Purpose
In order to properly monitor network devices, NetFlow must be configured to send interesting traffic to the Orion NetFlow Traffic Analyzer (NTA) module.
Device Configuration for IOS > 15.5
There are 4 parts to configuring the device for proper NetFlow reporting. Note that this can only be done on devices that support netflow (Cisco 4500, Nexus 7000, etc)
Record
For detail on how to create a record and what it is used for, reference How to setup Cisco's Flexible NetFlow (FNF) with LEGO Blocks.
Sample of record configuration from device IOS 15.2
flow record r1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect routing forwarding-status
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
Exporter
This is the location you want to send the NetFlow data to.
Sample of exporter
flow exporter Solarwinds
destination 10.1.1.1
source Vlan8
transport udp 2055
template data timeout 60
Monitor
This piece of configuration ties the record to the exporter.
Sample of monitor
flow monitor m1
record r1
exporter Solarwinds
cache timeout inactive 5
cache timeout active 60
Interface
Now that we have the record and exporter defined and associated, it’s time to identify which interfaces should send the netflow traffic. The legacy configuration monitors all VLAN traffic as follows:
Sample of vlan configuration record - This is NOT the way we want to configure the device because we get netflow from links we don't really care about.
vlan configuration 2-5,7-9,11,100-107
ip flow monitor m1 input
Instead, enter the interface configuration for each uplink interface and add the line
ip flow monitor m1 input
