Hi,
Can you kindly assist in configuring netflow for the below devices;
Cisco 1941K9
HP Switches Model (2848 ) (J4904A) (J9728A) (J9727A) Model (J9772A) (Model J4903A) ModelJ4904A Model J9775A.
Regards
Tshepo.
Your best bet is to use the Solarwinds NTA configuration guidelines provided online.
With the Cisco switch & router examples, it's possible to simply copy the examples, edit them to include your Solarwinds Poller address, and paste them into the switches & routers. Then test/review to ensure NTA is receiving the data.
Some examples I've taken straight out of Solarwinds' resources and documented for my Network Team's use:
For a Cisco 3850 switch that's doing routing (L3 enabled):
Configuring a Flow Record (Ingress):
flow record NFA1
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
Configuring a Flow Record (Egress):
flow record NFAout
match ipv4 protocol
match ipv4 tos
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect interface input
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect counter bytes layer2 long
flow exporter NFA1
destination x.x.x.x (IP address of the Solarwinds poller monitoring this switch)
template data timeout 60
source loopback0
transport udp 2055
Configuring a Flow Monitor (Ingress):
flow monitor NFA1
exporter NFA1
cache timeout active 60
record NFA1
Configuring a Flow Monitor (Egress):
flow monitor NFAout
exporter NFA1
record NFAout
cache timeout active 60
Associate NetFlow reporting to the Uplink port and Vlan interface of the switch:
exit (to escape from the flow monitor section—stay in config t mode)
vlan configuration (select the VLANs to monitor—typically only data VLANs)
ip flow monitor NFA1 input
ip flow monitor NFAout output
------------------------------
For Cisco 4551 routers or 94xx L3 chassis switches doing routing:
Adjust the lines containing “source” and “destination” to match your network's setup, and then apply this config to the outward facing interface (the Loopback interface if it’s a router).
flow record NTA
description config for NTA
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect interface output
collect interface input
flow exporter NTA
description Exporter for NTA
destination x.x.x.x (set this to the address of the Solarwinds server that’s polling the device)
source Loopback0
(Always use the device’s Loopback address if it has one. Otherwise use the IP address used to manage the switch, such as the Management VLAN address if there is one, or the first data VLAN SVI, or the WAN port, etc.)
transport udp 2055
template data timeout 60
flow monitor NTA
exporter NTA
cache timeout active 60
record NTA
Then apply the next two lines (below) to the uplink port(s) on the router, switch, firewall, etc. If the hardware technology supports it, you can apply the flow monitor input and output commands to every port for granularly capturing East-West traffic as well as North-South. 4510 v7 hardware is not compatible with this option, but 4510 v8 IS compatible with it—but in one direction only, not both input and output. Only use the “input” command below to capture the traffic coming from a device plugged into a 4510’s ports.
ip flow monitor NTA input
ip flow monitor NTA output
Example on a router:
conf t
int gi0/0/0
ip flow monitor NTA input
ip flow monitor NTA output
9400 L3 Chassis switch only:
sampler NTA-sampler
description Sample at 50%
mode random 1 out-of 2
============================
I build these documents for every routing device in our environment and publish them for my team to use when installing new equipment or updating old gear. I have similar guides published for Cisco 6509's, ASA's, 3850's, and even for converting Netflow 5 to version 9, and enabling NBAR2. Solarwinds' online resources for this are wonderful.
Just for the Solarwinds support.solarwinds.com site for the Success Center and enter in what you want to search for. Example: "Cisco Netflow Configuration". Read the documents in the hot links provided from your search and you'll be in Netflow data in no time!
For HP equipment, refer to the manufacturer's guidelines and compatibilities. Google is your friend for this, unless you have an HP support contract that allows you to pick the experts' brains. https://www.google.com/search?q=hp+switch+netflow+configuration&rlz=1C1GCEU_enUS842US842&oq=hp+switch+netflow+configuration&aqs=chrome.0.0l4.4919j0j9&sourceid=chrome&ie=UTF-8&safe=active
Do your research, read the manual & guidelines to understand your equipment's unique limitations and abilities and compatibilities, then test your settings on a single device-preferably in a test lab, or a device that doesn't impact user or business traffic. Then adjust and improve the configuration until the switch or router or firewall provides the information you need. Then deploy the same settings on the rest of your Layer 3 devices and sit back and watch the data start to display in NTA.
Swift Packets!
Rick Schroeder
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.