How can we help?

How to configure Netflow Lite on the Cisco Catalyst 2960-X or XR

Follow

Note: Catalyst 2960-X and XR only support Netflow. Netflow can be configured on four interfaces. If more than four are configured, it will cease to function.

Items that are between { } and in bold should be replaced with values specific to the environment being configured.

1. Configure the Flow Record

You can create a flow record and add keys to match on and fields to collect in the flow.

config terminal
flow record {AuvikFlowRecord}
collect counter bytes long
collect counter packets long
collect flow sampler
collect interface input
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect transport tcp flags ack
collect transport tcp flags fin
collect transport tcp flags rst
match datalink mac source address input
match datalink mac destination address input
match ipv4 protocol
match ipv4 destination address
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
end

(Optional) Displays information about this NetFlow flow record.

show flow record {AuvikFlowRecord}

Save your entries in the configuration file.

copy running-config 
startup-config

 

2. Configure the Flow Exporter

You can create a flow export to define the export parameters for a flow.

Each flow exporter supports only one destination. If you want to export the data to multiple destinations, you must configure multiple flow exporters and assign them to the flow monitor.

You can export to a destination using an IPv4 address.

configure terminal
flow exporter {ExporterName}
destination {IPADDRESSOFAUVIKCOLLECTOR}
export-protocol netflow-v9
option interface-table
option exporter-stats
option sampler-table
template data timeout 60
transport udp {Must be on one of these ports: 2055, 2056, 4432, 4739, 6343, 9995 or 9996}
end

(Optional) Displays information about this NetFlow flow exporter.

show flow exporter {ExporterName}

Save your entries in the configuration file.

copy running-config 
startup-config

 

2. Configure the Flow Monitor

You can create a flow monitor and associate it with a flow record and a flow exporter.

configure terminal
flow monitor {AuvikMonitorName}
record (AuvikFlowRecord}
exporter (ExporterName)
cache timeout active 60
cache timeout inactive 15
cache type normal
statistics packet protocol
end

(Optional) Displays information about this NetFlow flow monitor.

 show flow monitor name {AuvikMonitorName}

Save your entries in the configuration file.

copy running-config 
startup-config

 

3. Configure the Flow Sampler

You can create a sampler to define the NetFlow sampling rate for a flow.

configure terminal
sampler {SamplerName}
mode random 1 out-of 512
end

(Optional) Displays information about this NetFlow sampler.

show sample {SamplerName}

Save your entries in the configuration file.

copy running-config 
startup-config

 

4. Enabling Flow on an Interface

Enter global configuration mode on the Cisco Catalyst 2960-X or XR, and issue the following commands for each interface on which you want to enable flow:

configure terminal
interface {InterfaceName}
ip flow monitor {AuvikMonitorName} sampler {SamplerName} input
end

(Optional) Display information about NetFlow on an interface.

show flow interface

Save your entries in the configuration file.

copy running-config 
startup-config
Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request