Table Of Contents
NetFlow MIB and Top Talkers
Contents
Prerequisites for Configuring NetFlow MIB and Top Talkers
Restrictions for Configuring NetFlow MIB and Top Talkers
Information About Configuring NetFlow MIB and Top Talkers
NetFlow MIB and Top Talkers Overview
NetFlow MIB and Top Talkers Benefits
How to Configure NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands
Configuring SNMP Support on the Networking Device
Configuring Parameters for the NetFlow Main Cache
Identifying the Interface Number to use for Enabling NetFlow with SNMP
Configuring NetFlow on Cisco Routers
Configuring NetFlow Top Talkers
Configuring NetFlow Top Talkers Match Criteria
Verifying the NetFlow Top Talkers Configuration
Configuration Examples for NetFlow Top Talkers
Configuring NetFlow Top Talkers using SNMP Commands: Example
Configuring NetFlow Top Talkers Match Criteria using SNMP Commands: Example
Additional References
Related Documents
MIBs
Technical Assistance
Command Reference
cache-timeout
ip flow-top-talkers
match (NetFlow)
show ip flow top-talkers
sort-by
top
NetFlow MIB and Top Talkers
NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow MIB and Top Talkers feature uses NetFlow functionality to obtain information regarding heaviest traffic patterns and most-used applications in the network.
History for the NetFlow MIB and Top Talkers Feature
Release
|
Modification
|
12.2(25)S
|
This feature was introduced.
|
12.3(11)T
|
This feature was integrated into Cisco IOS Release 12.3(11)T.
|
12.2(27)SBC
|
This feature was integrated into Cisco IOS Release 12.2(27)SBC.
|
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for Configuring NetFlow MIB and Top Talkers
• Restrictions for Configuring NetFlow MIB and Top Talkers
• Information About Configuring NetFlow MIB and Top Talkers
• How to Configure NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands
• Configuration Examples for NetFlow Top Talkers
• Additional References
• Command Reference
Prerequisites for Configuring NetFlow MIB and Top Talkers
Before you enable NetFlow and NetFlow Top Talkers, you must:
•Configure the router for IP routing
•Ensure that one of the following is enabled on your router, and on the interfaces that you want to configure NetFlow on: Cisco Express Forwarding (CEF), distributed CEF, or fast switching
•Understand the resources required on your router because NetFlow consumes additional memory and CPU resources.
Restrictions for Configuring NetFlow MIB and Top Talkers
Cisco IOS Releases 12.2(14)S, 12.0(22)S, or 12.2(15)T
If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlow on an interface.
If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later the ip flow ingress command is used to enable NetFlow on an interface.
Information About Configuring NetFlow MIB and Top Talkers
To configure the NetFlow MIB and Top Talkers feature, you should understand the following concepts:
• NetFlow MIB and Top Talkers Overview
• NetFlow MIB and Top Talkers Benefits
NetFlow MIB and Top Talkers Overview
NetFlow collects traffic flow statistics on routing devices. NetFlow has been used for a variety of applications, including traffic engineering, usage-based billing, and denial of service (DoS) attack monitoring.
The usual implementation of NetFlow exports NetFlow data to a collector. The NetFlow MIB and Top Talkers feature can be used for security monitoring or accounting purposes for top talkers, and matching and identifying key users of the network. This feature is also useful for a network location where a traditional NetFlow export operation is not possible. The NetFlow MIB and Top Talkers feature does not require a collector to obtain information regarding flows. Instead, these flows are placed in a special cache where they can be viewed. The NetFlow MIB part of the NetFlow MIB and Top Talkers feature allows you to configure the NetFlow Top Talkers feature using SNMP.
The flows that are generating the heaviest system traffic are known as the "top talkers."
The NetFlow Top Talkers feature allows flows to be sorted so that they can be viewed. The top talkers can be sorted by either of the following criteria:
•By the total number of packets in each top talker
•By the total number of bytes in each top talker
In addition to sorting top talkers, you can further organize your output by specifying criteria that the top talkers must match, such as source or destination IP address or port. The match command is used to specify this criterion. For a full list of the matching criteria that you can select, refer to the match command in the Cisco IOS command reference documentation.
