This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Re:Solarwinds netflow

Hi,

Can you kindly assist in configuring netflow for the below devices;
Cisco 1941K9
HP Switches Model (2848 ) (J4904A) (J9728A) (J9727A) Model (J9772A) (Model J4903A) ModelJ4904A Model J9775A.

Regards
Tshepo.

  • Your best bet is to use the Solarwinds NTA configuration guidelines provided online. 

    With the Cisco switch & router examples, it's possible to simply copy the examples, edit them to include your Solarwinds Poller address, and paste them into the switches & routers.  Then test/review to ensure NTA is receiving the data.

    Some examples I've taken straight out of Solarwinds' resources and documented for my Network Team's use:

    For a Cisco 3850 switch that's doing routing (L3 enabled):

    Configuring a Flow Record (Ingress): 

    flow record NFA1 

    match ipv4 tos 

    match ipv4 protocol 

    match ipv4 source address 

    match ipv4 destination address 

    match transport source-port 

    match transport destination-port 

    match interface input 

    collect interface output 

    collect counter bytes long 

    collect counter packets long 

    collect timestamp absolute first 

    collect timestamp absolute last 

     

    Configuring a Flow Record (Egress): 

    flow record NFAout 
    match ipv4 protocol 
    match ipv4 tos 
    match ipv4 source address 
    match ipv4 destination address 
    match transport source-port 
    match transport destination-port 
    match interface output 
    collect interface input 
    collect transport tcp flags 
    collect counter bytes long 
    collect counter packets long 
    collect timestamp absolute first 
    collect timestamp absolute last 
    collect counter bytes layer2 long 
     
    flow exporter NFA1 
      destination x.x.x.x  (IP address of the Solarwinds poller monitoring this switch) 
    template data timeout 60 
    source loopback0 
    transport udp 2055 
     
    Configuring a Flow Monitor (Ingress): 

    flow monitor NFA1 

    exporter NFA1 

    cache timeout active 60 

    record NFA1 

     
    Configuring a Flow Monitor (Egress): 
    flow monitor NFAout 
    exporter NFA1 
    record NFAout 
    cache timeout active 60 
     
    Associate NetFlow reporting to the Uplink port and Vlan interface of the switch: 
    exit (to escape from the flow monitor section—stay in config t mode) 
    vlan configuration (select the VLANs to monitor—typically only data VLANs) 
     
    ip flow monitor NFA1 input 
    ip flow monitor NFAout output 

     ------------------------------

    For Cisco 4551 routers or 94xx L3 chassis switches doing routing:

    Adjust the lines containing “source” and “destination” to match your network's setup, and then apply this config to the outward facing interface (the Loopback interface if it’s a router). 

    flow record NTA 

    description config for NTA 

    match ipv4 tos 

    match ipv4 protocol 

    match ipv4 source address 

    match ipv4 destination address 

    match transport source-port 

    match transport destination-port 

    collect transport tcp flags 

    collect counter bytes long 

    collect counter packets long 

    collect interface output 

    collect interface input 

     

    flow exporter NTA 

    description Exporter for NTA 

    destination x.x.x.x           (set this to the address of the Solarwinds server that’s polling the device) 

    source Loopback0             

    (Always use the device’s Loopback address if it has one.  Otherwise use the IP address used to manage the switch, such as the Management VLAN address if there is one, or the first data VLAN SVI, or the WAN port, etc.) 

    transport udp 2055 

    template data timeout 60 

     

    flow monitor NTA 

    exporter NTA 

    cache timeout active 60 

    record NTA 

     

    Then apply the next two lines (below) to the uplink port(s) on the router, switch, firewall, etc.  If the hardware technology supports it, you can apply the flow monitor input and output commands to every port for granularly capturing East-West traffic as well as North-South.  4510 v7 hardware is not compatible with this option, but 4510 v8 IS compatible with it—but in one direction only, not both input and output.  Only use the “input” command below to capture the traffic coming from a device plugged into a 4510’s ports. 

     

    ip flow monitor NTA input 

    ip flow monitor NTA output 

     

    Example on a router: 

    conf t 

    int gi0/0/0 

    ip flow monitor NTA input 

    ip flow monitor NTA output 

     

    9400 L3 Chassis switch only: 

    sampler NTA-sampler 

    description Sample at 50% 

    mode random 1 out-of 2 

    ============================

    I build these documents for every routing device in our environment and publish them for my team to use when installing new equipment or updating old gear.  I have similar guides published for Cisco 6509's, ASA's, 3850's, and even for converting Netflow 5 to version 9, and enabling NBAR2.  Solarwinds' online resources for this are wonderful. 

    Just for the Solarwinds support.solarwinds.com site for the Success Center and enter in what you want to search for.  Example:  "Cisco Netflow Configuration".  Read the documents in the hot links provided from your search and you'll be in Netflow data in no time!

    For HP equipment, refer to the manufacturer's guidelines and compatibilities.  Google is your friend for this, unless you have an HP support contract that allows you to pick the experts' brains.   https://www.google.com/search?q=hp+switch+netflow+configuration&rlz=1C1GCEU_enUS842US842&oq=hp+switch+netflow+configuration&aqs=chrome.0.0l4.4919j0j9&sourceid=chrome&ie=UTF-8&safe=active

    Do your research, read the manual & guidelines to understand your equipment's unique limitations and abilities and compatibilities, then test your settings on a single device-preferably in a test lab, or a device that doesn't impact user or business traffic.  Then adjust and improve the configuration until the switch or router or firewall provides the information you need.  Then deploy the same settings on the rest of your Layer 3 devices and sit back and watch the data start to display in NTA.

    Swift Packets!

    Rick Schroeder