If you are like me ;), you will hate typing in long commands again and again.... and again..... and again, here we have the solution for it. Instead of typing "show ip interface brief" all the time wouldn't it be nice to just type sib or any short cut you want. We can do it just by configuring an alias.
Let's take a closer look at the alias command. This command is used at Global Configuration mode, enter the alias and identify the level for which you specify the alias. Some example are given as under:
Use alias exec for Privileged Mode (Command you use at the Router#)
Use alias configure for Global Configuration Mode (Command you use at the Router(config)#)
Use alias interface for Interface Configuration Mode (Command you use at the Router(config-if)# prompt)
After specifying the privilege level, enter the alias you want to create and the command you want it to stand for.
"As far as I know, you can configure an alias to do anything that you can do at the command line. Of course, there's a catch: An alias can't move between modes, type in passwords, or do anything interactive for you". Reference: Click Here
Eamples (Alias):
1. Router(config) # alias exec sib show ip interface brief
2. Router(config) # alias exec sr show ip route
3. Router(config) # alias exec r show running
4. Router(config) # alias exec son show ip ospf neighbour
5. Router(config) # alias configure rr router rip
6. Router(config) # alias configure ro router ospf
7. Router(config) # alias interface ns no shutdown
Default Alias:
1. P for ping
2. h for help
3. u and un for undebug
So likewise we can configure different alias and make our life easy.
I Hope this will be informative for you.
Cheers :)
Saturday, August 28, 2010
Sunday, August 15, 2010
Advance WAN Configuration, Frame Relay
While preparing for my CCIE (Routing & Switching), I am going through the detail concept of each topic, lets talk little bit about frame relay. The different terminology that are used in frame realy are as under:
Terminlogy
Permanent Virtual Circuti (PVC)
Data-Link Connection Identifier (DLCI)
Local Management Interface (LMI)
Network-to-Network Interface (NNI)
Local Access Rate / Committed Information Rate
Configuration
Base Config, W/Inverse-ARP
Manual Config, Sub-Interfaces
Hybrid Config Example
Verification
Frame-Relay Config, W/Inverse ARP
What this Inverse-ARP means, when Router-A sends request with DLCI 102 so the response of Router-B is positve that I available here so this response of Router-B is Inverse-ARP. Whenever configuration of frame relay is done so we can have any one of the following state by issuing a single command:
Router-B # Show frame-relay map
Status:
Active: This means that Local and Remote connection are working
InActive: This means that Local Connection is woring while Remote is not working
Deleted: Local Connection is not working while Remote is unknown
Let suppose Router-A say to Router-B that I want to reach DLCI 109 and in response Router-B say I am unaware of this DLCI so this is Deleted Status.
Lets look at the output on one router
Router-C#show frame-relay map
Serial1/0 (up): ip 172.16.1.3 dlci 301(0x12D,0x48D0), static,
broadcast,
CISCO, status defined, active
Serial1/0 (up): ip 172.16.1.1 dlci 301(0x12D,0x48D0), static,
broadcast,
CISCO, status defined, active
NOTE: In CCIE Lab and actual lab we have to turn off this INVERSE-ARP as it will dynamically find the DLCI and Traffice will send to those route to which we don’t want to send.
Frame Relay Configuration, Sub Interfaces
First Let me clear why we using sub-interfaces, why not single interfaces so there are couple of reason for it, 1st Reason is that we have two different subnets, 2nd Reason is Due to Split Horizon (“It states that don’t send traffic back on interface on which it arrives” for further deatil see Here), 3rd Reason is that look at the topology when LAN traffic of Router-B send to Router-A so it will send to Router-C and Routing loops will be created and split-horizon rules tells us not to do this, so we use sub-interfaces for this reason.
Look at the configuration below, but let me explain two commands that why I used that here:
Router-A (config) # interface serial 1/0
Router-A (config-if) # no frame-relay inverse-arp
We block to discover who is on other side
Router-A (config-if) # no arp frame-relay
This command states that one any onw try to access you, so don’t response
After configuration between Router-A and Router-B as Point-to-Point and Router-A and Router-C, Router-D as Multipoint so when we chek connectivity between Router-C and Router-D so it will not work as we have to do the DLCI mapping for them also.