NetFlow MIB and Top Talkers Benefits
Top talkers can be useful for analyzing network traffic in any of the following ways:
•Security—You can view the list of top talkers to see if traffic patterns consistent with a denial of service (DoS) attack are present in your network.
•Load balancing—You can identify the most heavily used parts of the system and move network traffic over to less-used parts of the system.
•Traffic analysis—Consulting the data retrieved from the NetFlow MIB and Top Talkers feature can assist you in general traffic study and planning for your network.
An additional benefit of the NetFlow MIB and Top Talkers feature is that it can be configured for a router either by entering CLI commands or by entering SNMP commands on a network management system (NMS) workstation. The SNMP commands are sent to the router and processed by a MIB. You do not have to be connected to the router console to extract the list of top talkers information if an NMS workstation is configured to communicate using SNMP to your network device. For more information on configuring your network device to use MIB functionality for the NetFlow MIB and Top Talkers feature, see the "Configuring SNMP Support on the Networking Device" section.
How to Configure NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands
Note Some of the tasks in this section include examples of the SNMP CLI syntax used to set configuration parameters on the router, and to read values from MIB objects on the router. These SNMP CLI syntax examples are taken from a Linux workstation using public domain SNMP tools. The SNMP CLI syntax for your workstation might be different. Refer to the documentation that was provided with your SNMP tools for the correct syntax for your network management workstation.
This section contains the following subsections:
• Configuring SNMP Support on the Networking Device
• Configuring Parameters for the NetFlow Main Cache
• Identifying the Interface Number to use for Enabling NetFlow with SNMP
• Configuring NetFlow on Cisco Routers
• Configuring NetFlow Top Talkers
• Configuring NetFlow Top Talkers Match Criteria
• Verifying the NetFlow Top Talkers Configuration
Configuring SNMP Support on the Networking Device
If you want to configure the Top Talkers feature using the Cisco IOS CLI, you do not need to perform this task.
If you want to configure the Top Talkers feature using the NetFlow MIB and SNMP, you must perform this task.
Before the you can use SNMP commands to configure the Top Talkers feature you must configure SNMP support on your networking device. To enable the SNMP support on the networking device perform the steps in this task.
Note The SNMP community read-only (RO) string for the examples is public. The SNMP community read-write (RW) string for the examples is private. You should use more complex strings for these values in your configurations.
Note For more information on configuring SNMP support on your networking device, refer to the Configuring SNMP Support chapter of the Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3
SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server community string ro
4. snmp-server community string rw
5. end
DETAILED STEPS: Router CLI Commands
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
(Required) Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
(Required) Enters global configuration mode.
|
Step 3
|
snmp-server community string ro
Example:
Router(config)# snmp-server community public ro
|
(Required) Sets up the community access string to permit access to SNMP.
•The string argument is a community string that consists of from 1 to 32 alphanumeric characters and functions much like a password, permitting access to the SNMP protocol. Blank spaces are not permitted in the community string.
•The ro keyword specifies read-only access. SNMP management stations using this string can retrieve MIB objects.
|
Step 4
|
snmp-server community string rw
Example:
Router(config)# snmp-server community private
rw
|
(Required) Sets up the community access string to permit access to SNMP.
•The string argument is a community string that consists of from 1 to 32 alphanumeric characters and functions much like a password, permitting access to the SNMP protocol. Blank spaces are not permitted in the community string.
•The rw keyword specifies read-write access. SNMP management stations using this string can retrieve and modify MIB objects.
Note The string argument must be different from the read-only string argument specified in the preceding step (Step 3).
|
Step 5
|
end
Example:
Router(config)# end
|
(Required) Exits the current configuration mode and returns to privileged EXEC mode.
|
Configuring Parameters for the NetFlow Main Cache
This optional task describes the procedure for modifying the parameters for the NetFlow main cache. Perform the steps in this optional task using either the router CLI commands or the SNMP commands to modify the parameters for the NetFlow main cache.
