Cisco 4331 Netflow Commands

Similar Messages

• Netflow command and interface

  Hi,
  I have a few simple questions regarding netflow. Would anyone please clarify them for me?
  1. I usually configured netflow with "ip route-cache flow" command. Anyway, I have seen articles mentioning "ip flow ingress" and "ip flow egress" commands. What is different exactly i.e. ip route-cache flow and ip flow ingress|egress? Which one should be used?
  2. I understand netflow needs to be configured on every interface to export completely netflow data. Is it correct?
  3. If there are 2 physical and 2 logical i.e. tunnel interfaces, how many/which interfaces should netflow be configured? Are only physical interfaces enough?
  Please let me know if I misunderstand anything.
  Thank you very much,
  Nitass

  AFAIK:
  1. "ip route-cache flow" is deprecated starting in 12.2(18)SXD. See this URL for other IOS trains: http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1049320
  2. It's generally correct, due to the unidirectional nature of NetFlow records. Otherwise, you run the risks such as only seeing one direction of a given "conversation".
  3. My understanding was NetFlow cache could only be enabled on layer-3 interfaces. However, on the catalyst 6000s (and sup720?), you can get layer-2 bridged traffic between hosts in the same VLAN, using the following config:
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Then, there's this recent thread that makes it sound promising that layer-2 ports could become NetFlow-enabled, though it's not clear (to me) how it works out in practice:
  https://supportforums.cisco.com/message/678612#678612
  So YMMV. The best bet is to actually attempt configuring it. Odds are the physical interfaces won't accept the "ip route-cache flow" or "ip flow ingress/egress" config.

• ASR 1006 with IOS 3.13.1S, NetFlow commands not working

  Hi,
  We have Cisco ASR1006 router with IOS asr1000rp1-advipservicesk9.03.13.01.S.154-3.S1-ext.bin, we have recently upgrade IOS from asr1000rp1-advipservicesk9.02.03.02.122-33.XNC2.bin.
  After upgrading the IOS ip flow ingress and ip flow egress command is not working.
  Please suggest on configuring NetFlow commands on this.
  Regards
  MAC

  Also try this link, found if you follow the URL above, and I have made some notes about configuring inbound and outbound flow monitoring :-
  http://docwiki.cisco.com/wiki/Migrating_from_Traditional_to_Flexible_NetFlow#Flexible_NetFlow_Migration_in_Practice
  That article was referred in these release notes but don’t follow the link in the release notes, use the link above as it seems to have moved;
  http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_feats_important_notes_313s.html#pgfId-3455900
  The syntax I have used is almost the same, except that I don’t think you can quite have the 2 options they mention in the last line;
  flow exporter FlowExporter1
    destination 192.168.9.101
    transport udp 9996
    export-protocol netflow-v5
    source FastEthernet 0/1
  flow monitor FlowMonitor1
    record netflow ipv4 original-input
    exporter FlowExporter1
    cache timeout active 1
    cache timeout inactive 15
  interface FastEthernet 0/1
    ip flow monitor FlowMonitor1 [input|output]  <<<  with the netflow record above only input is ok
  According to the command reference I looked at when you use the ipv4 ‘netflow’ flow record with ‘original-input’, it can only monitor inbound packets and vice-versa for ‘original-output’, therefore I think you need the pair of settings as we have done.
  [see here http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/configuration/guide/12_2sr/fnf_12_2_sr_book/get_start_cfg_fnflow.html#wp1059480 ]
  flow monitor FlowMonitor1
    record netflow ipv4 original-input
  flow monitor FlowMonitor2
    record netflow ipv4 original-output
  interface FastEthernet 0/1
    ip flow monitor FlowMonitor1 input
    ip flow monitor FlowMonitor2 output
  Rgds
  Ian

• Why netflow commands are not available in 4506-E?

  Hi,
  we have one 4506-E Chassis , Sup7L-E , LAN Base with cat4500e-universalk.SPA.03.03.00.SG.151-1.SG.bin image
  why netflow commands are not available not available in this. someone said netflow will work only with IP base License , is that right?
  Or how to enable it 
  thanks
  Sujish 

  Hi,
  For Nwtflow, you need IP Base or Enterprise Services License.
  See table-1 in this link;
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26675-01.pdf 
  HTH

• Netflow commands on a 4451

  I am trying to configure Netflow support on a new 4451 and cannot get the following commands to accept. Can someone advise me please.
  Cisco IOS XE Software, Version 03.10.00.S - Extended Support Release
  Cisco IOS Software, ISR4400 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.3(3)S, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Thu 25-Jul-13 17:45 by mcpre
  Technology Package License Information:
  Technology    Technology-package           Technology-package
                Current       Type           Next reboot 
  appx             None             None             None
  uc               None             None             None
  security         None             None             None
  ipbase           ipbasek9         Permanent        ipbasek9
  (config-if)#ip route
  (config-if)#ip route-c
  (config-if)#ip route-cache ?
    cef             Enable Cisco Express Forwarding
    policy          Enable fast-switching policy cache for outgoing packets
    same-interface  Enable fast-switching on the same interface
    <cr>
  Only command available
  (config-if)#ip flo        
  (config-if)#ip flow ?
    monitor  Apply a Flow Monitor

