45-17
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 45 Configuring AVC with DNS-AS
Configuring AVC with DNS-AS
• Traffic class—Groups applications and protocols based on the traffic class they belong to. For
example, all applications that have traffic class
TD.
Traffic class information is derived from these sources, in the given order of precedence:
1. TXT response (app-class:)
2. The NBAR definition for standard applications (if the TXT response does not carry a value)
• Business relevance—Groups applications based on whether or not they have been marked as
business-relevant. For example, all applications that have business relevance as
YES.
Business relevance information is derived from these sources, in the given order of precedence:
1. TXT response (business:)
2. The NBAR definition for standard applications (if the TXT response does not carry a value)
For custom applications—
Only these attributes of the application-attributes option template are guaranteed to carry a value:
• Application Tag—See the Application Tag info in section option application-table, page 45-15
above. The same applies here as well.
• Traffic class—This information is derived from the TXT response (app-class:)
• Business Relevance—This information is derived from the TXT response (business:)
Sample FNF Configuration for AVC with DNS-AS
The following example shows how you can configure FNF for AVC with DNS-AS:
1. Create a flow record. As in the example, you must configure:
–
The source and destination IP addresses as key fields, in order to resolve application names.
–
The use of the application name as a nonkey field in flow record.
Additionally (not mandatory), you can also configure the number of bytes or packets in a flow as a
nonkey field, to display the number of applications sent to the collector.
Switch# configure terminal
Switch(config)# flow record example-record1
Switch(config-flow-record)# match ipv4 source address
Switch(config-flow-record)# match ipv4 destination address
Switch (config-flow-record)# collect application name
Switch (config-flow-record)# collect counter packets
Switch (config-flow-record)# exit
Switch# show flow record example-record1
flow record example-record1
match ipv4 source address
match ipv4 destination address
collect application name
collect counter packets
2. Create a flow exporter. Also configure the application-table and application-attributes option
templates in the exporter. Without option templates, the collector cannot retrieve meaningful
application information. At a minimum we recommend that you configure the application-table
option. For attribute information, also configure the application-attribute option.
You can also change the frequency of template export in seconds (the allowed range is 1 to 86400
seconds; the default is 600 seconds)
Switch(config)# flow exporter example-exporter1
To Next Page
Loading...
Need help?
General
