Difference between revisions of "Cisco Legacy Neflow - "Top Talkers" Commands"
From Tech-Wiki
(Created page with "Category:Cisco Systems") |
(→Top Talkers commands) |
||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Cisco Systems]] | [[Category:Cisco Systems]] | ||
| + | |||
| + | |||
| + | == General commands to show the netflow setup == | ||
| + | show ip cache flow (see flow timers) | ||
| + | show ip flow export | ||
| + | show ip flow interface | ||
| + | |||
| + | == Top Talkers commands == | ||
| + | First top talkers has to be enabled with: | ||
| + | |||
| + | Router(config)#ip flow-top-talkers | ||
| + | Router(config-flow-top-talkers)#top 20 | ||
| + | Router(config-flow-top-talkers)#sort-by bytes | ||
| + | Router(config-flow-top-talkers)#cache-timeout 1000 | ||
| + | Router(config-flow-top-talkers)#match protocol tcp | ||
| + | |||
| + | Router(config)#int gi 0/0 | ||
| + | Router(config-if)#ip flow egress | ||
| + | Router(config-if)#ip flow ingress | ||
| + | |||
| + | To show the top-talkers: | ||
| + | show ip flow top-talkers | ||
| + | |||
| + | == Show flow using aggregation == | ||
| + | To use these commands does '''not''' require "ip flow-top-talkers" to be configured. | ||
| + | |||
| + | Aggreagate by destination IP, then sort output by bytes and filter only source ports between 0 and 1000: | ||
| + | show ip flow top 10 aggregate destination-address | ||
| + | show ip flow top 10 aggregate destination-address sorted-by bytes match source-port min 0 max 1000 | ||
| + | |||
| + | Top 10 protocols currently flowing through the router: | ||
| + | show ip flow top 10 aggregate protocol | ||
| + | Top 10 IP addresses which are sending the most packets: | ||
| + | show ip flow top 10 aggregate source-address sorted-by packets | ||
| + | Top 5 destination addresses to which we're routing most traffic from the 10.0.0.1/24 prefix: | ||
| + | show ip flow top 5 aggregate destination-address match source-prefix 10.0.0.1/24 | ||
| + | 50 VLAN's which we're sending the least bytes to: | ||
| + | show ip flow top 50 aggregate destination-vlan sorted-by bytes ascending | ||
| + | Top 20 sources of 1-packet flows: | ||
| + | show ip flow top 50 aggregate source-address match packets 1 | ||
Latest revision as of 20:07, 9 January 2019
General commands to show the netflow setup
show ip cache flow (see flow timers) show ip flow export show ip flow interface
Top Talkers commands
First top talkers has to be enabled with:
Router(config)#ip flow-top-talkers Router(config-flow-top-talkers)#top 20 Router(config-flow-top-talkers)#sort-by bytes Router(config-flow-top-talkers)#cache-timeout 1000 Router(config-flow-top-talkers)#match protocol tcp
Router(config)#int gi 0/0 Router(config-if)#ip flow egress Router(config-if)#ip flow ingress
To show the top-talkers:
show ip flow top-talkers
Show flow using aggregation
To use these commands does not require "ip flow-top-talkers" to be configured.
Aggreagate by destination IP, then sort output by bytes and filter only source ports between 0 and 1000:
show ip flow top 10 aggregate destination-address show ip flow top 10 aggregate destination-address sorted-by bytes match source-port min 0 max 1000
Top 10 protocols currently flowing through the router:
show ip flow top 10 aggregate protocol
Top 10 IP addresses which are sending the most packets:
show ip flow top 10 aggregate source-address sorted-by packets
Top 5 destination addresses to which we're routing most traffic from the 10.0.0.1/24 prefix:
show ip flow top 5 aggregate destination-address match source-prefix 10.0.0.1/24
50 VLAN's which we're sending the least bytes to:
show ip flow top 50 aggregate destination-vlan sorted-by bytes ascending
Top 20 sources of 1-packet flows:
show ip flow top 50 aggregate source-address match packets 1