SUMMARY STEPS
Router CLI Commands
1. enable
2. configure terminal
3. ip flow-cache entries number
4. ip flow-cache timeout active minutes
5. ip flow-cache timeout inactive seconds
6. end
SNMP Commands
1. snmpset -c private -m all -v2c [ip-address | hostname] cnfCICacheEntries.type unsigned number
2. snmpset -c private -m all -v2c [ip-address | hostname] cnfCIActiveTimeOut.type unsigned number
3. snmpset -c private -m all -v2c [ip-address | hostname] ccnfCIInactiveTimeOut.type unsigned number
DETAILED STEPS: Router CLI Commands
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
(Required) Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
(Required) Enters global configuration mode.
|
Step 3
|
ip flow-cache entries number
Example:
Router(config)# ip flow-cache entries 4000
|
(Optional) Specifies the maximum number of entries to be captured for the main flow cache.
Note The valid range for the number argument is from 1024 to 524288 entries.
|
Step 4
|
ip flow-cache timeout active minutes
Example:
Router(config)# ip flow-cache timeout active 30
|
(Optional) Configures operational parameters for the main cache.
•The timeout keyword dissolves the session in the cache.
•The active minutes keyword-argument pair is the number of minutes that an entry is active. The range is from 1 to 60 minutes. The default is 30 minutes.
|
Step 5
|
ip flow-cache timeout inactive seconds
Example:
Router(config)# ip flow-cache timeout inactive
100
|
(Optional) Configures operational parameters for the main cache.
•The timeout keyword dissolves the session in the main cache.
•The inactive seconds keyword-argument pair is the number of seconds that an inactive entry will stay in the main cache before it times out. The range is from 10 to 600 seconds. The default is 15 seconds.
|
Step 6
|
end
Example:
Router(config)# end
|
(Required) Exits the current configuration mode and returns to privileged EXEC mode.
|
DETAILED STEPS: SNMP Commands
| |
Command or Action
|
Purpose
|
Step 1
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfCICacheEntries.type unsigned
number
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfCICacheEntries.0 unsigned 4000
|
(Optional) Defines the maximum number of entries to be captured for the main flow cache.
•The value for the type argument in cnfCICacheEntries.type unsigned number is 0 for the main cache.
•The value for the number argument in cnfCICacheEntries.type number is the maximum number of cache entries.
Note The valid range for the number argument is from 1024 to 524288 entries.
|
Step 2
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfCIActiveTimeOut.type unsigned
number
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfCIActiveTimeOut.0 unsigned 60
|
(Optional) Specifies the number of seconds that an active flow remains in the main cache before it times out.
•The value for the type argument in cnfCIActiveTimeout.type unsigned number is 0 for the main cache.
•The value for the number argument in cnfCIActiveTimeout.type unsigned number is the number of seconds that an active flow remains in the cache before it times out.
Note The range for the number argument is from 1 to 60 minutes. The default is 30 minutes.
|
Step 3
|
snmpset -c private -m all -v2c [ip-address |
hostname] ccnfCIInactiveTimeOut.type unsigned
number
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfCIInactiveTimeOut.0 unsigned 30
|
(Optional) Specifies the number of seconds that an inactive flow remains in the main cache before it times out.
•The value for the type argument in cnfCIInactiveTimeout.type unsigned number is 0 for the main cache.
•The value for the number argument in cnfCIInactiveTimeout.type unsigned number is the number of seconds that an inactive flow remains in the main cache before it times out.
Note The range for the number argument is from 10 to 600 seconds. The default is 15 seconds.
|
Identifying the Interface Number to use for Enabling NetFlow with SNMP
If you want to configure the Top Talkers feature using the Cisco IOS CLI, you do not need to perform this task.
If you want to configure the Top Talkers feature using the NetFlow MIB and SNMP, you must perform this task.
Before you can use SNMP to enable NetFlow on an interface you must identify the SNMP interface number on the router. To identify the interface number for the interface that you want to enable NetFlow on perform the steps in this required task.
SUMMARY STEPS
1. enable
2. show snmp mib ifmib ifindex type number
3. Repeat Step 2 to identify the SNMP interface number for any other interfaces that you plan to enable NetFlow on.
DETAILED STEPS
Step 1 enable
Enters privileged EXEC mode. Enter the password if prompted.
Step 2 show snmp mib ifmib ifindex type number
Displays the SNMP interface number for the interface specified.
Router# show snmp mib ifmib ifindex GigabitEthernet6/2
Ethernet0/0: Ifindex = 60
Step 3 Repeat Step 2 to identify the SNMP interface number for any other interfaces that you plan to enable NetFlow on.
