Difference between revisions of "Cisco Legacy Neflow - "Top Talkers" Commands"
From Tech-Wiki
(Created page with "Category:Cisco Systems") |
|||
| Line 1: | Line 1: | ||
[[Category:Cisco Systems]] | [[Category:Cisco Systems]] | ||
| + | |||
| + | |||
| + | == General commands to show the netflow setup == | ||
| + | show ip cache flow (see flow timers) | ||
| + | show ip flow export | ||
| + | show ip flow interface | ||
| + | |||
| + | == Top Talkers commands == | ||
| + | First top talkers has to be enabled with: | ||
| + | |||
| + | ip flow-top-talkers (and optional parameters such as "top 10", cache-timeout, sort-by etc) | ||
| + | |||
| + | To show the top-talkers: | ||
| + | show ip flow top-talkers | ||
| + | |||
| + | == Show flow using aggregation == | ||
| + | To use these commands does '''not''' require "ip flow-top-talkers" to be configured. | ||
| + | |||
| + | Aggreagate by destination IP, then sort output by bytes and filter only source ports between 0 and 1000: | ||
| + | show ip flow top 10 aggregate destination-address | ||
| + | show ip flow top 10 aggregate destination-address sorted-by bytes match source-port min 0 max 1000 | ||
| + | |||
| + | Top 10 protocols currently flowing through the router: | ||
| + | show ip flow top 10 aggregate protocol | ||
| + | Top 10 IP addresses which are sending the most packets: | ||
| + | show ip flow top 10 aggregate source-address sorted-by packets | ||
| + | Top 5 destination addresses to which we're routing most traffic from the 10.0.0.1/24 prefix: | ||
| + | show ip flow top 5 aggregate destination-address match source-prefix 10.0.0.1/24 | ||
| + | 50 VLAN's which we're sending the least bytes to: | ||
| + | show ip flow top 50 aggregate destination-vlan sorted-by bytes ascending | ||
| + | Top 20 sources of 1-packet flows: | ||
| + | show ip flow top 50 aggregate source-address match packets 1 | ||
Revision as of 05:39, 22 February 2013
General commands to show the netflow setup
show ip cache flow (see flow timers) show ip flow export show ip flow interface
Top Talkers commands
First top talkers has to be enabled with:
ip flow-top-talkers (and optional parameters such as "top 10", cache-timeout, sort-by etc)
To show the top-talkers:
show ip flow top-talkers
Show flow using aggregation
To use these commands does not require "ip flow-top-talkers" to be configured.
Aggreagate by destination IP, then sort output by bytes and filter only source ports between 0 and 1000:
show ip flow top 10 aggregate destination-address show ip flow top 10 aggregate destination-address sorted-by bytes match source-port min 0 max 1000
Top 10 protocols currently flowing through the router:
show ip flow top 10 aggregate protocol
Top 10 IP addresses which are sending the most packets:
show ip flow top 10 aggregate source-address sorted-by packets
Top 5 destination addresses to which we're routing most traffic from the 10.0.0.1/24 prefix:
show ip flow top 5 aggregate destination-address match source-prefix 10.0.0.1/24
50 VLAN's which we're sending the least bytes to:
show ip flow top 50 aggregate destination-vlan sorted-by bytes ascending
Top 20 sources of 1-packet flows:
show ip flow top 50 aggregate source-address match packets 1