router1(config)#ip flow-export destination 4.3.2.1 8888 sctp

that is listening for NetFlow data on SCTP port 8888 . Router1(config)#ip flow-export destination 4.3.2.1 8888

Task 2: Verifying a NetFlow Conguration

1. The output from the following command displays a summary of the basic NetFlow conguration of each interface. The output shows that NetFlow is congured to monitor inbound ows on the FastEthernet 0/0 interface and outbound ows on the FastEthernet 0/1 interface:

Router1(config)#end

Router1#show ip flow interface

FastEthernet0/0

 
 

ip flow ingress

FastEthernet0/1

 
 

ip flow egress

 
2. You can issue the show ip ow export command to verify the NetFlow export
2. You can issue the show ip ow export command to verify the NetFlow export

2. You can issue the show ip ow export command to verify the NetFlow export format version on Router1. Additionally, the command output can be used to verify the IP address and port numbers

of any congured NetFlow collectors. Output from the command issued on Router1 shows that
of any congured NetFlow collectors. Output from the command issued on Router1 shows that

of any congured NetFlow collectors. Output from the command issued on Router1 shows that

NetFlow data is exported using version 9:

 
Router1#show ip flow export

Router1#show ip flow export

Flow export v9 is enabled for main cache  

Flow export v9 is enabled for main cache

 
Export source and destination details :  
Export source and destination details :  

Export source and destination details :

 

VRF ID : Default Destination(1) 1.2.3.4 (9999) Destination(2) 4.3.2.1 (8888) via SCTP Version 9 flow records

418 flows exported in 4534 udp datagrams

418

flows exported in 4534 udp datagrams

325 flows exported in 1864 sctp messages

325

flows exported in 1864 sctp messages

0

flows failed due to lack of export packet

0 export packets were sent up to process level
0 export packets were sent up to process level

0

export packets were sent up to process level

0

0

export packets were dropped due to no fib

export packets were dropped due to adjacency issues

0

export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

0

export packets were dropped due to encapsulation fixup failures

3. Output from the show ip ow export command issued on Router1 shows that two
3. Output from the show ip ow export command issued on Router1 shows that two
3. Output from the show ip ow export command issued on Router1 shows that two

3. Output from the show ip ow export command issued on Router1 shows that two collectors have been congured. One collector has an IP address of 1.2.3.4 and is listening on UDP port 9999, whereas the other collector has an IP address of 4.3.2.1 and is listening on SCTP port 8888.

Router1#show ip flow export Flow export v9 is enabled for main cache Export source and destination details :

VRF ID : Default  

VRF ID : Default

 
 

Destination(1) 1.2.3.4 (9999)

Destination(2) 4.3.2.1 (8888) via SCTP  

Destination(2) 4.3.2.1 (8888) via SCTP

 

Version 9 flow records

 
418 325 flows exported in 4534 udp datagrams flows exported in 1864 sctp messages  
418 325 flows exported in 4534 udp datagrams flows exported in 1864 sctp messages  

418

325

flows exported in 4534 udp datagrams

flows exported in 1864 sctp messages

 

0

flows failed due to lack of export packet

0 export packets were sent up to process level

0

export packets were sent up to process level

0

export packets were dropped due to no fib

 
0 export packets were dropped due to adjacency issues

0

export packets were dropped due to adjacency issues

0

export packets were dropped due to fragmentation failures

 

