Configuring Netflow-Lite on 2960-X

Similar Messages

• Configure Oracle Lite DB Connection

  I'm using JDeveloper 10.1.2. How do I configure a DB connection in Jdev to connect to an Oracle Lite DB (the version that comes with BPEL)?
  Thank you,
  Dave

  Oracle Lite DB supports sequences. When you publish your applications you can partition the sequences by assigning windows for each clients.
  -- Ravindra

• Configure X-lite with GNS3

  I am working in lab environment using GNS3 router 2691 and X-lite SIP phone. Please share the proper configuration for the same. 

  I assume you have been setup GNS3 and want to register X-Lite with CME (not CUCM). If yes, please check the following;
  http://www.netcraftsmen.com/sip-endpoints-in-cisco-communications-manager-call-manager-express-x-lite/
  Another example of SPA phones however configuration step in CME shall remain same;
  http://www.cisco.com/c/dam/en/us/products/collateral/unified-communications/unified-communications-manager-express/spa_polycom_application.pdf

• Could MPLS L3 VPN forward packet which CE configure VRF Lite?

  Or does anyone have a lab for my test? Please share.
  Diagram:
  vrf lite - mplsl3 vpn - vrf lite
  Will it have any change on mpls l3vpn configuration?
  Thank you very much.

  I test lab follow to this document is work. I test with static route and OSPF is work. Now, I’m testing with BGP route. I found the PE doesn’t send the BGP routes from the other sites to the CE. How should I do?
  Topology:
  BGP vrf lite (vrf v11) CE1 - BGP - MPLS L3VPN (vrf v1) PE1 - PE2 (vrf v1) MPLS L3VPN - BGP - CE2 (vrf v11) vrf lite BGP
  PE1#sho ip rou vrf v1
  Gateway of last resort is not set
  B    10.0.252.1/32 [200/0] via 10.0.0.11 (nexthop in vrf default), 1d22h
  B    10.0.252.2/32 [200/0] via 10.0.0.14 (nexthop in vrf default), 1d22h
  L    10.0.252.3/32 is directly connected, 1d22h, Loopback101
  B    38.0.0.0/24 [200/0] via 10.0.0.11 (nexthop in vrf default), 1d04h
  B    39.0.0.0/24 [200/0] via 10.0.0.14 (nexthop in vrf default), 05:13:07
  B    40.0.0.0/24 [200/0] via 10.0.0.11 (nexthop in vrf default), 1d04h
  C    41.0.0.0/24 is directly connected, 1d22h, GigabitEthernet0/0/1/2.14
  L    41.0.0.3/32 is directly connected, 1d22h, GigabitEthernet0/0/1/2.14
  B    208.0.0.0/24 [200/0] via 10.0.0.11 (nexthop in vrf default), 00:06:55
  B    209.0.0.0/24 [200/0] via 10.0.0.14 (nexthop in vrf default), 00:08:14
  B    210.0.0.0/24 [20/0] via 41.0.0.8, 00:11:17
  CE1#sho ip bgp vpnv4 vrf v11
  BGP table version is 23, local router ID is 172.16.30.5
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 800:1 (default for vrf v11)
  *> 10.0.252.1/32    41.0.0.3                               0 18252 ?
  *> 10.0.252.2/32    41.0.0.3                               0 18252 ?
  *> 10.0.252.3/32    41.0.0.3                 0             0 18252 ?
  *> 38.0.0.0/24      41.0.0.3                               0 18252 ?
  *> 39.0.0.0/24      41.0.0.3                               0 18252 ?
  *> 40.0.0.0/24      41.0.0.3                               0 18252 ?
  r> 41.0.0.0/24      41.0.0.3                 0             0 18252 ?
  *> 210.0.0.0        0.0.0.0                  0         32768 i
  CE1#

• Configuring NetFlow and Dynamic Vulnerability Scanning

  Hi All,
  Configuring of NetFlow and Vulnerability Scanning are done.Where and how to check the netflow and Vulnerabilty scanning?
  Thanks.

