EasyManuals Logo
Home>Cisco>Switch>TrustSec

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #196 background imageLoading...
Page #196 background image
C-2
Cisco TrustSec Configuration Guide
OL-22192-01
Appendix C Notes for Catalyst 6500 Series Switches
Flexible NetFlow Support
Flexible NetFlow can account for packets dropped by SGACL enforcement when SGT and DGT flow
objects are configured in the flow record with the standard 5-tuple flow objects
Use the flow record
and flow exporter global configuration commands to configure a flow record, and
a flow exporter, then use the flow monitor command to add them to a flow monitor. Use the show flow
show commands to verify your configurations.
To collect only SGACL dropped packets, use the [no] cts role-based {ip | ipv6} flow monitor dropped
global configuration command.
For Flexible NetFlow overview and configuration information, see the following documents:
Flexible NetFlow Configuration Guide, Cisco IOS Release 15S
http://www.cisco.com/en/US/docs/ios-xml/ios/fnetflow/configuration/15-s/fnf-15-s-book.html
Catalyst 6500 Release 15.0SY Software Configuration Guide
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.0SY/configuration/guide/15_0_sy_
swcg.html
Sample Configurations
Configuration Excerpt of an IPV4 Flow Record (5-tuple, direction, SGT, DGT)
router(config)# flow record cts-record-ipv4
router(config-flow-record)# match ipv4 protocol
router(config-flow-record)# match ipv4 source address
router(config-flow-record)# match ipv4 destination address
router(config-flow-record)# match transport source-port
router(config-flow-record)# match transport destination-port
router(config-flow-record)# match flow direction
router(config-flow-record)# match flow cts source group-tag
router(config-flow-record)# match flow cts destination group-tag
router(config-flow-record)# collect counter packets
Configuration Excerpt of an IPV6 Flow Record (5-tuple, direction, SGT, DGT)
router(config)# flow record cts-record-ipv6
router(config-flow-record)# match ipv6 protocol
router(config-flow-record)# match ipv6 source address
router(config-flow-record)# match ipv6 destination address
router(config-flow-record)# match transport source-port
router(config-flow-record)# match transport destination-port
router(config-flow-record)# match flow direction
router(config-flow-record)# match flow cts source group-tag
router(config-flow-record)# match flow cts destination group-tag
router(config-flow-record)# collect counter packets
Configuration Excerpt of an IPv4 Flow Monitor
router(config)# flow monitor cts-monitor-ipv4
router(config-flow-monitor)# record cts-record-ipv4

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
BrandCisco
ModelTrustSec
CategorySwitch
LanguageEnglish

Related product manuals