Skip to main content

Flexible Netflow on the Cisco 4500 Switch

Netflow is the very basic need which is required when troubleshooting Network slowness problems. Unfortunately Cisco 4500 switch does not have General/Traditional Netflow which we configure on Cisco Routers and Cisco 6500 switches etc. Cisco 4500 only supports Flexible Netflow which is basically Netflow V9. In this post I will guide you to configure Flexible Netflow in Cisco 4500 switch.

There are 4 steps to configure Flexible Netflow in Cisco 4500 switch:

  • Create a flow record

  • Create a flow exporter

  • Create a flow monitor

  • Apply the monitor to an interface

Step 1 : Create Flow record :


The flow record defines the fields that will be used to group traffic into unique flows. In my example, I used the following configuration:


flow record IPV4-FLOW-RECORD
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    collect interface input
    collect interface output
    collect counter bytes long
    collect counter packets long


Step 2 : Create Flow Export :


In flow exporter we configure the IP of netflow analyser tool which will receive Netflow data. By default, Cisco will send data to UDP Port 9995 but you can configure this port to any number. I have also configured Source Interface which is reachable from Netflow analyser server.


flow exporter Netflow_analyser
    destination 192.168.0.245
    source Loopback0
    transport udp 9995


Step 3 : Create Flow Monitor :


The flow monitor is where you link records and exporters together :
flow monitor IPV4-FLOW
    description Used for Monitoring IPv4 Traffic
    record IPV4-FLOW-RECORD
    exporter Netflow_analyser

Now its time to apply this to Interface where we want to enable Netflow.


Step 4 : Apply The Configuration :


First we will apply it to SVI vlan port :
4500(config)#vlan config 2  -----> This is Vlan number
4500(config-vlan-config)#ip flow monitor IPV4-FLOW input

Similarly we will apply to L3 port :
interface GigabitEthernet 0/1
     ip flow monitor IPV4-FLOW input


Show Commands to check Flexible Netflow is configured correctly :


4500#show flow ?
  exporter   Flow Exporter information
  interface  Flow interface information
  internal   Show the flow fields
  monitor    Flow Monitor information
  record     Show Flow Record configuration

You can check different parameters and configuration by using "show flow " command.



Thanks for reading my short post regarding Flexible Netflow on Cisco 4500 Switch.





Labels:

Comments

Post a Comment

Popular posts from this blog

SuperPuTTY for EVE-NG

To use SuperPuTTY as default client for telnet in Eve-NG for multi tab console

When we click on Router or Switch in EVE-NG by default console open in CMD. Here I posting a method to use SuperPutty with EVE-NG so that you can use TAB function of SuperPutty.
You need to edit registry 
Enable handling of telnet://hostname:port/ URLs on the command line. With this feature, you can now set SuperPuTTY as the default handler for Telnet URLs 
If you run the Registry Editor (Start->Run->regedit.exe) and set the value in:
HKEY_CLASSES_ROOT\telnet\shell\open\command to be: "\path\to\SuperPutty.exe"
(with the full pathname of your SuperPuTTY executable)

In my case it like this :

C:\Program Files (x86)\SuperPuTTY\SuperPutty.exe %1




Second most important thing :

Select "Only allow single instance of SuperPutty to run" in SuperPutty options (Tools > Options)




And in GUI options , select Tab Text : "Dynamic"




And Finally you will get the multi tab console in Superp…
4 comments
Read more

Install Linux in Eve-NG

Install Linux in Eve-NG :
You can choose any of Linux image from the pack below and simply upload into EVE. Download your preferred image from this link:Download Linux Images Here  (This Link is Provided by EVE - NG)     2. Download your desirable image     3. Using WinSCP or FileZilla SSH (TCP 22) to your EVE and upload downloaded image to the location: /opt/unetlab/addons/qemu/     4. Using Putty or other telnet client, CLI SSH (TCP 22) to your EVE and go to location: cd /opt/unetlab/addons/qemu/    5. Unzip your uploaded image file, make sure you are using right name of uploaded image. Example for ubuntu desktop image below. tar xzvf linux-ubuntu-desktop-16.04.4.tar.gz    6. Remove raw zipped image file from EVE rm -f linux-ubuntu-desktop-16.04.4.tar.gz   7. Fix permissions /opt/unetlab/wrappers/unl_wrapper -a fixpermissions   6. Repeat this procedure for each downloaded image, expecting right image name in commands
Ready to go images recommeneded settings: IMPORTANT NOTE: Before you start Li…
Post a Comment
Read more

NAT Cloud in EVE-NG

NAT Cloud in EVE-NG


I want to share with you how to create a NAT cloud in the EVE-NG community edition. Essentially, this is a virtual network with a DHCP server, which will allow NAT connections over the management interface of the EVE-NG VM for Internet access.


Interface, DHCP Server and NAT First of all, we need to create a network which can be used in the topology. I’ll be using the predefined pnet9 interface (Cloud 9 network) for this, but any other interface will do. 1 2 3 ip address add192.168.255.1/24dev pnet9 echo1
Post a Comment
Read more

copy IOS from FTP server for cisco switch upgrade

These are the commands to copy IOS from FTP to Flash:
Filezilla SERVER :

copy ftp://username:password@ftp-server-ip/IOS-name.bin flash:

Example :

copy ftp://cisco:cisco@192.168.1.1/c2960x-universalk9-mz.152-4.E6.bin flash:



SolarWinds SFTP & SCP Server (When we need to copy IOS to Flash using Secured channel like SCP or SFTP:

copy scp://<User>:<Password>@<Server-IP>/<File-name> flash0://<File-Name>
Post a Comment
Read more

What is Ansible?

Ansible is a simple automation language or you can say application that can perfectly automate IT infrastructure or network infrastructure.

Ansible is a free-software platform for configuring and managing computers or network devices which combines multi-node software deployment, ad hoc task execution, and configuration management. (description taken from wikipedia)

It can also be used for network management. Like Puppet or Chef which requires agent to be installed on host system but Ansible does not require an agent on the host system. It uses SSH for transport to communicate with the host. When Ansible was first developed it was used primarily for server administration but in the last few years of development more and more network modules have been added to the software. Currently these Network vendor devices can be manage by Ansible. Current version is Ansible Ver 2.4 :

A10 Networks

Cisco ACI

Aireos

AOS

Aruba Networks

Cisco ASA

AVI

Bigswitch

Bigswitch

Citrix

Cloudengine

Cloudvision

Cumulus

Dell OS

Post a Comment
Read more

First look of Open NX-OS

Cisco NX-OS is the network operating system that is used in Cisco Nexus switches. These Nexus switches from Cisco are built for DATA-CENTERS. In this post I will give you a brief idea regarding the NX-OS operating system.  NX-OS has been evolved from SAN-OS which was originally developed for MDS switches by Cisco only. These MDS switches are used for storage network.

Cisco NX-OS is purely based on Micro-kernel Linux where as traditional Cisco IOS is also based on Linux but with Monolithic kernel. I will tell you the difference between these two types of kernel below in this post because it is the key difference between NX-OS and IOS.
 Monolithic Kernel :
Monolithic kernel is a single large process running entirely in a single address space or memory space. It is a single static binary file. All kernel services exists and executes in the kernel address space. If one process having some problem then it will effect all other processes and may interrupt the complete kernel flow. As an ex…
3 comments
Read more