  After enabling network scanning, you can view individual scan reports from Device Management > Clean Access > Network Scanner > Reports. The report shown here is the full administrator report (Figure 13-13). The report shown to end users contains only the vulnerability results for the enabled plugins. (Users can access their version of the scan report by clicking the Scan Report link in their Logout page.)
  for more information follow up on this link:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_netsca.html#wp1050604

• Configuring 8i lite & Forms 6i

  Hi Friends,
  I am installing Oracle 8i Lite in my Windows98 PC. I installed and tested through SQL. It succeeded. Then I went on to install Developer 6i. After the installation, I was unable to connect either from SQL or Forms. Then I installed the OCA from the developer CD.
  After this, I was able to connect in SQL. But I got the error, USER_PROFILE not found. So I did run the script PUPBLD.SQL as user SYSTEM. Now I am able to connect in SQL, but with an error
  ORA-00022: invalid session id; access denied,
  Server not available or version too low for this feature
  If I try to run select * from cat from SQL prompt I was blessed with the following message
  SQL*Plus internal error state 2090, context 47:0:0
  Unsafe to proceed
  Because of this invalid session, I believe that not able to connect to forms as well.
  Can anyone help me out from this?
  Thanks,
  With best regards,
  Muthaiah (Muths)

  I have the following homes:
  - ORA8i
  - Dev 6i: for Developer 6i and Designer 6i
  - RDBMS 9i SE
  - Dev 9i: for Developer 9i and Designer 9i
  plus a separate directory for JDev 9.0.3. This one needs no Oracle home thank God. :-)
  One more thing. Some applications will not be able to find the aliases if there are more than one Oracle homes and the aliases are not present in ALL tnsnames.ora files.
  To avoid this I set the TNS_ADMIN environmental variable for my tnsnames.ora file (aliases for the database).
  HTH

• Configuring SNMpv3 in switch 2960 and connect to cisco prime 6.3

  hi
  I configuring the parameters in the switch for snmp v3 and the cisco prime, but i don´t have any response
  but, I configure snmp version1 this work
  in the scree on the cisco prime, don´t appear this field´s to configure all parameters for snmpv3
  any idea??
  thanks

  Hi ,
  share your SNMPv3 config  or I have attached the sample SNMPv3 config , kindly check or reconfigure it and see if it help
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• Configuring Netflow on Cisco 3560X

  I have a WS-C3560X-24P with this SW version 12.2(55)SE1. It has several L3 Vlan interfaces.
  How do I enable it to send Netflow traps?
  It does not support the ip flow-export commands.
  thanks!!!
  Sergio

  Hello,
    3560 series doesn't support netflow. There are only two sulutions:
  1. use another switch 4500 or 6500 -> more expensive solution
  2. try use a netflow probe. There are commercial sulutions and
  free solutions. The probe is connected via span/mirror port or
  via optical tap/splitter.
  Visit http://support.caligare.com/kb/entry/42/  to see a list of
  supported devices.
  I'm sorry, both solutions are not ideal, but what is in the world?
  Jan
  PS.: Please, rate if you are satisfied.

• CONFIGURATION OF REDUNDANDACY ON 2960 SWITCHES

  I would like to configure 2 switches for redundancy for fail over how should i interconnect and what are the configurations to be made on switches the current setup is i have 2 links connnected through fiber to two switches in turn is conected to 2 routers

  Step 1
  configure terminal
  Enter global configuration mode.
  Step 2
  interface interface-id
  Specify a physical interface to configure, and enter interface configuration mode.
  Valid interfaces include physical interfaces.
  Up to eight interfaces of the same type and speed can be configured for the same group.
  Step 3
  switchport mode {access | trunk}
  switchport access vlan vlan-id
  Assign all interfaces as static-access ports in the same VLAN, or configure them as trunks.
  If you configure the interface as a static-access port, assign it to only one VLAN. The range is 1 to 4094.
  Step 4
  channel-group channel-group-number mode
  {{auto [non-silent] | desirable [non-silent] | on} | {active | passive}}
  For more detail see Etherchannel configuration Guide:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swethchl.htm

• Netflow on 2960 and 3560 !!

  Dear all,
  I am trying to configure netflow on cisco catalyst 2960(12.250 SE4) and 3560G(12.250 ) switches for mcafee network security manager.
  But netflow command is not supported for this mcafee device. 
  I want to know, is there any process to configure netflow on this device?
  thanks in advance.

    As far as I know those switches do not support any kind of netflow .

• Cisco 6506 Netflow configuration

  I configured netflow to capture data received by vlan 950. 
  vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
  why is it not showing any traffic received from outside? or sent to outside hosts?

  Hi Rafael,
  you need an Assurance License for that feature to work
  check the below link:
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
  Thanks-
  Afroz
  [Do rate the useful post]

• Can't NetFlow be configured on the port of F2 serise module?

  According to "sm_nx.pdf(OL-25775-02)  p.19-21",
  "NetFlow 6.0(1) NetFlow is not supported on F2 Series modules."
  Does it mean just configuring "flow exporter source" not allowed for, for ex, "ethernet 3/1" on F2 lincecard, and configuring "interface Ethernet3/1" on F2 module and "ip flow monitor MONITOR1 input", "ip flow monitor MONITOR1 output" are remaing abled to be used and worked normally, I think, am I wrong?
  And I've found this page... http://www.cisco.com/en/US/products/ps9402/prod_models_comparison.html#~tab-c
  NetFlow    N7K-F248XP-25    Sampled
  Does it mean when I need to use NetFlow as an alternative to packet capturing, so I need to pickup just only each "ip.src", "ip.dst", "tcp.srcport" and  "tcp.dstport" only 4 fields but also in all packets through the target interface, May I configure NetFlow on F2 as this?
  --------------- from here ---------------
  config t
  feature netflow
  sampler SAMPLE
    mode 1 out-of 1
  ! I'm trying to use NetFlow as an alternative to packet capturing,
  ! so I need to pickup just only 4 feilds but in for all packets through the target interface.
  flow exporter EXPORT
    destination 192.168.0.254 use-vrf management
    source mgmt0
  ! Avobe is the interface mgmt0.
    version 5
  flow record RECORD
    match ip protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-address
    match transport destination-address
    collect flow sampler id
    collect interface input
    collect interface output
  flow monitor MONITOR
    exporter EXPORT
    record ipv4
  interface vlan 1000
    ip flow monitor MONITOR input sampler SAMPLE.
    ip flow monitor MONITOR output sampler SAMPLE.
  --------------- to here ---------------

  Thanks for the suggestion kcell. I've tried both versions
  9.0.115 and 9.0.124 and both fail with the policy permission error.
  I also tried with and without your crossdomain.xml file but
  with the same result. It looks like this file is intended for URL
  policy, instead of socket policy. Recently Adobe separated the two.
  When I run with the files installed on my dev PC, it does
  work, which makes sense because the flash player isn't loaded from
  an unknown domain.
  I did get one step closer. If a crossdomain.xml in the server
  root exists and the socketpolicy file is loaded from the app folder
  then the first two warnings disappear. The logs now show:
  OK: Root-level SWF loaded:
  https://192.168.2.5/trunk/myapp.swf
  OK: Policy file accepted: https://192.168.2.5/crossdomain.xml
  OK: Policy file accepted:
  https://192.168.2.5/trunk/socketpolicy.xml
  Warning: Timeout on xmlsocket://192.168.2.5:843 (at 3
  seconds) while waiting for socket policy file. This should not
  cause any problems, but see
  http://www.adobe.com/go/strict_policy_files
  for an explanation.
  Warning: [strict] Ignoring policy file with incorrect syntax:
  xmlsocket://192.168.2.5:993
  Error: Request for resource at xmlsocket://192.168.2.5:993 by
  requestor from https://192.168.2.5/trunk/myapp.swf is denied due to
  lack of policy file permissions.
  Which basically says, everything is okay, but you stay out
  anyway.
  PS: I found the XML schema files here:
  http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html
  and the socket policy schema:
  http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd.
  UPDATE: When serving up the policy file on port 843 using the
  example perl script then the socket connection seems to be accepted
  and the connect succeeds. After that flex hangs trying to logon to
  the IMAP server.

• Netflow configuration on 4510 switch

  Hi everyone,
  I have a 4510 with sup7e and I would like to deploy netflow on this switch. The network will contain the 4510 switch where there will be 4 blades installed, each blade contains a separate Zone (vlan) . These 4 zones will then trunk upto a firewall via ten gig link over sub-interfaces. There will be an ip address assigned to each vlan on the 4500 switch but there can not be routing enabled between the vlans on the switch. If anyone could describe or show if it is possible to configure netflow with this scenario, it would be very much appreciated.

  You will need the IP services (or above) image with the Sup 7E on a Catalyst 4k. Assuming you have that, I believe you can use flexible Netflow and set up a separate flow exporter with each of your zones' SVI as the source.
  See this guide: link.

