Archive for category Switches and Routers
Getting Cisco Netflow to work on Solarwinds
Posted by Bil in Cisco, Network Basics, Switches and Routers on February 16th, 2012
I don’t have the details as to which version of IOS does what, we just call it the “new netflow” where you separately specify the exporter, the monitor, etc. It’s usefulness comes from it’s ability to be specific and puts to bed once and for all the whole “is it version 5 or 9 Netflow?” question since you have control over it.
Here is a basic setup that uses UDP 2055 for Solarwinds instead of the standard 9991.
flow record NF-Record1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect transport tcp flags
collect routing forwarding-status
collect interface output
collect counter packets long
collect counter bytes long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow exporter NF-Export1
destination aaa.bbb.ccc.ddd <-- IP Address of collector/Solarwinds system
source Loopback0
transport udp 2055
template data timeout 60
!
flow monitor NF-Monitor1
record NF-Record1
exporter NF-Export1
cache timeout inactive 30
cache timeout active 60
cache entries 1000
interface Gig x/xxx <-- the interface to be monitored
ip flow monitor NF-Monitor1 input
I added additional collection stats out of habit in the flow record, it’s worth investigating what other flags/packets your interested in.
To view the exporter settings do a
show flow exporter
4500-Switch#sho flow exporter
Flow Exporter NF-Export1:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: aaa.bbb.ccc.ddd
Source IP address: eee.fff.ggg.hhh
Source Interface: Loopback0
Transport Protocol: UDP
Destination Port: 2055
Source Port: 56118
DSCP: 0x0
TTL: 255
Output Features: Not Used
To switch between Netflow Version 5 and 9, issue the export-protocol netflow-v5 or netflow-v9 from within the exporter config as see below as command completion:
4500-Switch(config)#flow exporter NF-Export1 4500-Switch(config-flow-exporter)#export-protocol ? netflow-v5 NetFlow Version 5 netflow-v9 NetFlow Version 9
Trunking on Home and Small Office Switches
Posted by Bil in Cisco, Network Basics, Switches and Routers on March 7th, 2009
I bought a couple of the Cisco/Linksys SLM200x series switches (SLM2005 ,SLM2008) gig switches, for under $100 each. I wasn’t going to go for hundreds of dollars to get an IOS switch like I am used to plus the IOS stuff is still 10/100 for the bulk of the ports.
I was real happy to see the “Enable Jumbo Frames” check-box, I started to suspect that I could use one wire to connect two networks while keeping them separate. Jumbo frames means a packet that is 4 bytes bigger than a standard Ethernet packet can still get through.
Whats 4 bytes bigger? A packet that has been tagged with 802.1q trunking protocol headers. Whats interesting about 802.1q is that the native VLAN is still the normal size, I suspect there is a lot of equipment out there that works because the native packet makes it through and the trunked packets appear to alien too get any further. Cisco’s trunking protocol InterSwitch Linking(ISL) encapsulates every VLAN and means that you cant be flipping and trunking the interconnects between two switches without running to each side of the connection or being very careful in the order you do things.
In my case I have a business vlan I wanted separate from a test vlan and then on top of that I had VOIP. To do trunking I made sure the native vlans lined up on both ends and then selected a 2nd vlan on both sides of the link between the two switches using the vlan selector in the web based configuration. I checked “allow jumbo frames” and for good measure I disabled the egress filters that select tagged packets, even though there was a setting for “all” packets.
Now you can break out a single port by making it be just a member of the 2nd VLAN. In my case I spent $20 for a new gig Intel Ethernet card for the desktop and brought the trunk right into the desktop. Again made the native line up and selected the next vlan. My system now shows a total of three connectoids in Windows, one for natural interface and one each for each VLAN. I get IP addresses and DNS from 2 DHCP servers on two separate networks.
Oh yeah, you have to boot the switches after doing this much to them , I suspect that they need to build some forwarding tables from scratch.
Other nice things about the SLM series other than they are manageable in general: There are several ways to set up for QOS, port based or traffic type, and you can modify the priority mechanism a little or go to strict priority. Just setting the port my phone was plugged into to be a hi priority port yielded the first 98% of the results I was looking for using strict priority.
They also do port monitoring for sniffiing and have a full multi-VLAN Spanning Tree implementation including portfast. The device is sold as a Light Managed switch but for SoHo it’s as managed as I needed, especially VLANs at gig speeds I am cutting down on a few cables by sharing.