Another most important thing is that at end of all configuraion The Router-D LAN traffice will be there in Router-A but not in Router-B and Router-C and it is because of split-horizon, so we have to turn off it manually (Traffice send from Router-D on interface serial 1/0.2)
Router-A(config)# interface serial 1/0.2
Router-A(config-subif)# no ip split-horizon eigrp 1
Router-C # show ip route
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:01:12, Null0
C 172.16.1.0/24 is directly connected, Serial1/0
D 10.0.0.0/8 [90/2681856] via 172.16.1.1, 00:00:12, Serial1/0
C 192.168.2.0/24 is directly connected, FastEthernet2/0
D 192.168.3.0/24 [90/2684416] via 172.16.1.1, 00:00:07, Serial1/0
The Router-D LAN route is shown as bold in the output.
Now lets look at the detail configuration on each router:
Frame-Relay Switch
hostname FRS
!
boot-start-marker
boot-end-marker
!
ip cef
!
frame-relay switching
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no fair-queue
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 102 interface Serial1/1 201
frame-relay route 103 interface Serial1/2 301
frame-relay route 104 interface Serial1/3 401
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 201 interface Serial1/0 102
!
interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 301 interface Serial1/0 103
!
interface Serial1/3
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 401 interface Serial1/0 104
!
Router-A CONFIGURATIONS
!
hostname A
!
ip cef
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no fair-queue
no arp frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 point-to-point
ip address 10.1.1.1 255.255.255.0
frame-relay interface-dlci 102
!
interface Serial1/0.2 multipoint
ip address 172.16.1.1 255.255.255.0
no ip split-horizon eigrp 1
frame-relay map ip 172.16.1.3 104 broadcast
frame-relay map ip 172.16.1.2 103 broadcast
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
auto-summary
!
Router-C CONFIGURATIONS
!
hostname C
!
no aaa new-model
!
!
ip cef
interface Serial1/0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no arp frame-relay
frame-relay map ip 172.16.1.3 301 broadcast
frame-relay map ip 172.16.1.1 301 broadcast
no frame-relay inverse-arp
frame-relay lmi-type cisco
!
interface FastEthernet2/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 172.16.0.0
network 192.168.2.0
auto-summary
!
I Hope this will be informative for You !
Cheers :)
Terminlogy
Permanent Virtual Circuti (PVC)
Data-Link Connection Identifier (DLCI)
Local Management Interface (LMI)
Network-to-Network Interface (NNI)
Local Access Rate / Committed Information Rate
Configuration
Base Config, W/Inverse-ARP
Manual Config, Sub-Interfaces
Hybrid Config Example
Verification
Frame-Relay Config, W/Inverse ARP
What this Inverse-ARP means, when Router-A sends request with DLCI 102 so the response of Router-B is positve that I available here so this response of Router-B is Inverse-ARP. Whenever configuration of frame relay is done so we can have any one of the following state by issuing a single command:
Router-B # Show frame-relay map
Status:
Active: This means that Local and Remote connection are working
InActive: This means that Local Connection is woring while Remote is not working
Deleted: Local Connection is not working while Remote is unknown
Let suppose Router-A say to Router-B that I want to reach DLCI 109 and in response Router-B say I am unaware of this DLCI so this is Deleted Status.
Lets look at the output on one router
Router-C#show frame-relay map
Serial1/0 (up): ip 172.16.1.3 dlci 301(0x12D,0x48D0), static,
broadcast,
CISCO, status defined, active
Serial1/0 (up): ip 172.16.1.1 dlci 301(0x12D,0x48D0), static,
broadcast,
CISCO, status defined, active
NOTE: In CCIE Lab and actual lab we have to turn off this INVERSE-ARP as it will dynamically find the DLCI and Traffice will send to those route to which we don’t want to send.
Frame Relay Configuration, Sub Interfaces
First Let me clear why we using sub-interfaces, why not single interfaces so there are couple of reason for it, 1st Reason is that we have two different subnets, 2nd Reason is Due to Split Horizon (“It states that don’t send traffic back on interface on which it arrives” for further deatil see Here), 3rd Reason is that look at the topology when LAN traffic of Router-B send to Router-A so it will send to Router-C and Routing loops will be created and split-horizon rules tells us not to do this, so we use sub-interfaces for this reason.