Configuring NetFlow on Cisco Routers
Perform the steps in this required task using either the router CLI commands or the SNMP commands to enable NetFlow on the router.
SUMMARY STEPS
Router CLI Commands
1. enable
2. configure terminal
3. interface type number
4. ip flow {ingress | egress}
5. exit
6. Repeat Steps 3 through 5 to enable NetFlow on other interfaces
7. end
SNMP Commands
1. snmpset -c private -m all -v2c [ip-address | hostname] cnfCINetflowEnable.interface-number integer [0 | 1 | 2 | 3]
2. Repeat Step 1 to enable NetFlow on other interfaces.
DETAILED STEPS: Router CLI Commands
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
(Required) Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
(Required) Enters global configuration mode.
|
Step 3
|
interface type number
Example:
Router(config)# interface GigabitEthernet6/2
|
(Required) Specifies the interface that you want to enable NetFlow on and enters interface configuration mode.
|
Step 4
|
ip flow {ingress | egress}
Example:
Router(config-if)# ip flow ingress
and/or
Example:
Router(config-if)# ip flow egress
|
(Required) Enables NetFlow on the interface.
•ingress—captures traffic that is being received by the interface
•egress—captures traffic that is being transmitted by the interface.
|
Step 5
|
exit
Example:
Router(config-if)# exit
|
(Optional) Exits interface configuration mode and returns to global configuration mode.
Note You only need to use this command if you want to enable NetFlow on another interface.
|
Step 6
|
Repeat Steps 3 through 5 to enable NetFlow on other interfaces.
|
(Optional) —
|
Step 7
|
end
Example:
Router(config-if)# end
|
(Required) Exits the current configuration mode and returns to privileged EXEC mode.
|
DETAILED STEPS: SNMP Commands
| |
Command or Action
|
Purpose
|
Step 1
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfCINetflowEnable.interface-number
integer [0 | 1 | 2 | 3]
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfCINetflowEnable.60 integer 1
|
(Required) Configures NetFlow for an interface.
Note The value for the interface-number argument is found by entering the router CLI command show snmp mib ifmib ifindex on the router in privileged EXEC mode.
The values for the direction argument are:
•0—Disable NetFlow
•1—Enable Ingress NetFlow
•2—Enable Egress NetFlow
•3—Enable Ingress and Egress NetFlow
|
Step 2
|
Repeat Step 1 to enable NetFlow on other interfaces
|
(Optional) —
|
Configuring NetFlow Top Talkers
This task describes the procedure for configuring the NetFlow Top Talkers feature. Perform the steps in this required task using either the router CLI commands or the SNMP commands to configure the NetFlow Top Talkers feature on the router.
SUMMARY STEPS
Router CLI Commands
1. enable
2. configure terminal
3. ip flow-top-talkers
4. top number
5. sort by [packets | bytes]
6. cache-timeout milliseconds
7. end
SNMP Commands
1. snmpset -c private -m all -v2c [ip-address | hostname] cnfTopFlowsTopN.0 unsigned number
2. snmpset -c private -m all -v2c [ip-address | hostname] cnfTopFlowsSortBy.0 integer [1 | 2 | 3]
3. snmpset -c private -m all -v2c [ip-address | hostname] cnfTopFlowsCacheTimeout.0 unsigned milliseconds
DETAILED STEPS: Router CLI Commands
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
(Required) Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
(Required) Enters global configuration mode.
|
Step 3
|
ip flow-top-talkers
Example:
Router(config)# ip flow-top-talkers
|
(Required) Enters NetFlow top talkers configuration mode.
|
Step 4
|
top number
Example:
Router(config-flow-top-talkers)# top 50
|
(Required) Specifies the maximum number of top talkers that will be retrieved by a NetFlow top talkers query.
Note The valid range for the number argument is from 1 to 200 entries.
|
Step 5
|
sort-by [bytes | packets]
Example:
Router(config-flow-top-talkers)#
sort-by packets
|
(Required) Specifies the sort criterion for the top talkers.
