Configuring NetFlow-Lite for Cisco 2960-X Series

The Cisco Catalyst 2960-X NetFlow-Lite configuration is pretty straight forward however it is very different fro the !"F!X "#$%" &NetFlow-Lite' we configured on the Cisco (9()* NetFlow-Lite+ The 2960, uses flow sa pling without any for of pac-et capture+ There are two

types of possi.le NetFlow Lite sa pling configurations on the 2960,/ 1 Deterministic Sampling 2Random Sampling Deterministic Sampling 0eter inistic sa plers sa ple pac-ets e,actly as specified 1!+e+ the first flow out of every 200 flows3+ 0eter inistic sa plers can only .e applied on up to ( interfaces+ For this reason4 we decided to configure rando Random Sampling 5ando sa pling sa ples a rando flow out of ever X flows+ The a,i u sa ple rate for .oth 0eter inistic and 5ando ( interfaces li-e 0eter inistic sa pling+ !n the configuration .elow we used 5ando configuration to all interfaces using a rando sa pler'+ The rando sa pling+ ! was a.le to add the sa pler called & y-rando is 2 out-of 62+ !t is not li ited to sa pling+

sa pler called & y-rando -sa pler' was configured to

rando ly sa ple 2 out of every 200 flows on the interfaces it was applied to+ Setting up NetFlow Lite on the 2960x: 7 7 step 2/ create a flow record flow record flows atch datalinatch datalinatch ipv( tos atch ipv( protocol atch ipv( source address atch ipv( destination address atch transport source-port atch transport destination-port collect transport tcp flags collect interface input collect flow sa pler 7 .elow ! specified 8long9 .ecause the 2960, supports 6( .it counters
1

ac source address input ac destination address input

collect counter .ytes long collect counter pac-ets long collect ti esta p sys-upti e first collect ti esta p sys-upti e last 7 7 7 step 2/ create a flow e,porter flow e,porter e,port-to-inside description fle,i.le NF v9 destination 20+2+2+2 source :lan; transport udp 20<< te plate data ti eout 60 7 7 lets e,port so e cool option te plates option interface-ta.le option e,porter-stats option sa pler-ta.le 7 7 7 step 6/ create a flow flow onitor nftest record flows e,porter e,port-to-inside cache ti eout active 60 statistics pac-et protocol 7 7 =elow was used for the deter inistic sa pling configuration 7 that ! didn9t li-e .ecause of the ( interface li itation 7 sa pler full 7 7 7 .elow is the rando 7 the a.ove with+ sa pler 7 7 7 7 step (/ apply the flow onitor 8nftest9 to each interface with 7 the defined sa pler 8 y-rando -sa pler9 7 input is for ingress+ *gress was not supported in this release> interface ?iga.it*thernet2@0@2
2

onitor

ode deter inistic 2 out-of 62 sa pler configuration that ! replaced

y-rando -sa pler 2 out-of 200

ode rando

ip flow 7

onitor nftest sa pler

y-rando -sa pler input

interface ?iga.it*thernet2@0@2 ip flow 7 interface ?iga.it*thernet2@0@6 ip flow 7 interface ?iga.it*thernet2@0@( ip flow 7 7 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 7 AAA 5epeat the a.ove for all the interfaces AAA 7 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 7 interface ?iga.it*thernet2@0@<0 ip flow 7 interface Ten?iga.it*thernet2@0@2 7 interface Ten?iga.it*thernet2@0@2 onitor nftest sa pler ode access y-rando -sa pler input switchport onitor nftest sa pler y-rando -sa pler input onitor nftest sa pler y-rando -sa pler input onitor nftest sa pler y-rando -sa pler input

It is referred configuration/

from:

http://www.plixer.com/blog/netflow-lite-2/cisco-2960-x-netflow-lite-

More related: Cisco Catalyst 2960-X Series Switch Overview PoE Capacity of Cisco Catalyst 2960-X Series Switches What are the notable ifferences between the Cisco Catalyst 2960-S an 2960-X Series Switches! More Cisco products and Reviews you can visit: http://www.3anetwor .com/blog

"#networ$%co& is a worl lea in' Cisco networ$in' pro (cts wholesaler) we wholesale ori'inal new Cisco networ$in' e*(ip&ents) incl( in' Cisco Catalyst switches) Cisco ro(ters) Cisco firewalls) Cisco wireless pro (cts) Cisco &o (les an interface car s
3

pro (cts at co&petitive price an ship to worl wi e% O(r website+ http+,,www%"anetwor$%co& -elephone+ ./02-"069-11"" E&ail+ info2"#networ$%co& # ress+ 2",3 4(c$y Pla5a) "60-"26 4oc$hart 7oa ) Wanchai) 8on'$on'