Manufacturer: Cisco
Model(s): Nexus 9300 Series Switches
Version(s): NX-OS 10.x
Notes:
- Capable of capturing flows in both L2 and L3 interfaces
- Some models support sFlow. See separate article on guidance for Plixer recommendations on configuring sFlow on Cisco Nexus 9000 Series Switches.
Configuration steps for Lay 3 Flexible NetFlow
-
- Enable Netflow Feature
configure terminal
feature netflow
flow timeout active 60
flow timeout inactive 60- Create a Flow Record
configure terminal
flow record FLOW-RECORD
description flow record
match ip tos
match ip protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect ip version
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect transport tcp flags
exitCLI command
Description
Flow record <name>
Creates a flow record and enters flow record configuration mode.
Description <string>
Describes this flow record as a maximum 63-character string.
Match <type>
Specifies match keys. Plixer recommended keys are listed in the example above
Collect <type>
Specifies the collection field. Plixer recommended fields are listed in the example above.
- Create a flow Exporter
configure terminal
flow exporter PLIXER-COLLECTOR
description Plixer Platform Flow Collector
destination <IP of plixer collector>
source <INTERFACE>
transport udp 9995
version 9
template data timeout 60CLI command
Description
flow exporter <name>
Creates a flow exporter and enters flow exporter configuration mode
description <string>
Describes this flow exporter as a maximum 63-character string
destination <ip> [use vrf-name]
IPv4 address of the Plixer collector. You can optionally configure the VRF to use to reach the NetFlow Collector.
source <interface name/port>
Specifies the interface to use to reach the Plixer Collector.
transport udp <port>
Specifies the UDP port to use to reach the NetFlow Collector. The range is from 0 to 65535.
version 9
Specifies the NetFlow export version. Choose version 9 to enter the flow exporter version 9 configuration submode
template data timeout <seconds>
Sets the template data resend timer. The range is from 1 to 86400 seconds. Plixer recommends 60 seconds.
- Create a Flow Monitor
configure terminal
flow monitor FLOW-COLLECTION
description Layer 2 flow collection
record FLOW-RECORD
exporter PLIXER-COLLECTORCLI command
Description
flow monitor <name>
Creates a flow monitor and enters flow monitor configuration mode
description <string>
Describes this flow monitor as a maximum 63-character string
record <name>
Associates a flow record with this flow monitor.
exporter <name>
Associates a flow exporter with this flow monitor.
- Apply a Flow Monitor to an interface
configure terminal
interface <interface>
ip flow monitor FLOW-COLLECTION input
CLI command
Description
Ip flow monitor <ipv4 |ipv6> input
Associates an IPv4 or IPv6 flow monitor to the interface for input packets.
[Optional] Configuration Steps for Layer 2 Flexible NetFlow interfaces
- Create a Layer 2 Flow Record
flow record L2-FLOW-RECORD
description Layer 2 flow record
match datalink ethertype
match datalink vlan
match datalink mac source-address
match datalink mac destination-address
exit
- Create a Layer 2 Flow Monitor
configure terminal
flow monitor L2-FLOW-MONITOR
description Layer 2 flow collection
record L2-FLOW-RECORD
exporter PLIXER-COLLECTOR
exit
- Apply a Flow Monitor to a Layer 2 interface
configure terminal
interface <slot/port or port-channel number>
switchport
mac packet-classify
layer2-switched flow monitor L2-FLOW-MONITOR input
exit