•The top talkers can be sorted either by the total number of packets of each top talker or the total number of bytes of each top talker.
|
Step 6
|
cache-timeout milliseconds
Example:
Router(config-flow-top-talkers)#
cache-timeout 30000
|
(Optional) Specifies the amount of time that the list of top talkers is retained.
•Reentering the top, sort-by, or cache-timeout command resets the timeout period, and the list of top talkers is recalculated the next time they are requested.
•The list of top talkers is lost when the timeout period expires. You should configure a timeout period for at least as long as it takes the network management system (NMS) to retrieve all the required NetFlow top talkers.
•If this timeout value is too large, the list of top talkers might not be updated quickly enough to display the latest top talkers. If a request to display the top talkers is made more than once during the timeout period, the same results will be displayed for each request. To ensure that the latest information is displayed while conserving CPU time, configure a large value for the timeout period and change the parameters of the cache-timeout, top, or sort-by command when a new list of top talkers is required.
Note The valid range for the number argument is from 1 to 3,600,000 (1 millisecond to one hour). The default is 5000 (5 seconds).
|
Step 7
|
end
Example:
Router(config-flow-top-talkers)# end
|
(Required) Exits the current configuration mode and returns to privileged EXEC mode.
|
DETAILED STEPS: SNMP Commands
| |
Command or Action
|
Purpose
|
Step 1
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfTopFlowsTopN.0 unsigned number
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfTopFlowsTopN.0 unsigned 50
|
(Required) Specifies the maximum number of top talkers that will be retrieved by a NetFlow top talkers query.
•The value for the number argument in cnfTopFlowsTopN.0 number is the maximum number of top talkers that will be retrieved by a NetFlow top talkers query.
Note The valid range for the number argument is from 1 to 200 entries.
|
Step 2
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfTopFlowsSortBy.0 integer [1 | 2 |
3]
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfTopFlowsSortBy.0 integer 2
|
(Required) Specifies the sort criteria for the top talkers.
•Values for sort-option in cnfTopFlowsSortBy.0 [1 | 2 | 3] are:
–1—no sorting will be performed and that the NetFlow MIB and Top Talkers feature will be disabled
–2—specifies that sorting will be performed by total number of packets of each top talker
–3—that sorting will be performed by the total number of bytes of each top talker
|
Step 3
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfTopFlowsCacheTimeout.0 unsigned
milliseconds
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfTopFlowsCacheTimeout.0 unsigned
30000
|
(Optional) Specifies the amount of time that the list of top talkers is retained.
•Reentering the top, sort-by, or cache-timeout command resets the timeout period, and the list of top talkers is recalculated the next time they are requested.
•The list of top talkers will be lost when the timeout period expires. You should configure a timeout period for at least as long as it takes the network management system (NMS) to retrieve all the required NetFlow top talkers.
•If this timeout value is too large, the list of top talkers might not be updated quickly enough to display the latest top talkers. If a request to display the top talkers is made more than once during the timeout period, the same results will be displayed for each request. To ensure that the latest information is displayed while conserving CPU time, configure a large value for the timeout period and change the parameters of the cache-timeout, top, or sort-by command when a new list of top talkers is required.
Note The valid range for the number argument is from 1 to 3,600,000 (1 millisecond to one hour). The default is 5000 (5 seconds).
|
Configuring NetFlow Top Talkers Match Criteria
You can limit the traffic that is displayed by the NetFlow Top Talkers feature by configuring match criteria. The match criteria is applied to data in the main cache. The data in the main cache that meets the match criteria is displayed when you enter the show ip flow top-talkers command. To limit the traffic that is displayed by the NetFlow MIB and Top Talkers feature perform the steps in this optional task.
Before configuring NetFlow MIB and Top Talkers match criteria, you should understand the following:
• NetFlow Top Talkers Match Criteria Specified by CLI Commands
• NetFlow Top Talkers Match Criteria Specified by SNMP Commands
NetFlow Top Talkers Match Criteria Specified by CLI Commands
You can use the match CLI command to specify match criteria to restrict the display of top talkers for the NetFlow MIB and Top Talkers feature. If you do not provide matching criteria, all top talkers are displayed.
Note When configuring a matching source, destination or nexthop address, both the address and a mask must be configured. The configuration will remain unchanged until both have been specified.
Note cnfTopFlowsMatchSampler matches flows from a named flow sampler. cnfTopFlowsMatchClass matches flows from a named class map.