0

export packets were dropped due to encapsulation fixup failures

The show ip cache ow command displays NetFlow statistics that include the number of ows
The show ip cache ow command displays NetFlow statistics that include the number of ows
The show ip cache ow command displays NetFlow statistics that include the number of ows
per protocol and the source and destination IP addresses associated with each ow. The command
output displays a variety of statistics including the number of ows for each protocol, the source and
destination IP addresses for each ow, and the number of packets transmitted in each ow. You
should issue the show ip cache ow command on Router1 to determine the number of ows and
packets transmitted between devices. In the sample output below, there are 83 TCP WWW ows. In
addition, 40 packets have been transmitted between the 10.10.10.2 and 172.16.10.4 IP addresses.
Sample output is shown below; your output may vary:
4.
Router1#show ip cache flow
IP packet size distribution (1103746 total packets):
1-32
64
96
128
160
192
224
256
288
320
352
384
416
448
480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512
544
576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2921778 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0
active, 1024 inactive, 0 added, 0 added to flow
0
alloc failures, 0 force free
chunk, 1 chunk added
last clearing of statistics never
1
Protocol Total
-------- Flows
Flows
Packets Bytes Packets Active(Sec) Idle(Sec)
/Sec
/Flow /Pkt
/Sec
/Flow
/Flow
TCP-WWW
83
0.0
1321
40
1.5
1200.1
0.8
TCP-NTP
127
0.0
1203
40
0.6
1200.1
0.7
TCP-other 337
0.0
1220
40
4.7
1201.4
0.8
UDP-TFTP
17
0.0
1213
28
0.5
1199.4
1.0
UDP-other 138
0.0
1117
28
2.1
1199.5
0.9
ICMP
125
0.0
1133
418
2.1
1199.4
0.8
Total:
915
0.0
1166
91
22.4
1799.6
0.8
SrcIf
SrcIPaddress
DstIf
DstIPaddress
Pr SrcP DstP
Pkts
Fa0/0
10.10.10.3
Fa0/1
172.16.10.6
Fa0/0
10.10.10.5
172.16.10.7
11 0043 0043
11 0045 0045
52
Fa0/1
53
Sample Conguration Script Router1 Router1 (continued) Router1#show running-config Building configuration
Sample Conguration Script

Sample Conguration Script

Router1 Router1 (continued)
Router1 Router1 (continued)

Router1

Router1 (continued)

Router1#show running-config Building configuration

Current configuration : 976 bytes

interface FastEthernet0/0 ip address 192.168.2.2 255.255.255.0 ip flow ingress no ip directed-broadcast

255.255.255.0 ip flow ingress no ip directed-broadcast ! Version 12.3 ! service timestamps debug uptime service
!

!

Version 12.3 !
Version 12.3 !

Version 12.3

!

service timestamps debug uptime service timestamps log uptime no service password-encryption

!

interface FastEthernet0/1 ip address 10.10.10.1 255.255.255.0 ip flow egress no ip directed-broadcast

hostname Router1 !
hostname Router1 !

hostname Router1

!

!

ip subnet-zero

router eigrp 10 network 10.10.10.0 0.0.0.255 network 192.168.2.0 0.0.0.255

!

!

ip cef

no auto-summary

no ip domain-lookup

!

! ip classless no ip http server !
! ip classless no ip http server !

!

ip classless no ip http server

!

interface Serial0/0 no ip address no ip directed-broadcast clock rate 64000 shutdown

!

ip flow-export version 9 ip flow-export destination 1.2.3.4 9999 ip flow-export destination 4.3.2.1 8888 sctp

ip flow-export version 9 ip flow-export destination 1.2.3.4 9999 ip flow-export destination 4.3.2.1 8888 sctp

interface Serial0/1 no ip address no ip directed-broadcast shutdown !
interface Serial0/1 no ip address no ip directed-broadcast shutdown !

interface Serial0/1 no ip address no ip directed-broadcast shutdown

!

line con 0 line aux 0

line vty 0 4

! !
! !

!

!

no scheduler allocate end

no ip address no ip directed-broadcast shutdown ! line con 0 line aux 0 line vty
no ip address no ip directed-broadcast shutdown ! line con 0 line aux 0 line vty
no ip address no ip directed-broadcast shutdown ! line con 0 line aux 0 line vty
no ip address no ip directed-broadcast shutdown ! line con 0 line aux 0 line vty

Copyright © 1996–2013 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.