Home > NetFlow Questions

NetFlow Questions

August 13th, 2015 in ROUTE 300-101 Go to comments

If you are not sure about NetFlow, please read our NetFlow tutorial.

Quick review:

NetFlow is a network protocol to report information about the traffic on a router/switch or other network device. NetFlow collects and summaries the data that is carried over a device, and then transmitting that summary to a NetFlow collector for storage and analysis. An IP flow is based on a set of five, and up to seven, IP packet attributes, which may include the following:
+ Destination IP address
+ Source IP address
+ Source port
+ Destination port
+ Layer 3 protocol type
+ Class of Service (optional)
+ Router or switch interface (optional)

Question 1

Explanation

The “show ip flow export” command is used to display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches. An example of the output of this command is shown below:

Router# show ip flow export
Flow export v5 is enabled for main cache
Exporting flows to 10.51.12.4 (9991) 10.1.97.50 (9111)
Exporting using source IP address 10.1.97.17
Version 5 flow records
11 flows exported in 8 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
0 export packets were dropped enqueuing for the RP
0 export packets were dropped due to IPC rate limiting
0 export packets were dropped due to output drops

The “output drops” line indicates the total number of export packets that were dropped because the send queue was full while the packet was being transmitted.

Reference: http://www.cisco.com/en/US/docs/ios/12_3t/netflow/command/reference/nfl_a1gt_ps5207_TSD_Products_Command_Reference_Chapter.html#wp1188401

Question 2

Explanation

In general, NetFlow requires CEF to be configured in most recent IOS releases. CEF decides which interface the traffic is sent out. With CEF disabled, router will not have specific destination interface in the NetFlow report packets. Therefore a NetFlow Collector cannot show the OUT traffic for the interface.

Question 3

Explanation

This command is used to display the current status of the specific flow exporter, in this case Flow_Exporter-1. For example

N7K1# show flow export
Flow exporter Flow_Exporter-1:
    Description: Fluke Collector
    Destination: 10.255.255.100
    VRF: default (1)
    Destination UDP Port 2055
    Source Interface Vlan10 (10.10.10.5)
    Export Version 9
    Exporter Statistics
        Number of Flow Records Exported 726
        Number of Templates Exported 1
        Number of Export Packets Sent 37
        Number of Export Bytes Sent 38712
        Number of Destination Unreachable Events 0
        Number of No Buffer Events 0
        Number of Packets Dropped (No Route to Host) 0
        Number of Packets Dropped (other) 0
        Number of Packets Dropped (LC to RP Error) 0
        Number of Packets Dropped (Output Drops) 0
        Time statistics were last cleared: Thu Feb 15 21:12:06 2015

Question 4

Explanation

The sampling mode determines the algorithm that selects a subset of traffic for NetFlow processing. In the random sampling mode, incoming packets are randomly selected so that one out of each n sequential packets is selected on average for NetFlow processing. For example, if you set the sampling rate to 1 out of 100 packets, then NetFlow might sample the 5th, 120th, 299th, 302nd, and so on packets. This sample configuration provides NetFlow data on 1 percent of total traffic. The n value is a parameter from 1 to 65535 packets that you can configure.

In the above output we can learn the number of packets that has been sampled is 10. The sampling mode is “random sampling mode” and sampling interval is 100 (NetFlow samples 1 out of 100 packets).

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/nfstatsa.html

Question 5

Explanation

The “ip flow-export destination 10.10.10.1 5858” command is used to export the information captured by the “ip flow-capture” command to the destination 10.10.10.1. “5858” is the UDP port to which NetFlow packets are sent (default is 2055). The syntax of this command is:

ip flow-export destination ip-address [udp-port] [version 5 {origin-as | peer-as}]

Question 6

Explanation

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.
For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:
Router(config)# flow monitor FLOW-MONITOR-1
Router(config-flow-monitor)#

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)

Question 7

Question 8

Explanation

The following is an example of configuring an interface to capture flows into the NetFlow cache. CEF followed by NetFlow flow capture is configured on the interface:

Router(config)# ip cef
Router(config)# interface ethernet 1/0
Router(config-if)# ip flow ingress
or
Router(config-if)# ip route-cache flow

Note: Either ip flow ingress or ip route-cache flow command can be used depending on the Cisco IOS Software version. Ip flow ingress is available in Cisco IOS Software Release 12.2(15)T or above.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html

Question 9

Question 10

Explanation

There are two primary methods to access NetFlow data: the Command Line Interface (CLI) with show commands or utilizing an application reporting tool. If you are interested in an immediate view of what is happening in your network, the CLI can be used. The other choice is to export NetFlow to a reporting server or what is called the “NetFlow collector”.

Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html

Comments
  1. Dereje
    February 27th, 2015

    Which book is Very Important to prepare for CCNP Route?

  2. joe90
    March 4th, 2015

    Digitaltut, you are my mid-night lover. great work guys

  3. Buttplug
    May 6th, 2015

    Perfect reason for these dumps: the “official” CCNP 300-101 course does not even cover netflow. F’ing morons at Cisco.

  4. Your boss
    May 12th, 2015

    I concur with Buttplug (LOL).

  5. Eden
    May 19th, 2015

    I also agree with Buttplug, very weird exam this new ccnp route.

  6. Mario Ramos
    May 21st, 2015

    After going through the whole Official guide and pratice with gns3 for every topic I decided I was ready for the exam and started to check the questions (82 famous dumps)
    Looks like i studied for a different exam. Where he heck cisco get those questions from????
    The official guide is very usefull for the daily work preparation, but useless for the exam.
    Totally agree with Buttplug (including the F word, hahaha)

  7. Mario Ramos
    May 21st, 2015

    After going through the whole Official guide and pratice with gns3 for every topic I decided I was ready for the exam and started to check the questions (82 famous dumps)
    Looks like i studied for a different exam. Where he heck cisco get those questions from????
    The official guide is very usefull for the daily work preparation, but useless for the exam.
    Totally agree with Buttplug (including the F word, hahaha)

  8. TrueTrue
    May 27th, 2015

    Very true Ramos, Eden and Buttplug. I wonder how people who don’t go through these dumps fare in their exams..

  9. -sh steve
    May 30th, 2015

    I took a university class for ROUTE that used the Foundation Learning Guide for 300-101 (smile.amazon.com/gp/product/1587204568) This is supposed to be the official book from Cisco. I read the whole book and am pretty familiar with the topics.

    Now I look on here and there are a bunch of topics that are not even covered in this book. For example, DMVPN, IPSEC, Netflow, etc. Does anyone know why they would do this, or where I can find the book that ACTUALLY covers the topics on the test? By the way, same question for SWITCH and TSHOOT!

  10. Frank
    June 4th, 2015

    Why question-3 answer is B and not C ?

  11. SHIPEZ
    June 17th, 2015

    @STEVE I support your question.Does anyone have the answer?

  12. Mikelibero
    June 20th, 2015

    Guys, If you want to know what range of material on the exam is valid, then do not rely on the official’s books from Cisco only.

    You need to look @ exam blueprint: http://www.cisco.com/web/learning/exams/docs/300-101_route.pdf

    Official Cert Guides covers maybe 80 % of material. You need to learn from different sources.
    All links that you can find on digitaltut are very useful, but don’t forget the books and labs also ;)

  13. Yaqoob
    June 22nd, 2015

    Any one can share VCE software for CCNP route 300-101 dupms……plz

  14. UCartist
    July 1st, 2015

    Yaqoob, its better to use A+VCE on bluestacks

  15. zx128k
    July 2nd, 2015

    Netflow is part of the ICND2 exam. The offical guide covers netflow in chapter 19, the fundation guide covers it in chapter 6. Even so this is also a CCNP route topic.

  16. ChakaChan
    July 9th, 2015

    Are you sure these are questions of CCNP ROUTE 300-101?
    Because we did not revise it in the Cisco course.