Look at the configuration below, but let me explain two commands that why I used that here:
Router-A (config) # interface serial 1/0
Router-A (config-if) # no frame-relay inverse-arp
We block to discover who is on other side
Router-A (config-if) # no arp frame-relay
This command states that one any onw try to access you, so don’t response
After configuration between Router-A and Router-B as Point-to-Point and Router-A and Router-C, Router-D as Multipoint so when we chek connectivity between Router-C and Router-D so it will not work as we have to do the DLCI mapping for them also.
Another most important thing is that at end of all configuraion The Router-D LAN traffice will be there in Router-A but not in Router-B and Router-C and it is because of split-horizon, so we have to turn off it manually (Traffice send from Router-D on interface serial 1/0.2)
Router-A(config)# interface serial 1/0.2
Router-A(config-subif)# no ip split-horizon eigrp 1
Router-C # show ip route
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
D 172.16.0.0/16 is a summary, 00:01:12, Null0
C 172.16.1.0/24 is directly connected, Serial1/0
D 10.0.0.0/8 [90/2681856] via 172.16.1.1, 00:00:12, Serial1/0
C 192.168.2.0/24 is directly connected, FastEthernet2/0
D 192.168.3.0/24 [90/2684416] via 172.16.1.1, 00:00:07, Serial1/0
The Router-D LAN route is shown as bold in the output.
Now lets look at the detail configuration on each router:
Frame-Relay Switch
hostname FRS
!
boot-start-marker
boot-end-marker
!
ip cef
!
frame-relay switching
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no fair-queue
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 102 interface Serial1/1 201
frame-relay route 103 interface Serial1/2 301
frame-relay route 104 interface Serial1/3 401
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 201 interface Serial1/0 102
!
interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 301 interface Serial1/0 103
!
interface Serial1/3
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 401 interface Serial1/0 104
!
Router-A CONFIGURATIONS
!
hostname A
!
ip cef
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no fair-queue
no arp frame-relay
no frame-relay inverse-arp
!
interface Serial1/0.1 point-to-point
ip address 10.1.1.1 255.255.255.0
frame-relay interface-dlci 102
!
interface Serial1/0.2 multipoint
ip address 172.16.1.1 255.255.255.0
no ip split-horizon eigrp 1
frame-relay map ip 172.16.1.3 104 broadcast
frame-relay map ip 172.16.1.2 103 broadcast
!
router eigrp 1
network 10.0.0.0
network 172.16.0.0
auto-summary
!
Router-C CONFIGURATIONS
!
hostname C
!
no aaa new-model
!
!
ip cef
interface Serial1/0
ip address 172.16.1.2 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
no arp frame-relay
frame-relay map ip 172.16.1.3 301 broadcast
frame-relay map ip 172.16.1.1 301 broadcast
no frame-relay inverse-arp
frame-relay lmi-type cisco
!
interface FastEthernet2/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 172.16.0.0
network 192.168.2.0
auto-summary
!
I Hope this will be informative for You !
Cheers :)
Friday, August 13, 2010
Why 3550 and SMI v/s EMI
Before I discuss difference between SMI and EMI ios on Cisco catalyst switch (3550), lets first talk about a big Question WHY 3350 switch ?
1. First Switch which can be a Router
2. Some other features support like Uplink Fast / Backbone Fast / Rapid STP
3. HUGE bandwidth optimization using Layer-2 and Layer-3 Etherchannel
4. Advance QoS Features
Models
1. 3550-24
2. 3550-48
3. 3550-12T
4. 3550-12G
3550-24 and 48 are either 10-Base, 100-Base or 1000-Base. While 3550-12T provides 10-ports of having speed either 10, 100 or 1000 Base while having 2-GBIC ports which is used for Fiber connectivity. On the other hand 3550-12G provides 10-GBIC ports and two Cat-5 ports of respective speed.
Now Lets talk about the ios that 3550 switch has, it will be either 3550-EMI IOS or 3550-SMI IOS so we should know the difference between these two so that we can decide which ios to go for:
The 3550 is either a Layer-2 or Layer-3 switch, which depends on the software version and feature set that you install. The naming conventions for 3550 images can be any one:
ipbase (Formerly SMI): Cisco IOS IP base image and device manager files. This image has Layer 2+ and basic Layer 3 routing (Static, RIP) features.
ipservices(Formerly EMI): Cisco IOS IP services image and device manager files. This image has Layer 2+ and full Layer 3 features.
ipbasek9: Cisco IOS IP base cryptographic image and device manager files. This image has the Kerberos, Secure Shell (SSH), Layer 2+, and basic Layer 3 routing features.
ipservicesk9: Cisco IOS IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features.