  Follow the Flexible NetFlow Configuration Guide to configure Flexible NetFlow:
  http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book.html

• Cisco gateway telnet command help

  When our phone system was installed over a year ago the tech that was onsite used a command when after he would telnet into our voce gateway that would display informatin about every call that was going through the system.
  For the life of me I can not recall the command that he used.
  It was like a debugging tool that everytime a call was placed information about the call, source, destination, protocolots, off hook, on hook, etc...
  Can anyone please help jog my brain into remembering this cisco gateway command?
  thanks in advance

  show voice call status
  debug isdn q931 ----->(Don't forget to turn on "term mon")
  HTH
  Regards,
  Yosh

• Cisco ASA disable command line interface (CLI) vor VPN Remote Access users

  Hi,
  I have local database for a couple of VPN Remote Access users on our Cisco ASA 5510 firewall. When adding users i asigned them the privilege leve 0. Is it possible to completly disable CLI for theses users as they will only be using VPN Remote Access and do not need to access the appliance cli.
  Thanks in advance.
  Kind Regards,
  Marco

  Hi,
  We will need to use the vpn-filter or the ssh command to block ssh from the vpn pool.
  Regards,
  Vivek

• Cisco 878 "priv" command password recovery in Rommon mode

  Hi,
  There was " Cookie information corrupt" error on cisco 878 and I enter cookie information with cookie command. The priv command password is "0000" when all cookies zero, but I inserted wrong cookies . I want to edit cookie information. The priv command password changed and I can't edit cookie informations.
  How can I recovery priv command password in rommon ?
  Thanks for help,

  Hi friends,
  I solved problem.   You must add the first five numbers in 16-bit hex in cookies :
  Sample :
  00
  01
  +
  00
  30
  +
  85
  d7
  +
  e0
  60
  +
  0a
  ff
  =        17167
  The password is only four characters, so remove the most significant bit  and the password is 7167.

• Cisco 881 - missing command "random-detect" in class

  Hello,
  I try to set in a class the random-detect feature but it is not present in this ios
  XXX#conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  XXX(config)#policy-map QOS_4M_DETAIL
  XXX(config-pmap)# class LAN_VOIX
  XXX(config-pmap-c)#  priority 1000
  XXX(config-pmap-c)# class LAN_VISIO
  XXX(config-pmap-c)#  bandwidth 850
  XXX(config-pmap-c)#  random-detect
                                  ^
  % Invalid input detected at '^' marker.
  Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(3)T1, RELEASE SOFTWARE (fc2)
  Does someone has a tip?
  Thanks for help,
  Jeremy

  Advanced IP Services Feature Set is required, see Table 7 at: http://www.cisco.com/c/en/us/products/collateral/routers/887-integrated-services-router-isr/data_sheet_c78_459542.html
  Bye,
  enrico
  PS: please rate if useful

• Cisco XML Obj/command for doing nothing?

  Hello there! I was wondering if I can write a cisco XML obj to instruct the phone do nothing? I'm pushing a XML page to the phone, if certain condition holds, the phone will display an image, otherwise it should do/show nothing. How can I do that? which obj shall I use? Thank you very much for your help!

  I have two approaches:
  One is well-known: send the Key:Services command.
  The only problem with that is if the user of the phone were to hit Key:Services after your image was sent (therefore clearing the screen), but before you send the Key:Services command (which will now instead show the services menu to the now-confused user)
  If possible, I'd recommend sending SoftKey:Exit instead--which will clear the screen only if an xml object is showing which has an exit softkey present. The downside to this is similiar to the above scenario--if the user were to get one of the native menus open, such as directories or services, they will be cleared as well when you send this command (because they also have an Exit softkey!).
  So either option has a small window of time where the user may get a little frustrated, but in general that should be a good solution.
  Once you've seen the pros and cons of the above two solutions in practice, and if you decide the cons are too great, you could query the phone first, using http:/IP_PHONE_ADDRESS/CGI/ModelInfo, and only send the SoftKey:Exit or Key:Services if your screen is showing at the time of the query (which you could determine based on the title of the XML object you are sending, which will show up in the /ModelInfo query). There is still a window in which the user could push a key on the phone, but it is greatly diminished if you take this route.

• CIsco 2811 Gatekeeper command

                     Hi,
     I am working on my CCIE voice lab at home, but I am not able to enter the Gatekeeper command in my cisco 2811 routers. I am running IOS 12.4(15)
  Thank you for the help in advance.

