Catalyst 3850 Switch Hardware Installation Guide

Looking for received quite a few requests intended for assistance with the particular Cisco Grounds 3850 NetFlow configuration not too long ago, and in investigating this particular arrangement, uncovered some sort of licensing condition. One of the buyers that we numerous had typically the LAN bottom part license levels. NetFlow export products are not helped for that licensing and training level, quite, an IP base licenses level inside the in the Aniquilar 3850 NetFlow requirements.

After that demand is met, you can then will leave your site and go to configuring Adaptable NetFlow.
Products or services Flexible NetFlow configuration, one can find 4 principal steps:
1.Define often the Flow Track record – specifies which career fields are released
2.Identify the Stream Exporter defines exactly where flows are generally exported for you to
3.Outline the Movement Monitor , joins the exact Flow Record(s) and Move Exporter(s) jointly
4.Implement the Pass Monitor on the interface(s)

This is the sample 3850 NetFlow relationship. Note that there can be 2 pass record explanations and only two flow keep an eye on definitions. That is the fault only one circulate monitor each interface along with per route is established. (Another Accommodating NetFlow constraint for the Vehicle 3850). And so there is a single record classification for ingress flows one more for egress, and also a pair of flow computer monitors, one every single for ingress and egress flows.

******************************************************

flow record FNF-input

description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface input
match ipv4 tos
match flow direction

collect interface output
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow record FNF-output

description IPv4 NetFlow
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 protocol
match interface output
match ipv4 tos
match flow direction

collect interface input
collect counter bytes long
collect counter packets long
collect transport tcp flags
collect timestamp absolute first
collect timestamp absolute last

flow exporter Scrutinizer

description Export to Scrutinizer
destination 10.1.1.10
source gigabitEthernet1/0/1
transport udp 2055

flow monitor Scrut_mon_input

description IPv4 FNF ingress exports
exporter Scrutinizer
record FNF-input
cache timeout active 60

flow monitor Scrut_mon_output

description IPv4 FNF egress exports
exporter Scrutinizer
record FNF-output
cache timeout active 60

Applying the flow monitor(s) to interface(s). This last step is repeated for all interfaces that are to be monitored.

interface GigabitEthernet1/0/1
ip flow monitor Scrut_mon_input input
ip flow monitor Scrut_mon_output output

To verify that the correct information was entered for each of the Flexible NetFlow configuration steps, the following commands can be run on the Catalyst 3850.

show flow record [record-name] example: show flow record FNF

show flow exporter [exporter-name] example: show flow exporter Scrutinizer

show flow monitor [monitor-name] example: show flow monitor FNF_Scrutinizer

show flow interface [interface-type number] example: show flow interface GigabitEthernet1/0/1

******************************************************

Seeing that you have Bendable NetFlow designed, what positive aspects are available for your requirements with Altercado 3850 NetFlow support ?Effectively, by incorporating the Adaptive enough NetFlow marketing capabilities on the 3850 which has a powerful sophisticated flow credit reporting and inspecting solution, business such as viewable in the example of this below is definitely one of the alternatives.

Connecting VPN Server After NAT Device Is Established, Failure Occurs

Failing occurs if a VPN network is established originating from a NAT system; or if connect some VPN web server after a NAT device is made, a failure develops.

This problem is normally inherent prior to the header with the packet is actually modified over the transfer, which means this issue is situated all Picón VPN appliance. If you want to remedy this problem, you should enable NAT-Traversal (NAT-T) about the hardware and invite the UDP port 4500 to pass through typically the firewall.

When you use a CREION firewall seeing that both the firewall as well as a VPN endpoint, you should help NAT-T together with the command nat-traversal 20 with your configuration in addition to open often the port 4500. Here the exact 20 about nat-traversal 30 is the term that NAT is stored active. Should you have a separate fire wall and a Gresca VPN Concentrator, you available the UDP port 4500 on the the firewall with the goal address associated with concentrator. In that case, go to Setting / Tunneling And Security and safety / IPSec / NAT Transparency and choose the IPSec Over NAT-T option for the concentrator. Additionally , you should be sure that any clientele that is used in the user endpoint supports NAT-T.

Route Redistribution – Connected Networks

As soon as the redistribution (such as redistributing rip territory in the OSPF process) completes the diffusion command, Is definitely the redistributed tactic to extract the road corresponding towards redistribution method from the direction-finding table of your device which will performs the particular redistribution receive? Or would it be directly taken from the data bank of the equivalent route? Like the running table is usually learned by simply OSPF in the route,but the road is also from the rip project. If it completes the partage command, does the route gain access to be redistributed?

The first question: Would be the redistributed ( blank ) to extract the road corresponding to your redistribution process from the observed in table belonging to the device which performs typically the redistribution demand?
Answer: Diffusion based on the redirecting table.
When you redistribute often the connected marketing networks in OSPF configuration involving R1, you can even examine the one on one routes throughout R1, then inject the exact direct channels into OSPF.

The second problem: If it completes the diffusion command, does the route access be redistributed?
Answer: When a route finds out from OSPF and DEAL TO, the POSTING value of OSPF is a hundred and ten and the LISTING value of TEAR is one hundred twenty. Therefore , that will route mastered by GRAB will not be charged into the course-plotting table. And so in this case it is be redistributed. You just recall one thing: merely the route admittance in direction-finding tables might be redistributed.