Fluke Computer Accessories manual Ip flow-cache timeout active, Ip flow-cache timeout inactive

Page 79

User’s Guide – version 3.5

NetFlow Tracker

ip flow-cache timeout active 1

This breaks up long-lived flows into one-minute segments.

ip flow-cache timeout inactive 15

This ensures that flows that have finished are exported in a timely manner.

interface <interface>

ip route-cache flow or ip flow ingress or ip route-cache cef bandwidth <kbps>

exit

You need to enable NetFlow on each interface through which traffic you are interested in will flow. This will normally be the Ethernet and WAN interfaces. Note that there are several commands to enable NetFlow on an interface and you must use the same command for every interface. ip route-cache flow and ip flow ingress enable NetFlow for inbound traffic on the interface; the only difference between the two is that the latter can be applied to individual sub-interfaces whereas the former must be applied to the physical interface. Be careful not to enable NetFlow for both a physical interface and one or more of its sub-interfaces.

ip flow egress enables NetFlow for outbound traffic on the interface and is required if you are using input filters. You may enable NetFlow for both inbound and outbound traffic on a single interface if you are interested only in its traffic; in this case ensure that no other interface has NetFlow enabled.

Egress NetFlow is also useful if you are monitoring a router that is applying QoS to the traffic it routes – by using egress NetFlow you will see the QoS settings that the router applied rather than those that were on the traffic before it was routed.

You may also need to set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATM virtual circuits. Note that a Catalyst 4000 series switch does not support any of the commands to enable NetFlow for an interface; instead NetFlow is enabled for all interfaces using a special command documented below.

show ip flow export

This will show the current NetFlow configuration. Issue this in normal (not configuration) mode.

show ip cache flow

show ip cache verbose flow

These commands issued in normal mode summarize the active flows and give an indication of how much NetFlow data the router is exporting.

79

Image 79

Contents NetFlow Tracker Contents LONG-TERM Reports Appendix 2 CSV File Format Grant of Licence and Payment of Fees Software License AgreementCopyright Customer Remedies Confidential Information and Security User’s Guide version NetFlow Tracker Definitions Supplier’s Undertakings Support ServicesSupport Charges Undertakings by YouIntellectual Property Rights Limitation of Liability and indemnityTermination Miscellaneous Confidential Information and SecuritySupport Hours Exceptions to Support ServicesResponse Times Introduction What is NetFlow?What is NetFlow Tracker? Features and BenefitsUser’s Guide version NetFlow Tracker Operating System Support InstallationPre-installation Checks Minimum System RequirementsInstallation on Microsoft Windows Installation on Linux Post-installation Tasks Add listener ports Set up Snmp community stringsSet up web front-end security Configure your routers and switchesUsing NetFlow Tracker Interfaces Device traffic metersPer-AS data Working with ChartsChanging the displayed chart Chart legendZooming out View a standard chart as a pie chartView a standard chart as a tabular report ZoomingOpen the chart in a new window Alter the filter applied to a standard chartExport a chart to another application Print the chartWorking with Tabular Reports Working with Pie ChartsExamine a single row Sort a tabular reportAddress Reports Report TemplatesSession Reports Network Reports QoS ReportsOther Reports Creating Filtered ReportsInterface Reports Traffic Identification ReportsStart time Report templateSample size Source dataOut interface Time zoneSource device InterfaceSrc/dest port ProtocolSource port Dest portDest AS DiffServTraffic class Source ASFilter Editor Long-term ReportsDevices and Interfaces Per-device and Per-interface Long-term ReportsUser’s Guide version NetFlow Tracker Reports General Form Report URL FormatReport Format Parameters 0026 00230024 0025True ChartPie Number256 FeaturesSections 128Time Range Parameters Week MillisHour DayCalendar-based advanced Time range will extend for this number of unitsApplying a time-of-day mask to the time range HHmmDay1-day2/time1-time2 113 110105 100125 115120 140Daily 285300 MinuteFilter Parameters Addr1-addr2 NamePort1-port2 Port1-port2/number Port/namePort/number Port1-port2/nameCode PrecTos Prec%20tosMask Addr/maskSecurity Parameters PasswordUsername Secret Management Portal Access Control ParametersNull VPN Out VPN Refresh and Resolve All buttons, if applicable Chart scrollbarChart selection headers Filter Editor button, if applicableQuery Size Performance TuningDatabase Server Settings Disk SpeedListener Ports Configuration GuideSnmp Settings LicensingDevice Settings Device SettingsDevice List Sampled Data Scaling VPNs Security SettingsHttp//proxy/tracker1/report.jsp?portalacl= Management Portal SettingsHttp//proxy/tracker1/report1 Http//tracker1/report.jsp?portalsecret=secret&aclif=ProxyPassReverse /tracker1/ http//1.2.3.4 Using Apache as a Portal ServerRewriteEngine On RewriteRule /tracker1/.*$ http//1.2.3.4/$1 P,L,QSAGeneral Settings Report SettingsReal-time Reports Scheduled Reports Saved FiltersLong-term Reports Executive Reports Span class=repdesctextTest/span Content Nelements=5 and chartWidth=400Sub-reports User’s Guide version NetFlow Tracker IP Application Names Hostname Resolution SettingsDiffServ Names AS Names Database SettingsSubnet Names Backup Archiving Memory SettingsPerformance Counters Unprocessed Flowsets NetFlow Data ReceivedTraffic Described Ignored FlowsNo In Interface AboutIp flow-export destination address Appendix 1 Device ConfigurationEnabling Netflow Export on an IOS Device Ip cefShow ip cache flow Show ip cache verbose flow Ip flow-cache timeout activeIp flow-cache timeout inactive Show ip flow exportMls aging long Ip route-cache flow infer-fieldsMls netflow Mls nde sender versionUser’s Guide version NetFlow Tracker Set mls nde address Set mls bridged-flow-statistics enable vlanlistSet mls nde enable Set system name nameEnabling Flow Detail Records on a Packeteer Device Flow-sampler-map allflows mode random one-out-of 1 exitEnabling NetFlow on an Enterasys Device Tabular report CSV format Chart CSV formatPie chart CSV format Appendix 2 CSV File FormatTabular report XML format Chart XML formatPie chart XML format Appendix 3 XML FormatAppendix 4 Third Party Software Components JspSmartUpload Quartz