Submit a ticketCall us

Welcome to the NEW Success Center. Search all resources (documentation, videos, training, knowledge base articles) or browse resources by product. If you are unable to find what you are looking for, please contact us at customersuccess@solarwinds.com

 

 

 

 

Home > Success Center > Netflow Traffic Analyzer (NTA) > Set up NetFlow sources to NTA

Set up NetFlow sources to NTA

Table of contents
Created by Interspire Import, last modified by MindTouch on Jun 23, 2016

Views: 1,025 Votes: 1 Revisions: 12

Overview

This article describes how to set up  a device to export NetFlow data to NTA. As a feature to facilitate traffic analysis on Cisco IOS enabled devices, NetFlow begins its work at the network device itself. Any device that is NetFlow enabled, in order to communicate the traffic related data it is holding about that device, must be configured to send, push, or export that data to specific collection targets.


Orion NTA collects NetFlow data (by default, on port 2055) only if a network device is specifically configured to send to it. As a NetFlow collector, Orion NTA can receive exported NetFlow verion 5 data and NetFlow version 9 data that includes all fields of the NetFlow version 5 template. Once it collects NetFlow traffic data, Orion NTA analyzes device bandwidth usage in terms of the source and destination endpoints of conversations reflected in the traffic.

Environment

All NTA versions

Steps

Verify the following for NTA to correctly process NetFlow data and process relevant traffic statistics:

  • Each device must be configured to export Netflow data to Orion NTA.
  • Each device that exports NetFlow data to Orion NTA must be monitored in Orion NPM.
  • Traffic from a device that is not monitored in Orion NPM appears only in aggregate as traffic from unmonitored devices. If the device is setup to export data to Orion NTA, but is unmonitored in NPM, the collector may receive the data without being able to meaningfully analyze it.
  • The specific interface through which a device exports NetFlow data must be monitored in Orion NPM; and interface index number for this interface in the Orion database (interface table) must match the index number in the collected flow data.

 

  1. Log in to the network device.
  2. Use the following commands to enable NetFlow on a Cisco device:
    ip flow-export source
    ip flow-export version 5
    ip flow-export destination 2055
    ip flow-cache timeout active 1
    ip flow-cache timeout inactive 15
    snmp-server ifindex persist


    For detailed information see Enabling NetFlow for Cisco IOS.
    For information on enabling NetFlow on Cisco ASA devices, consult this SolarWinds Knowledge Base article that provides an example NetFlow Config - Cisco ASA.
    Otherwise, consult these examples as relevant to your device:
    Foundry sFlow Configuration
    Extreme sFlow Configuration
    HP sFlow Configuration
    If your network device is of a different vendor, consult that vendor’s documentation.
  3. Verify that your device and its NetFlow exporting interface are being monitored in Orion.
  4. To verify that a device is exporting data as expected, use a packet capture tool (for example, WireShark) to search for packets sent from the network device to the Orion server.


To verify that the IP address of the exporting interface on the network device is the one being monitored in Orion:

  1. Open a CLI and log in to the network device.
  2. Type show run to see the device’s running configuration.
  3. Scroll to the lines where the export source interface is defined. For example, we see ip flow-export source Ethernet0/0.
  4. To discover the IP address for this interface, type show run int Ethernet0/0. You should be able to see that the interface’s IP address is being monitored in the Orion server.


In the Orion Web Console, in NetFlow module, you should see NetFlow enabled nodes listed in the NetFlow Sources resources.

 

Last modified
20:58, 22 Jun 2016

Tags

Classifications

Public