The differences between the two are:
SMI
The SMI image is essentially an L2-only image. However, SMI adds basic L3 functionality to the image. This L3 functionality includes static unicast routing, the Routing Information Protocol (RIP), and other features.
EMI
The EMI image is an L2 image in combination with a full L3 feature set. This feature set includes:
Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP)
Open Shortest Path First (OSPF) Protocol
Border Gateway Protocol Version 4 (BGP4)
Hot Standby Router Protocol (HSRP)
Protocol Independent Multicast (PIM)
Other advanced services
I Hope this will be informative for you !
Cheers :)
1. First Switch which can be a Router
2. Some other features support like Uplink Fast / Backbone Fast / Rapid STP
3. HUGE bandwidth optimization using Layer-2 and Layer-3 Etherchannel
4. Advance QoS Features
Models
1. 3550-24
2. 3550-48
3. 3550-12T
4. 3550-12G
3550-24 and 48 are either 10-Base, 100-Base or 1000-Base. While 3550-12T provides 10-ports of having speed either 10, 100 or 1000 Base while having 2-GBIC ports which is used for Fiber connectivity. On the other hand 3550-12G provides 10-GBIC ports and two Cat-5 ports of respective speed.
Now Lets talk about the ios that 3550 switch has, it will be either 3550-EMI IOS or 3550-SMI IOS so we should know the difference between these two so that we can decide which ios to go for:
The 3550 is either a Layer-2 or Layer-3 switch, which depends on the software version and feature set that you install. The naming conventions for 3550 images can be any one:
ipbase (Formerly SMI): Cisco IOS IP base image and device manager files. This image has Layer 2+ and basic Layer 3 routing (Static, RIP) features.
ipservices(Formerly EMI): Cisco IOS IP services image and device manager files. This image has Layer 2+ and full Layer 3 features.
ipbasek9: Cisco IOS IP base cryptographic image and device manager files. This image has the Kerberos, Secure Shell (SSH), Layer 2+, and basic Layer 3 routing features.
ipservicesk9: Cisco IOS IP services cryptographic image and device manager files. This image has the Kerberos, SSH, Layer 2+, and full Layer 3 features.
The differences between the two are:
SMI
The SMI image is essentially an L2-only image. However, SMI adds basic L3 functionality to the image. This L3 functionality includes static unicast routing, the Routing Information Protocol (RIP), and other features.
EMI
The EMI image is an L2 image in combination with a full L3 feature set. This feature set includes:
Interior Gateway Routing Protocol (IGRP) and Enhanced IGRP (EIGRP)
Open Shortest Path First (OSPF) Protocol
Border Gateway Protocol Version 4 (BGP4)
Hot Standby Router Protocol (HSRP)
Protocol Independent Multicast (PIM)
Other advanced services
I Hope this will be informative for you !
Cheers :)
Tuesday, August 10, 2010
Golden Rule of BGP
BGP does not enable one AS to send traffic to a neighbor AS intending that the traffic take a different route from that taken by traffic originating in the neighbor AS. RFC 1711
While preparing for my CCIE, I came across with the above statement showed as Golden Rule of BGP but believe me I didn’t get what it means while reading for the first time, in fact after reading more than ten times I got a little bit, then after some help and consultancy I got the whole idea, let me explain what it means:
“This simply means that don’t tell a person how to work” means that we are not allowed suggesting other AS traffic to follow which path or another servide provider tell us what to do.
Cheers :)
While preparing for my CCIE, I came across with the above statement showed as Golden Rule of BGP but believe me I didn’t get what it means while reading for the first time, in fact after reading more than ten times I got a little bit, then after some help and consultancy I got the whole idea, let me explain what it means:
“This simply means that don’t tell a person how to work” means that we are not allowed suggesting other AS traffic to follow which path or another servide provider tell us what to do.
