Configuring Flexible NetFlow – Catalyst 3850 Switches

Truly received a lot of requests pertaining to assistance with typically the Cisco Prompt 3850 NetFlow configuration a short while ago, and in searching for this particular setup, uncovered your licensing need. One of the users that we many hundreds of had often the LAN starting license grade. NetFlow export products are not reinforced for that security officer licensing level, alternatively, an IP base certificate level inside in the Barullo 3850 NetFlow requirements.

One time that prerequisite is met, we will then will leave your site and go to configuring Accommodating NetFlow.
As with every Flexible NetFlow configuration, you can find 4 most important steps:
1)Define the exact Flow Capture – is which farms are released
2) Establish the Movement Exporter , defines wheresoever flows will be exported that will
3) Specify the Move Monitor : joins the very Flow Record(s) and Pass Exporter(s) together with each other
4)Put on the Circulate Monitor towards interface(s)

Here’s a sample 3850 NetFlow construction. Note that there are actually 2 stream record upgrades and couple of flow observe definitions. That is the fault only one movement monitor a interface plus per focus is recognized. (Another Bendable NetFlow cap for the Driver 3850). Hence there is a person record distinction for ingress flows just one more for egress, and also not one but two flow watches, one just about every for ingress and egress flows.

**********************************************************

flow record FNF-input

description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface input
match ipv4 tos
match flow direction

collect interface output
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow record FNF-output

description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface output
match ipv4 tos
match flow direction

collect interface input
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow exporter Scrutinizer

description Export to Scrutinizer
destination 10.1.1.10
source gigabitEthernet1/0/1
transport udp 2055

flow monitor Scrut_mon_input

description IPv4 FNF ingress exports
exporter Scrutinizer
record FNF-input
cache timeout active 60

flow monitor Scrut_mon_output

description IPv4 FNF egress exports
exporter Scrutinizer
record FNF-output
cache timeout active 60

Applying the flow monitor(s) to interface(s). This last step is repeated for all interfaces that are to be monitored.

interface GigabitEthernet1/0/1
ip flow monitor Scrut_mon_input input
ip flow monitor Scrut_mon_output output

To verify that the correct information was entered for each of the Flexible NetFlow configuration steps, the following commands can be run on the Catalyst 3850.

show flow record [record-name] example: show flow record FNF

show flow exporter [exporter-name] example: show flow exporter Scrutinizer

show flow monitor [monitor-name] example: show flow monitor FNF_Scrutinizer

show flow interface [interface-type number] example: show flow interface GigabitEthernet1/0/1

******************************************************

Because you have Adaptive enough NetFlow tweaked, what features are available back to you with Estruendo 3850 NetFlow support? Well, by mingling the Multipurpose NetFlow conveying capabilities of your 3850 by using a powerful highly developed flow coverage and considering solution, report generation such as available in the case below is only one of the prospects.