Note When you are configuring Top Talkers to match bytes and packets, the values that are matched are the total number of bytes and packets in the flow so far. For example, it is possible to match flows containing a specific number of packets, or flows with more or less than a set number of bytes.
The match command has the following syntax:
match {[byte-range [max-byte-number min-byte-number | max max-byte-number |
min min-byte-number] | class-map map-name | destination [address ip-address [mask | /nn] |
as as-number | port [max-port-number min-port-number | max max-port-number |
min min-port-number] | direction [ingress | egress] | flow-sampler flow-sampler-name |
input-interface interface-type interface-number | nexthop-address ip-address [mask | /nn] |
output-interface interface-type interface-number | packet-range [max-packets min-packets |
max max-packets | min min-packets] | protocol [protocol-number | udp | tcp] | source [address
ip-address [mask | /nn] | as as-number | port max-port-number min-port-number | max
max-port-number | min min-port-number] | tos [tos-byte | dscp dscp | precedence precedence]
no match {byte-range | class-map | destination [address | as | port] | direction | flow-sampler |
input-interface | protocol | source [address | as | port] | tos}
Table 1 describes the CLI commands that provide match criteria options for top talker display. You can use these commands to restrict the display of top talkers.
Table 1 CLI Commands That Provide Match Criteria Options for Top Talker Display
Router CLI Command
|
Description
|
byte-range
|
The match criterion is based on the size in bytes of the IP datagrams in the flows.
|
max-byte-number min-byte-number
|
Range of sizes for ip datagrams to be matched in bytes. Range: 1-4294967295.
|
max max-byte-number
|
Maximum size for ip datagrams to be matched in bytes. Range: 1-4294967295.
|
min min-byte-number
|
Minimum size for ip datagrams to be matched in bytes. Range: 1-4294967295.
|
class-map
|
The match criterion is based on a class map.
|
map-name
|
Name of the class map to be matched.
|
destination address
|
The match criterion is based on the destination IP address.
|
ip-address
|
The destination IP address to be matched.
|
mask
|
Address mask, in dotted decimal format.
|
/nn
|
Address mask as entered in classless interdomain routing (CIDR) format. An address mask of 255.255.255.0 is equivalent to a /24 mask in CIDR format.
|
destination as
|
The match criterion is based on the destination autonomous system.
|
as-number
|
Autonomous system number to be matched.
|
destination port
|
The match criterion is based on the destination port.
|
max-port-number
min-port-number
|
Range of port numbers for ip datagrams to be matched. Range: 0-65535.
|
max max-port-number
|
Maximum port number for ip datagrams to be matched. Range: 0-65535.
|
min min-port-number
|
Minimum port number for ip datagrams to be matched. Range: 0-65535.
|
direction
|
Direction of the flow to be matched.
|
ingress
|
The match criterion is based on ingress flows.
|
egress
|
The match criterion is based on egress flows.
|
flow-sampler
|
The match criterion is based on top talker sampling.
|
flow-sampler-name
|
Name of the top talker sampler to be matched.
|
input-interface
|
The match criterion is based on the input interface.
|
interface-type interface-number
|
The input interface to be used
|
nexthop address
|
The match criterion is based on the next-hop IP address.
|
ip-address
|
The next-hop IP address to be matched.
|
mask
|
Address mask, in dotted decimal format.
|
/nn
|
Address mask as entered in classless interdomain routing (CIDR) format. An address mask of 255.255.255.0 is equivalent to a /24 mask in CIDR format.
|
output-interface
|
The match criterion is based on the output interface.
|
interface-type interface-number
|
The output interface to be used
|
packet-range
|
The match criterion is based on the number of IP datagrams in the flows.
|
max-packets min-packets
|
Range of number of packets in the flows to be matched. Range: 1-4294967295.
|
max max-packet
|
Maximum number of packets in the flows to be matched. Range: 1-4294967295.
|
min min-packets
|
Minimum number of packets in the flows to be matched. Range: 1-4294967295.
|
protocol
|
The match criterion is based on protocol.
|
protocol-number
|
Protocol number to be matched. Range: 0 to 255.
|
tcp
|
Protocol number to be matched as TCP.