  17. zx128k
    July 15th, 2015

    ChakaChan latest test does not have as dump questions.

  18. Surekha
    July 17th, 2015

    Can anyone share latest dumps as Qs. changed after 10.07.15. From where to get lates dumps?

  19. digitaltut
    July 24th, 2015

    @all: Because of copyrighted issue, we had to remove all the questions and answers. We can only keep the explanations. You can download all the questions and answers at: https://mega.co.nz/#!0pUxSZoJ!s293gEdQu4xLndoA7zZTq5ldia3gdZlrZqNxc_AgpFc
    or
    http://www.4shared.com/office/-GBRNxjKce/ROUTE_July_2015.html

  20. xyz
    August 1st, 2015

    When can we get latest dumps of 300-101

  21. Silas
    August 26th, 2015

    I tried the exam today and failed.
    The official book does not cover all topics.
    There was a lot of questions about services and too little about BGP, for instance.
    I am really disapointed.

  22. Vegata
    November 12th, 2015

    Please provide the latest 116q dump vegeta_s114@yahoo.com

  23. Anonymous
    January 9th, 2016

    please provide the latest dumps for 300-101 at {email not allowed}

  24. ajd
    January 10th, 2016

    @Silas: You are absolutely right, i took both Route and Switch exams on November,
    The Switch was challenging but overall i really enjoyed the challenge because it was focused on the concepts that matter the most , and after i passed it i was proud of my self

    But the Route was awful experiance, as you mentioned i had only one question about BGP which i did focus most of my study and practice time on, and most of the questions about auxilary or secondary protocols like NPT, NHRP, TACACS+ which is really odd.

    So everyone planning for the Route exam, take care the 116q dump is no longer valid, wait for the 149q premium to go out study the protocols well in case some of the questions came out of the dumps

  25. Anonymous
    January 23rd, 2016

    @digitaltut
    isn’t the corrcet answer for Question 3, C: status and statistics?

  26. Jiriay
    March 15th, 2016

    http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/configuration/guide/12_2sr/fnf_12_2_sr_book/cfg_de_fnflow_exprts.html
    B
    Step 15

    show flow exporter exporter-name
    Example:
    Router# show flow exporter FLOW_EXPORTER-1
    (Optional) Displays the current status of the specified flow exporter.

  27. Anonymous
    April 1st, 2016

    Please anyone: Can I get a copy of the CCNP 300-101 route exam: 149q or 150q.
    sustainablewood@ yahoo . com

  28. BigDaddy
    April 24th, 2016

    Someone please upload latest dumps and info on some cloud and please let me know through email… whoami1970 at live dot com
    {email not allowed}

  29. thanhle
    July 28th, 2016

    Q10 in my exam. answer are CLI and netflow (no see collector word)

  30. AN Ethiopian
    July 28th, 2016

    @Thanhle:
    I see the same choices ,too.

  31. Notmyrealname
    August 14th, 2016

    Small note on q 10. I just took the test and on mine answer B was a little vaguer. They wrote “Netflow” rather than “Netflow collector”, making it harder to discern as a proper collection method.

  32. louie
    August 31st, 2016

    hi guys!anyone who have a latest version of vce. Please email me @{email not allowed}. I really appreciate the help

  33. Recent Route Examinee
    September 15th, 2016

    NOTE: Notmyrealname is absolutely correct.

    The test was super ambiguous and listed “Netflow” rather than “Netflow collector.”

    That bothered me greatly. “How do you view Netflow?” Well, CLI and Netflow, duh. (smh)

    I am disappointed in the exam. For $250, you would think someone would check for test errors.

  34. no good
    October 4th, 2016

    Guys, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  35. ott75
    January 5th, 2017

    failed the exam with 770
    a lot of NTP and frame relay new questions.
    can someone send me the new questions?
    ottavio(dot)backup(AT)gmail(dot)com

  1. No trackbacks yet.