这2天在研究,如何对Cisco路由器进行协议及MAC流量分析,方法总结如下:
端口设置netflow (基于协议)
a,Enabling NetFlow Export
interface{interface}{interface_number}
ip route-cache flow
bandwidth <kbps>
b, Exporting NetFlow Data
Issue the following commands to export NetFlow data to the server on which NetFlow Analyzer is running
ip flow-export destination{hostname|ip_address}9996
ip flow-export source{interface}{interface_number}
ip flow-export version 5 [peer-as | origin-as]
snmp-server ifindex persist
c,Verifying Device Configuration
show ip flow export
show ip cache flow
show ip cache verbose flow
d,A Sample Device Configuration
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
e,Turning off NetFlow
no ip flow-export destination{hostname|ip_address}{port_number}
no ip route-cache flow
测试实例:
CISCO_PPPOE#show ip cache flow
IP packet size distribution (2667212 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .342 .081 .015 .010 .002 .003 .003 .002 .002 .002 .003 .002 .003 .003
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.003 .004 .006 .040 .464 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
33 active, 4063 inactive, 50346 added
1608792 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
6 active, 1018 inactive, 12031 added, 12031 ad