• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 24 subscribers
  • Views 892 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NTA - Do you need NetFlow for NBAR to work?

richardjmcintosh

I have NTA 4.2 and want to use the NBAR functionality, but I am seeing a few issues.

Do you need to keep your NetFlow v9 configuration or can you only have the NBAR configuration from Set up NBAR2 on Cisco devices ​?

I am also getting errors from SolarWinds saying a virtual interface on my router is sending unknown traffic.  I have no idea what these interfaces and no idea why they would be sending traffic.

2016-09-01_10-56-27.jpg

Any help is greatly appreciated.

Thank you!

  • 0

    As per documentation, you need to have both. Netflow v9 gives you the protocol usage etc... NBAR2 gives you greater detail such if the traffic is udp traffic from you tube. The message is probably to do with netflow being configured on the virtual interface as well as the physical interface. I would double check the device and interface configuration.

  • 0

    Think of NetFlow as the "transport" for the NBAR2 information/fields.

  • 0 in reply to jamesatloop1

    Can you help with this code?  I am sure it's configured correctly, unless i need to have both 'ip flow monitor' and 'ip flow ingress/egress'?

    #show run | s flow

    ip flow-cache timeout active 1

    ip flow-export source GigabitEthernet0/1.30

    ip flow-export version 9

    ip flow-export destination 10.20.18.198 2055

    flow record NTArec

    match ipv4 tos

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input

    collect interface output

    collect counter bytes

    collect counter packets

    collect application name

    flow exporter NTAexp

    destination 1.2.3.4

    source GigabitEthernet0/1.30

    transport udp 2055

    template data timeout 60

    option application-table timeout 60

    option application-attributes timeout 300

    flow monitor NTAmon

    description NetFlow nbar

    exporter NTAexp

    cache timeout inactive 30

    cache timeout active 60

    record NTArec

    interface gi0/0

    ip flow monitor NTAmon input

    ip flow monitor NTAmon output

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.