Re: Netflow input filter

From: Mark Abrahams (mark@abrahams.co.nz)
Date: Thu Apr 12 2007 - 05:14:40 ART

• Next message: A.G. Ananth Sarma (GMail): "Re: Got my number on 4th attempt!"
• Previous message: sheherezada@gmail.com: "Re: Any need to disable CEF"
• Maybe in reply to: dampened: "Netflow input filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

You can get this type of statistic via the NetFlow "top-talkers"
function which is available from IOS version 12.3(11)T. See the
following guide:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/honf_c/chap10/onf_nmtt.htm

What you want to do is use the "match criteria" to specifiy only the Web
port, which will narrow the top-talkers table to just the Web traffic.

I've written a free tool called AsItHappens that can set the match
criteria and then pull the stats from the Netflow MIB and show them on a
graph.

http://www.abrahams.co.nz/asithappens

and there are probably others around that can do this sort of thing as well.

All the best!
Mark

dampened wrote:

>I have ACL on my config as you can see below. My problem is even with filter,
>I am not able to selectively 'netflow' the traffic. All traffic is being
>collected. Does anyone has this problem? Need comment here. I have tried it
>with multiple IOS version on 2811 and dynamips.
>
>By the way, netflow input filter only accept acl. not nbar.
>
>
>
>
>
> ----- Original Message -----
> From: Digital Yemeni
> To: dampened
> Cc: Cisco certification
> Sent: Monday, April 09, 2007 12:40 PM
> Subject: Re: Netflow input filter
>
>
> Try NBAR!
> You can add a class and make look like:
>
> class-map match-all URL
> match match access-group 1 <== this is ur ACL 1
> match protocol http host "www traffic"
> match protocol http url "specific_directory/" <== optional!
>
> policy-map p1
> class URL
> netflow-sampler flowsample
>
>
>
>
> On 4/9/07, dampened <cheechew@hotmail.com > wrote:
> I am trying to collect only www statistic on certain traffic on an
> interface. Here is my config.
> The problem is that I am not able to limit the netflow collection to only
> www traffic. It captures all kind of traffic coming into F0/0.
>
> What am I missing here? Your help is appreciated.
>
>
> flow-sampler-map flowsample
> mode random one-out-of 1
>
> class-map match-all class1
> match access-group 100
>
> policy-map p1
> class class1
> netflow-sampler flowsample
>
> interface FastEthernet0/0
> service-policy input p1
>
> access-list 1 permit tcp any any eq www
> access-list 1 permit tcp any eq www any
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> --
> Best Regards!
> Digital, CCIE# to be assigned by Cisco when it collects enough $$ out of me!
>:p
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: A.G. Ananth Sarma (GMail): "Re: Got my number on 4th attempt!"
• Previous message: sheherezada@gmail.com: "Re: Any need to disable CEF"
• Maybe in reply to: dampened: "Netflow input filter"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART