Difference between revisions of "Cisco Legacy Neflow - "Top Talkers" Commands"

Latest revision as of 20:07, 9 January 2019

General commands to show the netflow setup

show ip cache flow (see flow timers)
show ip flow export
show ip flow interface

Top Talkers commands

First top talkers has to be enabled with:

Router(config)#ip flow-top-talkers
Router(config-flow-top-talkers)#top 20
Router(config-flow-top-talkers)#sort-by bytes
Router(config-flow-top-talkers)#cache-timeout 1000
Router(config-flow-top-talkers)#match protocol tcp

Router(config)#int gi 0/0
Router(config-if)#ip flow egress
Router(config-if)#ip flow ingress

To show the top-talkers:

show ip flow top-talkers

Show flow using aggregation

To use these commands does not require "ip flow-top-talkers" to be configured.

Aggreagate by destination IP, then sort output by bytes and filter only source ports between 0 and 1000:

show ip flow top 10 aggregate destination-address
show ip flow top 10 aggregate destination-address sorted-by bytes match source-port min 0 max 1000

Top 10 protocols currently flowing through the router:

show ip flow top 10 aggregate protocol

Top 10 IP addresses which are sending the most packets:

show ip flow top 10 aggregate source-address sorted-by packets

Top 5 destination addresses to which we're routing most traffic from the 10.0.0.1/24 prefix:

show ip flow top 5 aggregate destination-address match source-prefix 10.0.0.1/24

50 VLAN's which we're sending the least bytes to:

show ip flow top 50 aggregate destination-vlan sorted-by bytes ascending

Top 20 sources of 1-packet flows:

show ip flow top 50 aggregate source-address match packets 1