Cisco C3KX-SM-10G= User Manual
© 2011 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 13 of 14
For the preceding reason exporting flows to a collector through the Ethernet management port is unsupported at
FCS. Flow exports directed to FastEthernet0 are reported as successfully sent by Cisco IOS Software CLI “show
flow exporter” statistics. This is currently tracked under this caveat: CSCtt05810.
FCS. Flow exports directed to FastEthernet0 are reported as successfully sent by Cisco IOS Software CLI “show
flow exporter” statistics. This is currently tracked under this caveat: CSCtt05810.
Appendix
This section discusses how Flexible NetFlow and software update functionality on the service module interoperate
with other features implemented by Cisco Catalyst 3560-X and 3750-X switches.
Interaction with EEM
At FCS time, Flexible NetFlow statistics generated by the service module cannot be used by the Embedded Event
Manager subsystem using the “event nf” Cisco IOS Software CLI command. This functionality will be implemented
Manager subsystem using the “event nf” Cisco IOS Software CLI command. This functionality will be implemented
in the future.
Interaction with TrustSec MACsec
As traffic encryption performed by TrustSec MACsec occurs in the service module physical layer chip (PHY), there
is no effect on Flexible NetFlow functionality caused by enabling MACsec, and encrypted traffic can be monitored.
Interaction with Smart Logging and Telemetry
The Flexible NetFlow feature can be enabled simultaneously with smart logging and telemetry (SLT) on the same
switch.
SLT is a Cisco IOS Software feature that consents exporting to a Flexible NetFlow capable collector statistics
related to security violation events. In its first implementation, part of Cisco IOS Software Release 12.2(58)SE1, it
supports the following type of events:
●
Dynamic ARP inspection violation
●
IP source guard violation
●
Dynamic Host Configuration Protocol (DHCP) snooping violation
●
Port ACL logging for IP denied or permitted traffic
Detailed information on SLT can be found in the Cisco Catalyst 3560-X and 3750-X configuration guides under the
section “Configuring System Message Logging and Smart Logging.”
section “Configuring System Message Logging and Smart Logging.”
SLT can share the same exporter with the Flexible NetFlow functionality performed by the service module.
When a certain packet received by the switch ASIC triggers any of the events for which smart logging is enabled, a
copy is sent to the switch CPU, which processes its content and exports it to the collector. Note that processing
and exporting packets do not occur automatically for SLT-enabled event categories, but are carried on by a distinct
process, the
SLT handler, that has to be explicitly activated by the global configuration command “logging
smartlog.”
Clearly, SLT complements Flexible NetFlow analysis with real-time information on security violations that
potentially cannot be seen by the NetFlow collector, as for instance violating or denied traffic received on the
downlink ports is dropped by the switch ASIC before traversing the service module.