NetFlow: Device Configuration

Click on your vendor device and follow the procedure to configure and export NetFlow data to your NetFlow Collector Storage

BlueCoat

Cisco

Cisco

Cisco Catalyst 2960-X configuration

Cisco 2960-X

NetFlow-Lite: The 2960x uses stream sampling without any form of packet capture. There are two possible types of NetFlow Lite sampling configurations on the 2960x:

      • Deterministic Sampling
      • Random Sampling

Deterministic Sampling
Deterministic samplers sample packets exactly as specified (ie the first stream on 100 streams). Deterministic samplers can only be applied on up to 4 interfaces. For this reason, we decided to use random sampling.

Random Sampling
Random sampling samples a random flow among all X streams. The maximum sampling rate for both deterministic and random is 1 in 32. It is not limited to 4 interfaces, such as deterministic sampling. Here is an example configuration using random sampling:

step 1: create a flow record
flow record flows
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect flow sampler
! below we specified ‘long’ because the 2960x supports 64 bit counters
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
! step 2: create a flow exporter
flow exporter export-to-inside
description flexible NF v9
destination 10.1.1.1
source Vlan7
transport udp 2055
template data timeout 60
!
! lets export some cool option templates
option interface-table
option exporter-stats
option sampler-table
!
!
! step 3: create a flow monitor
flow monitor nftest
record flows
exporter export-to-inside
cache timeout active 60
statistics packet protocol

!below is waht you would use for the deterministic sampling configuration
! but we dont like it because of the 4 interface limitation
! sampler full
! mode deterministic 1 out-of 32
!
! below is the random sampler configuration that we prefer

sampler my-random-sampler
!
!
!
! step 4: apply the flow monitor ‘nftest’ to each interface with
! the defined sampler ‘my-random-sampler’
! input is for ingress. Egress was not supported in this release…
interface GigabitEthernet1/0/1
ip flow monitor nftest sampler my-random-sampler inputmode random 1 out-of 100

Back to top of page


Cisco Catalyst 3750

Cisco 3750-X configuration

The Catalyst Cisco 3750-X Configuration requires the implementation of the 3KX module that supports NetFlow v9 and Flexible NetFlow. Here is an example of a flow record for the 3KX network module:

NetFlow Flow Record

match datalink mac source-address
match datalink mac destination-address
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last

interface TenGigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip flow monitor NetFlow input
ip flow monitor NetFlow output

interface TenGigabitEthernet1/1/2
switchport trunk encapsulation dot1q
switchport mode trunk
ip flow monitor NetFlow input
ip flow monitor NetFlow output

Back to top of page


Cisco Catalyst 4500

Configuration of  Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW

Back to top of page

Cisco Catalyst 4510 Switch IOS XE 3.6

Cisco Catalyst 4510 configuration

FLOW RECORD
flow record RECORD-IN
description IPv4 NetFlow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match mac destination-address
match mac source-address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long
collect counter packets long
!
!
flow record RECORD-OUT
description IPv4 NetFlow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect interface input
collect counter bytes long
collect counter packets long
!
!
flow exporter NETFLOW COLLECTOR
description xxxxx NETFLOW COLLECTOR
destination IP
source Loopback0
transport udp 2055
!
!
flow monitor MONITOR_IN
description xxxx
exporter Scrutinizer
cache timeout active 60
record RECORD-IN
!
!
flow monitor MONITOR_OUT
description xxxxxxxx
exporter Scrutinizer
cache timeout active 60
record RECORD-OUT
interface GigabitEthernet3/2
description xxxxx
no switchport
bandwidth 40960
ip flow monitor MONITOR_IN  layer2-switched input

Back to top of page

 

Cisco Catalyst 6500/6000

Catalyst 6500 Release 12.2SXF and Rebuilds Software Configuration Guide

Back to top of page

 

Cisco Catalyst 6500/6000 Series Switch

Cisco Catalyst 6509 configuration

ip flow-export source (insert interface name here)
ip flow-export version 9
ip flow-export destination (netflow collector ip address) (port to export flows to)
ip flow ingress layer2-switched vlan (insert vlans X,Y,X)ip flow-cache timeout active 1mls nde sender version 9
mls flow ip interface-full
mls nde interface
mls aging long 64
mls aging normal 64Configuration des interface:ip route-cache flowip flow ingress

Back to top of page

 


Cisco Nexus Series 1000

Cisco Nexus Series 10000 configuration

Back to top of page


Cisco Nexus Series 7000

Cisco Nexus Series 7000 configuration

Back to top of page

 

BlueCoat

 

UK ServiceNav Product Development Manager; my priority is to be needful of the particular requirements of all ‘English-speaking’ markets where ServiceNav is sold. I have over 20 years experience of the IT monitoring field - covering a wide variety of products and technologies.