Submit a ticketCall us

Systems Monitoring for Dummies
Our new eBook will teach you the fundamentals and help you create monitors and alerts that are effective, meaningful, and actionable. Monitoring is more than a checkbox on your to-do list. This free eBook will give you practical advice to help you succeed in all aspects of monitoring – discovery, alerting, remediation, and troubleshooting. Don’t miss out on this indispensable resource for newbies, experienced IT pros, and everyone in between. Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Examples of Flexible NetFlow Configuration

Examples of Flexible NetFlow Configuration

Table of contents

Overview

This article provides example configurations for Cisco Flexible NetFlow that can be used as guidelines to help troubleshoot no NetFlow data being sent to the NetFlow collector on the SolarWinds server. 

Environment

All versions of NTA

Detail

These are examples for certain devices and there's a possibility that the IOS version might have changed, which means the commands are not available, or the configuration does not work. Please use these as guidelines to compare. If you have already checked with Wireshark that no NetFlow data is being received, contact the vendor to investigate.

Compare your switch configuration with the following configuration of Flexible NetFlow v5 on a 6509E device and consider adjusting your configuration accordingly:

!
flow record ORION-FLOW
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow exporter ORION-EXPORTER
description NETFLOW Export to ORION
destination xxx.xxx.xxx.xxx
source Loopback0
transport udp 2055
export-protocol netflow-v5 (Cisco Has confirmed on certain devices NetFlow v5 is not supportted and v9 should be used.)
!
flow monitor ORION-MONITOR
description ORION Netflow Monitor
record ORION-FLOW
exporter ORION-EXPORTER
!
interface vlan xxxx
ip flow monitor ORION-MONITOR input
ip flow monitor ORION-MONITOR output
!

 

This is another example that can be applied for inbound and outbound traffic. 

 

Flow record NETFLOW-RECORD-IN

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

Collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

Collect counter bytes layer2 long

 

 

Flow record NETFLOW-RECORD-OUT

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

Collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

Collect counter bytes layer2 long

 

Flow exporter NTAexport

Destination <SOLARWINDS IP ADDRESS>

Source <EX: VLAN, LOOPBACK, GIG-Interface> - Needs to have an IP Address since we listen by IP address with the collector on the Solarwinds server.

Transport udp 2055

Template data timeout 60

 

flow monitor NETFLOW-MON-IN

exporter NTAexport

cache timeout active 60

Record NETFLOW-RECORD-IN

 

flow monitor NETFLOW-MON-OUT

exporter NTAexport

cache timeout active 60

Record NETFLOW-RECORD-OUT

 

 

After the Netflow configuration is setup, you can now assign the monitors to the interface you want to monitor Netflow on.

Example:

 

Switch# configure terminal

Switch (config) # wlan wlan1

Switch (config) # ip flow monitor NETFLOW-MON-IN input

Switch (config) # ip flow monitor NETFLOW-MON-OUT output

Last modified

Tags

Classifications

Public