Cheers :)
Friday, August 6, 2010
Core Knowledge Questions Removed for CCIE R&S and Voice Lab Exams
I am going to appear for CCIE (R&S) Bootcamp on 9th August 2010 in Corvit Lahore. Last Night i was looking on www.cisco.com. I was reading about CCIE, i came across with this statement "CCIE R&S and CCIE Voice Lab Exams, in all global locations, will no longer include the four open-ended Core Knowledge questions" for further detail consult reference links.
Reference:
www.cisco.com/web/learning/le3/ccie/index.htm
or
https://learningnetwork.cisco.com/docs/DOC-6484
Cheers :)
Reference:
www.cisco.com/web/learning/le3/ccie/index.htm
or
https://learningnetwork.cisco.com/docs/DOC-6484
Cheers :)
Tuesday, August 3, 2010
Configuring Cisco IOS Net Flow and NetFlow Data Export
NetFlow is an application which works independently on internetworking devices and have no impact on other device operation. This application provides statistics of packet flowing through the cisco devices. There are some pre-requisities for configuring this application on cisco router:
1. Configuring IP Routing
2. CEF, Fast Switching or Distributed CEF any one should be configured
3. You have sufficient resources as this application consume more memory
Step-by-Step Procedure
1. Enable
2. Configure Terminal
3. IP flow-export [Destination Address] Optional
4. IP flow-export version 9
5. interface [interface type][interface number]
6. ip flow [ingress|egress]
7. exit
8. end
The Detail description of each step is discuss as under:
1. Eenter your desired password if prompt
My-Router > enable
2. Enter global configuration mode by entering following command
My-Router # configure terminal
3. Specify IP address or hostname of the workstation to which you want to send your NetFlow traffic. The workstation is running an application such as NetFlow Collection Engine (NFC). (Optional)
My-Router (config) # ip flow-export destination 192.168.1.1
4. Enable the export of information in NetFlow cache entries. The version 9 the export packet follow version 9 format. (Optional)
My-Router (config) # ip flow-export version 9
5. Specify the interface for which you want to enable NetFlow on
My-Router (config) # interface serial 2/0
6. Enable NetFlow on interface, Ingress (Capture traffic that is recieved by the interface), Egress (Capture traffic that is being transmitted by the interface)
My-Router (config) # interface serial 2/0
My-Router (config-if) # ip flow ingress | egress
7. Optional, now exit global configuration mode
My-Router (config) # exit
My-Router #
Verification:
To Verify that NetFlow is working properly, issue following command
1. show ip flow interface
This command display NetFlow configuration for an interface. The following is sample output from this command:
My-Router# show ip flow interface
Serial 2/0
ip flow ingress
2. show ip cache flow
This command use to verify that NetFlow is operational, and to display a summary of the NetFlow statistics. The following is sample output from this command:
My-Router# show ip cache flow
IP packet size distribution (1103746 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2921778 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.8 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.1 1799.6 0.9
ICMP 135 0.0 1133 427 3.1 1799.6 0.8
Total: 945 0.0 1166 91 22.4 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 192.168.5.9 Et1/0.1 172.16.10.200 01 0000 0C01 51
Et0/0 10.10.1.1 Null 172.16.11.5 11 0043 0043 51
Et0/0 10.10.1.1 Null 172.16.11.5 11 0045 0045 51
3. show ip cache verbose flow
Use this command to verify that NetFlow is operational and to display a detailed summary of the NetFlow statistics. The following is sample output from this command:
My-Router # show ip cache verbose flow
IP packet size distribution (1130681 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2992518 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.6 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.0 1799.6 0.9
ICMP 135 0.0 1133 427 3.0 1799.6 0.8
Total: 945 0.0 1166 91 21.9 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Et0/0 192.168.5.9 Et1/0.1 172.16.10.200 01 00 10 799
0000 /0 0 0C01 /0 0 0.0.0.0 28 1258.1
