Cisco Cisco ASA for Nexus 1000V Series Switch
18
Cisco ASA NetFlow Implementation Guide
About NSEL
Each ASA node in the cluster establishes its own connection to the NetFlow collector(s) and advertises
its templates independently. The collector uses the source IP address and source port of the packet to
differentiate between the NetFlow exporters.
its templates independently. The collector uses the source IP address and source port of the packet to
differentiate between the NetFlow exporters.
Decoding Device Fields Through the CLI
To decode some of the field values that the ASA populates, direct interaction with the device may be
required. We recommend that you use a dynamic mechanism such as expect scripts to obtain the required
information from the CLI of the device that issued the event.
required. We recommend that you use a dynamic mechanism such as expect scripts to obtain the required
information from the CLI of the device that issued the event.
The device supports console, Telnet, and SSH secure shell access; however, SSH is the recommended
method because of performance and security.
method because of performance and security.
Interface ID Fields
You can also decode the Interface ID fields using SNMP GET requests from the device interface MIB.
This is the only field that has MIB support.
This is the only field that has MIB support.
You may use the show interface detail command to obtain a list of all the interfaces on the device. This
output includes a line under each interface that corresponds to the Interface ID value sent in the NetFlow
fields. In the following example, the interface number is 8.
output includes a line under each interface that corresponds to the Interface ID value sent in the NetFlow
fields. In the following example, the interface number is 8.
ciscoasa(config)# show interface filter-outside detail
Interface GigabitEthernet4/3 "filter-outside", is up, line protocol is up
Hardware is i82571EB 4CU rev06, BW 1000 Mbps, DLY 10 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
MAC address 0015.1715.59c7, MTU 1500
IP address 209.165.200.254, subnet mask 255.255.255.224
532594 packets input, 88376018 bytes, 0 no buffer
Received 3 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
675393 packets output, 53208679 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (36/511) software (0/0)
output queue (curr/max packets): hardware (59/68) software (0/0)
Traffic Statistics for "filter-outside":
532594 packets input, 78636500 bytes
675393 packets output, 40866215 bytes
10837 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 8
Interface config status is active
Interface state is active