|
udp
|
Protocol number to be matched as UDP.
|
source address
|
The match criterion is based on the source IP address.
|
ip-address
|
The source IP address to be matched.
|
mask
|
Address mask, in dotted decimal format.
|
/nn
|
Address mask as entered in classless interdomain routing (CIDR) format. An address mask of 255.255.255.0 is equivalent to a /24 mask in CIDR format.
|
source as
|
The match criterion is based on the source autonomous system.
|
as-number
|
Autonomous system number to be matched.
|
source port
|
The match criterion is based on the source port.
|
max-port-number
min-port-number
|
Range of port numbers for ip datagrams to be matched. Range: 0-65535.
|
max max-port-number
|
Maximum port number for ip datagrams to be matched. Range: 0-65535.
|
min min-port-number
|
Minimum port number for ip datagrams to be matched. Range: 0-65535.
|
tos
|
The match criterion is based on type of service (ToS).
|
tos-value
|
ToS to be matched.
|
dscp dscp-value
|
Differentiated services code point (DSCP) value to be matched.
|
precedence precedence-value
|
Precedence value to be matched.
|
NetFlow Top Talkers Match Criteria Specified by SNMP Commands
If you are using SNMP commands to configure NetFlow Top Talkers, refer to the Table 2 for router CLI commands and equivalent SNMP commands.
Note Some of the SNMP match criteria options, such as the cnfTopFlowsMatchSrcAddress option, require that you enter multiple SNMP commands on the same line. For example, snmpset -c private -m all -v2c 10.4.9.62 cnfTopFlowsMatchSrcAddressType.0 integer 1 cnfTopFlowsMatchSrcAddress.0 decimal 172.16.10.0 cnfTopFlowsMatchSrcAddressMask.0 unsigned 24.
Table 2 Router CLI Commands and Equivalent SNMP Commands
Router CLI Command
|
SNMP Command
|
match source address [ip-address] [mask | /nn]
|
cnfTopFlowsMatchSrcAddress decimal ip-address
cnfTopFlowsMatchSrcAddressType integer type1
cnfTopFlowsMatchSrcAddressMask unsigned mask
|
match destination address [ip-address] [mask | /nn]
|
cnfTopFlowsMatchDstAddress decimal ip-address
cnfTopFlowsMatchDstAddressType integer type1
cnfTopFlowsMatchDstAddressMask unsigned mask
|
match nexthop address [ip-address] [mask | /nn]
|
cnfTopFlowsMatchNhAddress decimal ip-address
cnfTopFlowsMatchNhAddressType integer type1
cnfTopFlowsMatchNhAddressMask unsigned mask
|
match source port min port
|
cnfTopFlowsMatchSrcPortLo integer port
|
match source port max port
|
cnfTopFlowsMatchSrcPortHi integer port
|
match destination port min port
|
cnfTopFlowsMatchDstPortLo integer port
|
match destination port max port
|
cnfTopFlowsMatchDstPortHi integer port
|
match source as as-number
|
cnfTopFlowsMatchSrcAS integer as-number
|
match destination as as-number
|
cnfTopFlowsMatchDstAS integer as-number
|
match input-interface interface
|
cnfTopFlowsMatchInputIf integer interface
|
match output-interface interface
|
cnfTopFlowsMatchOutputIf integer interface
|
match tos [tos-value | dscp dscp-value | precedence precedence-value]
|
cnfTopFlowsMatchTOSByte integer tos-value2
|
match protocol [protocol-number | tcp | udp]
|
cnfTopFlowsMatchProtocol integer protocol-number
|
match flow-sampler flow-sampler-name
|
cnfTopFlowsMatchSampler string flow-sampler-name
|
match class-map class
|
cnfTopFlowsMatchClass string class
|
match packet-range min minimum-range
|
cnfTopFlowsMatchMinPackets unsigned minimum-range
|
match packet-range max maximum-range
|
cnfTopFlowsMatchMaxPackets unsigned maximum-range
|
match byte-range min minimum-range
|
cnfTopFlowsMatchMinBytes unsigned minimum-range
|
match byte-range max maximum-range
|
cnfTopFlowsMatchMaxPackets unsigned maximum-range
|
Configuring Source IP Address Top Talkers Match Criteria
Perform the steps in this optional task using either the router CLI commands or the SNMP commands to add source IP address match criteria to the Top Talkers configuration.