  Hi Curtis,
  Had a similar issue in my lab , I did want the license. Instead i downgraded the IOS and without the demo license.
  The below IOS does not require gatekeeper license:
  "flash:c2800nm-ipvoice_ivs-mz.124-4.T7.bin"
  Cisco IOS Software, 2800 Software  (C2800NM-IPVOICE_IVS-M), Version 12.4(4)T7, RELEASE SOFTWARE (fc1)
  Technical  Support: http://www.cisco.com/techsupport
  Copyright  (c) 1986-2006 by Cisco Systems, Inc.
  Compiled Tue 28-Nov-06 18:37 by  kellythw
  ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE  (fc1)
  HQ uptime is 2 weeks, 4 days, 12 hours, 27 minutes
  System  returned to ROM by reload at 07:28:44 PST Fri Jan 24 2014
  System restarted at  07:29:49 PST Fri Jan 24 2014
  System image file is  "flash:c2800nm-ipvoice_ivs-mz.124-4.T7.bin"
  Kidnly rate the post accordinly.
  Regards,
  Kevin

• Cisco 6506 Netflow configuration

  I configured netflow to capture data received by vlan 950. 
  vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
  why is it not showing any traffic received from outside? or sent to outside hosts?

  Hi Rafael,
  you need an Assurance License for that feature to work
  check the below link:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
  Thanks-
  Afroz
  [Do rate the useful post]

• Cisco Profiler NetFlow

  Hi
  Can someone help me to determine does my Net Flow config is correct or not? What should I do on Profiler web konsole to now that the NetFlow is working.
  This is config on router:
  router (config)#ip flow-export version 5    
  router (config)#ip flow-export destination 10.0.86.9 2055
  router (config)#interface ATM0/1/0
  router (config-if)#ip  flow ingress
  router (config-if)#ip route-cache flow
  This is what I get on eth0 (trusted) on CAS (Collector is on CAS servers)
  13:32:47.215752 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
  13:33:01.214074 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 120
  13:33:14.212558 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 216
  13:33:26.211179 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 264
  13:33:39.209589 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 72
  13:33:51.208193 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 264
  13:34:12.205745 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 408
  13:34:31.203515 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
  13:34:45.201813 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 168
  13:34:58.200285 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 168
  13:35:16.198210 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
  NetFlow Module Config
  Network Config
  THANKS

  Hi all
  Which IP address should I configure as NetFlow destination.
  In documentation has some confusing sentence.
  The Cisco NAC Profiler Collector uses the 4th NIC of the CAS to collect data from a SPAN port, SNMP, or NetFlow. The Cisco NAC Profiler Collector aggregrates the relevant data, consolidates it, and then forwards it on to the Cisco NAC Profiler Server.
  AND
  By default, enabling the NetFlow Agent on a NetRelay module initiates listening for XDRs sent to the Collector management interface (eth0) by routers and other NetFlow collectors on port 2055.
  Is that 4th NIC (eth3) like for SPAN or eth0?
  Has anyone any comment

• Cisco Prime- Netflow Export Issue

  Dear All,
  We are observing high bandwidth being utliized between ASR1004 and Cisco Prime 2.1 after enabling "ip netflow exporter". Is there any way to mitigate it..?

  Yes - use sampled Netflow which statistically samples the flows instead of trying to send every single one back to Prime Infrastructure.
  The IOS-XE configuration guide section on Netflow describes how to set it up.

• Cisco SG 300 command line setup?

  Hi,
  Im trying to get my head around my new cisco SG 300 switch.  Im not very experienced but I have used the Linksys SRW range before and configured it using teraterm and method described in the link below:
  http://homecommunity.cisco.com/t5/Switches/SRW-series-super-secret-CLI-mode/td-p/109959
  As im fimilar with this method and the commands ideally I'd like to use this on the SG 300 range as well.  Is this possible?
  Failing that, is it possible to use another method which uses the same commands which can be easily copy and pasted for setting up multiple switches with the configuration?
  All help greatly appreicated,
  Cheers

  Hi,
  The older SRW CLI method is not particulary relevant to the new SG300 series switch.
  If you had older, for example, a 8 port gig SRW2008 switch, that process that you referenced  may have been relevant.
  Today, if you buy a SRW2008-K9-NA switch, the K9 tells me that this switch is a newer 300 series switch,  the NA tells me it's a North American power supply variety.
  Note: We kept the ordering p/n of the 300 series switch similar, ( but not identical) to that of the older SRW switches for consistency reasons.
  Having said that, the newer 300 series product is generations ahead of it's older ancestor, with a Ton more featuressuch as the option for IPv6 and Layer 3 switching.
  I have attached the CLI reference guide for the 300 series switches firmware version 1.1
  This CLI does enable the option for, as you suggest "easily copy and pasted for setting up multiple switches with the configuration?"
  I have also included a link to the 300 series firmware version 1.1  CLI manual for your reference
  http://www.cisco.com/en/US/products/ps10898/prod_command_reference_list.html
  Hope this helps.
  regards Dave