Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Examples of Flexible NetFlow Configuration

Examples of Flexible NetFlow Configuration

Table of contents

Overview

This article provides example configurations for Cisco Flexible Netflow that can be used as guidelines to help troubleshoot no Netflow data being sent to the Netflow collector on the Solarwinds server. 

Environment

All versions of NTA

Detail

Note: These are examples for certain devices and there's a possibility that the IOS version might have changed, which means the commands are not available or the configuration does not work. Please use these as guidelines to compare. If you have already checked with Wireshark that no Netflow data is being received, contact the vendor to investigate. 

 

Compare your switch configuration with the following configuration of Flexible NetFlow v5 on a 6509E device and consider adjusting your configuration accordingly:

!
flow record ORION-FLOW
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow exporter ORION-EXPORTER
description NETFLOW Export to ORION
destination xxx.xxx.xxx.xxx
source Loopback0
transport udp 2055
export-protocol netflow-v5 (Cisco Has confirmed on certain devices Netflow v5 is not supportted and v9 should be used.)
!
flow monitor ORION-MONITOR
description ORION Netflow Monitor
record ORION-FLOW
exporter ORION-EXPORTER
!
interface vlan xxxx
ip flow monitor ORION-MONITOR input
ip flow monitor ORION-MONITOR output
!

 

This is another example that can be applied for inbound and outbound traffic. 

 

Flow record NETFLOW-RECORD-IN

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

Collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

Collect counter bytes layer2 long

 

 

Flow record NETFLOW-RECORD-OUT

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

Collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

Collect counter bytes layer2 long

 

Flow exporter NTAexport

Destination <SOLARWINDS IP ADDRESS>

Source <EX: VLAN, LOOPBACK, GIG-Interface> - Needs to have an IP Address since we listen by IP address with the collector on the Solarwinds server.

Transport udp 2055

Template data timeout 60

 

flow monitor NETFLOW-MON-IN

exporter NTAexport

cache timeout active 60

Record NETFLOW-RECORD-IN

 

flow monitor NETFLOW-MON-OUT

exporter NTAexport

cache timeout active 60

Record NETFLOW-RECORD-OUT

 

 

After the Netflow configuration is setup, you can now assign the monitors to the interface you want to monitor Netflow on.

Example:

 

Switch# configure terminal

Switch (config) # wlan wlan1

Switch (config) # ip flow monitor NETFLOW-MON-IN input

Switch (config) # ip flow monitor NETFLOW-MON-OUT output

Last modified
16:34, 30 Jun 2017

Tags

Classifications

Public