Prerequisites
You must configure NetFlow Top Talkers before you perform this task.
SUMMARY STEPS
Router CLI Commands
1. enable
2. configure terminal
3. ip flow-top-talkers
4. match source address {ip-address/nn | ip-address mask}
5. end
SNMP Commands
1. snmpset -c private -m all -v2c [ip-address | hostname] cnfTopFlowsMatchSrcAddressType.0 integer 1 cnfTopFlowsMatchSrcAddress.0 decimal ip-address cnfTopFlowsMatchSrcAddressMask.0 unsigned mask
DETAILED STEPS: Router CLI Commands
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
(Required) Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
(Required) Enters global configuration mode.
|
Step 3
|
ip flow-top-talkers
Example:
Router(config)# ip flow-top-talkers
|
(Required) Enters NetFlow top talkers configuration mode.
|
Step 4
|
match source address {ip-address/nn |
ip-address mask}
Example:
Router(config-flow-top-talkers)# match source
address 172.16.10.0/24
|
(Required) Specifies a match criterion.
•The source address keyword specifies that the match criterion is based on the source IP address.
•The ip-address argument is the IP address of the source, destination, or next-hop address to be matched.
•The mask argument is the address mask, in dotted decimal format.
•The /nn argument is the address mask as entered in CIDR format. The match source address 172.16.10.0/24 is equivalent to the match source address 172.16.10.0 255.255.255.0 command.
Note You must configure at least one of the possible match criteria before matching can be used to limit the traffic that is displayed by the Top talkers feature. Additional match criteria are optional.
Note For a full list of the matching criteria that you can select, refer to the "NetFlow Top Talkers Match Criteria Specified by CLI Commands" section.
|
Step 5
|
end
Example:
Router(config-flow-top-talkers)# end
|
(Required) Exits the current configuration mode and returns to privileged EXEC mode.
|
DETAILED STEPS: SNMP Commands
| |
Command or Action
|
Purpose
|
Step 1
|
snmpset -c private -m all -v2c [ip-address |
hostname] cnfTopFlowsMatchSrcAddressType.0
integer 1 cnfTopFlowsMatchSrcAddress.0 decimal
ip-address cnfTopFlowsMatchSrcAddressMask.0
unsigned mask
Example:
workstation% snmpset -c private -m all -v2c
10.4.9.62 cnfTopFlowsMatchSrcAddressType.0
integer 1 cnfTopFlowsMatchSrcAddress.0 decimal
172.16.10.0 cnfTopFlowsMatchSrcAddressMask.0
unsigned 24
|
(Required) Specifies a match criterion.
•The IP address type of 1 in the cnfTopFlowsMatchSrcAddressType.0 integer 1 command specifies an IP version 4 (IPv4) address for the IP address type. IPv4 is currently the only IP version that is supported.
•The ip-address argument in cnfTopFlowsMatchSrcAddress.0 decimal ip-address is the IPv4 source IP address to match in the traffic that is being analyzed.
•The mask argument in cnfTopFlowsMatchSrcAddressMask.0 unsigned mask is the number of bits in the mask for the IPv4 source IP address to match in the traffic that is being analyzed.
Note You must configure at least one of the possible match criteria before matching can be used to limit the traffic that is displayed by the Top talkers feature. Additional match criteria are optional.
Note To remove the cnfTopFlowsMatchSrcAddress match criterion from the configuration, specify an IP address type of 0 (unknown) with the cnfTopFlowsMatchSrcAddressType.0 integer 0 command.
Note For a list of router CLI commands and their corresponding SNMP commands, refer to the "Router CLI Commands and Equivalent SNMP Commands" table .
|
Verifying the NetFlow Top Talkers Configuration
To verify the NetFlow Top Talkers configuration, perform the steps in this optional task using either router CLI command or the SNMP commands.
SUMMARY STEPS
Router CLI Commands
1. show ip flow top-talkers
SNMP Command
1. snmpset -c private -m all -v2c [ip-address | hostname] cnfTopFlowsGenerate.0 integer 1
2. snmpwalk -c public -m all -v2c [
