3 Replies Latest reply on Oct 2, 2017 11:56 AM by mesverrum

    Netflow Config

    marnell

      Can I put netflow on any uplink in my environment? I have it configured on my ASR for our iSP. I was curious on putting it on some of out 12D switches, wlc, cisco firepower?

      Could I use the same config that i used on my asr for all the other?

        • Re: Netflow Config
          mesverrum

          Most l2 switches don't support netflow, some l2/l3 switches do.  You would have to check the vendor documentation for your models to confirm if they support it and if there are any limitations and examples of the configuration.

           

          Once you have it set up on your side Solarwinds isn't terribly picky about netflow sources, as long as the interface is being monitored in NPM it can show up in NTA.

          1 of 1 people found this helpful
          • Re: Netflow Config
            marnell

            I have a network with a 4500x in one  building. Netflow would not work on my uplink, but it did configure on the vlan that the switch ip is on. So I let it run for a few days and I still do not see anything showing in NPM. Would it be better to setup netflow on the next 9k rather than the distribution switch in each building?

              • Re: Netflow Config
                mesverrum

                Go to the netflow summary page and there should be a list of sources and a timestamp for the last time that interface sent flows, it should be within the last minute or so. If your interface isn't showing in the sources list then there should be things in the netflow events saying it received flows from an unmonitored interface.  If none of those things are there then your flows aren't making to Solarwinds.  Maybe firewall, maybe something wrong with the config.  Here are a few examples of 4500 configs that people said worked, Cisco 4500X switch & Flexible Netflow

                 

                As far as the question about collecting it at the 4500 or 9k it really depends on how you have your network topology set up.  If everything makes it's way back to the 9k then it seems like having the central point of collection makes sense instead of setting it up from several distribution points, but if there is a category of traffic you are worried about that wouldn't be making it to the 9k then you need to collect elsewhere if possible.