Device Configuration for IOS > 15.5 (Cisco 4500, Nexus 7000, etc)

Version 1

    Purpose

    In order to properly monitor network devices, NetFlow must be configured to send interesting traffic to the Orion NetFlow Traffic Analyzer (NTA) module.

    Device Configuration for IOS > 15.5

    There are 4 parts to configuring the device for proper NetFlow reporting. Note that this can only be done on devices that support netflow (Cisco 4500, Nexus 7000, etc)

    Record

    For detail on how to create a record and what it is used for, reference How to setup Cisco's Flexible NetFlow (FNF) with LEGO Blocks.


    Sample of record configuration from device IOS 15.2

    flow record r1

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input

    collect routing forwarding-status

    collect transport tcp flags

    collect interface output

    collect counter bytes long

    collect counter packets long

    collect timestamp sys-uptime first

    collect timestamp sys-uptime last

    Exporter

    This is the location you want to send the NetFlow data to.


    Sample of exporter

    flow exporter Solarwinds

    destination 10.1.1.1

    source Vlan8

    transport udp 2055

    template data timeout 60

    Monitor

    This piece of configuration ties the record to the exporter.


    Sample of monitor

    flow monitor m1

    record r1

    exporter Solarwinds

    cache timeout inactive 5

    cache timeout active 60


    Interface

    Now that we have the record and exporter defined and associated, it’s time to identify which interfaces should send the netflow traffic. The legacy configuration monitors all VLAN traffic as follows:


    Sample of vlan configuration record - This is NOT the way we want to configure the device because we get netflow from links we don't really care about.

    vlan configuration 2-5,7-9,11,100-107

    ip flow monitor m1 input


    Instead, enter the interface configuration for each uplink interface and add the line

    ip flow monitor m1 input