Et0/0 10.10.1.1 Null 172.16.11.5 11 00 10 799
0043 /0 0 0043 /0 0 0.0.0.0 28 1258.0
Et0/0 10.10.1.1 Null 172.16.11.5 11 00 10 799
0045 /0 0 0045 /0 0 0.0.0.0 28 1258.0
Et0/0 10.24.3.1 Et1/0.1 172.16.10.2 01 00 10 799
0000 /0 0 0800 /0 0 0.0.0.0 28 1258.1
Et0/0 10.10.1.1 Null 172.16.11.6 11 00 10 799
0044 /0 0 0044 /0 0 0.0.0.0 28 1258.1
1. Configuring IP Routing
2. CEF, Fast Switching or Distributed CEF any one should be configured
3. You have sufficient resources as this application consume more memory
Step-by-Step Procedure
1. Enable
2. Configure Terminal
3. IP flow-export [Destination Address] Optional
4. IP flow-export version 9
5. interface [interface type][interface number]
6. ip flow [ingress|egress]
7. exit
8. end
The Detail description of each step is discuss as under:
1. Eenter your desired password if prompt
My-Router > enable
2. Enter global configuration mode by entering following command
My-Router # configure terminal
3. Specify IP address or hostname of the workstation to which you want to send your NetFlow traffic. The workstation is running an application such as NetFlow Collection Engine (NFC). (Optional)
My-Router (config) # ip flow-export destination 192.168.1.1
4. Enable the export of information in NetFlow cache entries. The version 9 the export packet follow version 9 format. (Optional)
My-Router (config) # ip flow-export version 9
5. Specify the interface for which you want to enable NetFlow on
My-Router (config) # interface serial 2/0
6. Enable NetFlow on interface, Ingress (Capture traffic that is recieved by the interface), Egress (Capture traffic that is being transmitted by the interface)
My-Router (config) # interface serial 2/0
My-Router (config-if) # ip flow ingress | egress
7. Optional, now exit global configuration mode
My-Router (config) # exit
My-Router #
Verification:
To Verify that NetFlow is working properly, issue following command
1. show ip flow interface
This command display NetFlow configuration for an interface. The following is sample output from this command:
My-Router# show ip flow interface
Serial 2/0
ip flow ingress
2. show ip cache flow
This command use to verify that NetFlow is operational, and to display a summary of the NetFlow statistics. The following is sample output from this command:
My-Router# show ip cache flow
IP packet size distribution (1103746 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2921778 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.8 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.1 1799.6 0.9
ICMP 135 0.0 1133 427 3.1 1799.6 0.8
Total: 945 0.0 1166 91 22.4 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Et0/0 192.168.5.9 Et1/0.1 172.16.10.200 01 0000 0C01 51
Et0/0 10.10.1.1 Null 172.16.11.5 11 0043 0043 51
Et0/0 10.10.1.1 Null 172.16.11.5 11 0045 0045 51
3. show ip cache verbose flow
Use this command to verify that NetFlow is operational and to display a detailed summary of the NetFlow statistics. The following is sample output from this command:
My-Router # show ip cache verbose flow
IP packet size distribution (1130681 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
35 active, 4061 inactive, 980 added
2992518 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-FTP 108 0.0 1133 40 2.4 1799.6 0.9
TCP-FTPD 108 0.0 1133 40 2.4 1799.6 0.9
TCP-WWW 54 0.0 1133 40 1.2 1799.6 0.8
TCP-SMTP 54 0.0 1133 40 1.2 1799.6 0.8
TCP-BGP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-NNTP 27 0.0 1133 40 0.6 1799.6 0.7
TCP-other 297 0.0 1133 40 6.6 1799.7 0.8
UDP-TFTP 27 0.0 1133 28 0.6 1799.6 1.0
UDP-other 108 0.0 1417 28 3.0 1799.6 0.9
ICMP 135 0.0 1133 427 3.0 1799.6 0.8
Total: 945 0.0 1166 91 21.9 1799.6 0.8
SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts
Port Msk AS Port Msk AS NextHop B/Pk Active
Et0/0 192.168.5.9 Et1/0.1 172.16.10.200 01 00 10 799
0000 /0 0 0C01 /0 0 0.0.0.0 28 1258.1
Et0/0 10.10.1.1 Null 172.16.11.5 11 00 10 799
0043 /0 0 0043 /0 0 0.0.0.0 28 1258.0
Et0/0 10.10.1.1 Null 172.16.11.5 11 00 10 799
0045 /0 0 0045 /0 0 0.0.0.0 28 1258.0
Et0/0 10.24.3.1 Et1/0.1 172.16.10.2 01 00 10 799
0000 /0 0 0800 /0 0 0.0.0.0 28 1258.1
Et0/0 10.10.1.1 Null 172.16.11.6 11 00 10 799
0044 /0 0 0044 /0 0 0.0.0.0 28 1258.1
Subscribe to:
Posts (Atom)