2 Replies Latest reply on Jan 24, 2013 8:26 AM by Adam Stephen

    Unmanaged Interfaces

    rulob

           Hello!

       

      I am seeing a lot of the Netflow Data Received from Unmanaged Interface events on the NPM Web Console.

       

      I have a doubt regarding this, is it possible to limit/block/cancel the output of the Netflow from a certain Interface? Do I have to do some configs on my switch/router?

       

      Regards,

      --Raul

        • Re: Unmanaged Interfaces
          jacob_beucler

          Hi Raul, you can stop the Netfow data by configuring your interface to stop sending Netflow data, the commands may vary depending on the device.

           

          Example: To disable flow export on Cisco ASA, apply the following commands:

          (config)#no policy-map global_policy
          (config)# no class-map netflow-export-class
          (config)# no access-list netflow-export extended permit ip any any
          (config)# no flow-export delay flow-create 60
          (config)# no flow-export template timeout-rate 1
          (config)# no flow-export destination inside NetFlow Analyzer server IP address 9996

           

           

          Can you provide some more information for me?

          • What Type of device is this?
          • Is this device sending flows on different
            interfaces?
          • Is it a lot of messages or just a few?

           

          We base this on the interface index in the flow so something is definitely going on here.

            • Re: Unmanaged Interfaces
              Adam Stephen

              Just as an addition if this is a Switch IE: like 6500 Series the commands might look like this to disable netflow export from specific interfaces.

               

              Switch(config-if)#no ip route-cache flow

              Switch(config)#no ip flow ingress layer2-switched vlan 10,20

               

              Do keep in mind which layer 3 interface you do what flow enabled.  The second command restricts the flow collected.  The example will send ingress flows from Vlans 10 and 20.  If I only want to remove netflow from on vlan the first cammand would be applied at the interface level and then only specify the one vlan in the second command.

               

              Hope this helps if not it is good to know.  It helped me during a project.

              1 of 1 people found this helpful