• Configure Private VLAN on 3750 & 2960

  Hi All,
  ( R ) ------ [ 3750 ] ------- [ 2960 A ]
                          |------------ [ 2960 B ]
  I had these VLAN on the 3750 & 2960:
  - Vlan 8 (mgnt Vlan), Vlan 17, Vlan 34, Vlan 35
  Basically I had already configure switchport protected on all the port on the 2960 except the uplink to 3750.
  2960 Configure
  On uplink to 3750
   switchport mode trunk
  On end device port 
   switchport trunk native vlan 35
   switchport trunk allowed vlan 34,35
   switchport mode trunk
   switchport protected
   spanning-tree portfast
  How do I go about configure private VLAN on the 3750? 
  3750 Configure
  On downlink to 2960
   switchport mode trunk
  Interface vlan8
   ip address 10.8.0.1 255.255.255.0
  Interface vlan17
  ​ ip address 10.17.0.1 255.255.255.0
  Interface vlan34
  ​ ip address 10.34.0.1 255.255.255.0
  Interface vlan35
  ​ ip address 10.35.0.1 255.255.255.0
  What I want to achieve is to send all the VLAN 8, 17, 34, 35 from 2960 to 3750 and 3750 to 2960. But at the same time prevent 2960 A client from talking to 2960 B client on VLAN 35? 

  I believe that if both devices you want no to speak with each other are on 2960 the "switchport protected" should work.
  But you can configure with private vlan.
  let's say client A is in port f0/1 and client B in port f0/2
  Parent (main) VLAN is 100 and child is 999
  You would configure the VLANs in ALL switches.
  vlan 999
  private-vlan isolated
  vlan 100
  private-vlan primary
  private-vlan association 999
  Now you would need to configure the ports.
  int range f0/1 - 2
  switchport mode private-vlan host
  switchport private-vlan host-association 100 999
  If the interfaces will talk to other VLANs, you need to configure the SVI to understand it will serve the private VLANs.
  interface vlan 100
  private-vlan mapping 999
  That's it, but notice that now interface f0/1 will not talk to f0/2 and to any other interface inside vlan 100, if you want a port to communicate to f0/1 or f0/2 this new port would need to be configured as a promiscuous one (In case it needs to talk to both of them) or create a community private-vlan and configure the ports desired on it. (F0/1 and F0/2 can't be on the same community VLAN or they'll be able to talk to each other).
  If the intention is to prevent one specific port from talking to all the others, you can put only this interface in the private VLAN instead of both.
  wrote too much, if this answers your question let me know, or we can create a practical scenario for it.

• LAN BASE and LANE LITE Software

  Hi ,
  I found this info in the Q&A for Catalyst 2960 Switches:
  Q. What are the advantages of Cisco Catalyst 2960 Series Switches with the LAN Base software relative to Cisco Catalyst 2960 Series Switches with the LAN Lite software?
  A. Cisco Catalyst 2960 LAN Base switches deliver intelligent services for branch offices and wiring closets. The LAN Base IOS software supports enhanced Layer 2+ security, quality of service (QoS), availability, and scalable management to enable new converged applications. Catalyst 2960 LAN Base switches include both 10/100 Fast Ethernet and 10/100/1000 Gigabit Ethernet connectivity in 8-, 24-, and 48-port configurations.
  Cisco Catalyst 2960 LAN Lite switches are for entry-level branch office and wiring closet networks. They simplify the migration from nonintelligent hubs and unmanaged switches to a fully scalable and reliable network. The LAN Lite IOS software supports standard Layer 2 security, QoS, and availability while lowering the network total cost of ownership. Catalyst 2960 LAN Lite switches deliver 10/100 Fast Ethernet connectivity in 24- and 48-port configurations.
  All Cisco Catalyst 2960 Series Switches have technical support service options available through Cisco SMARTNet® service. All come with a Limited Lifetime Hardware Warranty, and LAN Base and LAN Lite software updates are provided at no additional cost.
  my question is about the text in red color, does that mean that if I ordered  (WS-C2960-24PC-L) then all the Ethernet interfaces can work at the 10/100/1000 ?

  Hello and good afternoon,
  Here is the link to the model comparisons:
  http://www.cisco.com/en/US/products/ps6406/prod_models_comparison.html
  There are gig uplinks on the lan-lite products.
  Is there a specific application, feature or functionality you are looking for?  Can I assist you all in finding the right switch?
  Kindest regards and best wishes for a great new year!
  Andrew Lee Lissitz