12-11-2009 07:44 AM - edited 03-06-2019 08:55 AM
Hi Guru's
wondering whether you can help?
Is their a Cisco Cli command for specifying the Sampling Rate for Netflow purposes across Cisco Hardware eg 1700, 2800, 2900, 3500, 3600, 3700, 6500, 3120 BS, ASA Firewalls etc
Eg Sampling Rate as in "1 in 512"
Thanks in advance .....
12-11-2009 09:30 AM
Hello Harry,
The following document will explain it and show you how to configure sampled netflow on cisco routers :
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/nfstatsa.html#wp1045102
The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode that Random Sampled NetFlow uses, incoming packets are randomly selected so that one out of each n sequential packets is selected on averagen value is a parameter from 1 to 65535 packets that you can configure. for NetFlow processing. For example, if you set the sampling rate to 1 out of 100 packets, then NetFlow might sample the 5th, 120th, 199th, 302nd, and so on packets. This sample configuration provides NetFlow data on 1 percent of total traffic. The
The configuration will also depend on the IOS version that you are running.
As an example:
6500 running 12.2SXH - http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/nde.html#wp1164287
I hope this can answer your question... =)
Cheers,
Renata
12-14-2009 02:57 AM
Hi Renata,
Thanx for the reply....does Netflow work on Layer2 switches, running CatOS?.
Rgds.
Harry
12-14-2009 03:24 AM
Yes it is supported.
Here is a summary of the Netflow Supervisor NDE with regards to L3 Netflow, Bridged Netflow Statistics (L2 Netflow) and SNMP interface index (SUP version 5 NDE).
L3 Netflow with Hybrid SUP2/MSFC2:
The SUP2 NDE provides SNMP interface index for LAN ports as of CatOS 6.3.6.
Support for interface index on WAN interfaces is added in CatOS 7.3.1 and the WAN interface index support also requires the MSFC2 to run 12.1(12c)E1.
L3 Netflow with Native SUP2/MSFC2:
The LAN and WAN interface index information is planned for 12.1(13)E Supervisor IOS.
L2 Netflow known as Bridged Netflow Statistics is available as of CatOS 7.2.2 and later. When Bridged Netflow Stats are enabled NDE provides flows for traffic between hosts on the same VLAN.
L2 Netflow with SUP1A:
Bridged Netflow Statistics provide SNMP interface index information for LAN ports when this feature is used with a SUP1A and no MSFC/MSFC2.
L2 Netflow with SUP2:
Due to the CEF-based MLS of the SUP2, Bridged Netflow Statistics cannot provide SNMP interface index information for LAN ports when this feature is used with a SUP2 and no MSFC2. On the SUP2 a "completed CEF adjacency" is required in order for NDE to provide interface index information. The completed CEF adjacency is not possible without a MSFC2 doing Layer 3 switching.
L2 Netflow with Hybrid SUP2/MSFC2:
Bridged Netflow Statistics can be enabled in addition to normal Layer 3 switching and both L2 and L3 flows will be exported. As long as there are completed CEF adjacencies the interface index information for flows from Bridged Netflow Statistics will be provided. So in other words if a host on VLAN x is L3 switched to a host on VLAN y there will be a completed CEF adjacency and then if the host on VLAN x talks to another host on VLAN x its interface index will be available in the Bridged Flow Statistics.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide