Cisco NetFlow configuration The port used for NetFlow traffic is specified in the configuration of your flow‑enabled Cisco appliance. The following excerpts from a Cisco router configuration file offer an example of where to look to enable NetFlow traffic on a Cisco router. The document below presents how to use ASDM to configure the ASA to send Neflow information to the Netflow collector. Configure the Collector. In ASDM under Configuration go in Device Management Logging Netflow. There you can set the Netflow collector ip address, the ASA interface it is behind and the port it supports.
Flexible NetFlow is composed of elements that can end up being used together in several variants to execute traffic analysis and information move, and the fresh command-line interface (CLI) configuration comes after the exact same traditional reasoning.In this user-defined flow records and the component structure of Versatile NetFlow create it easy to produce various designs for visitors evaluation and data export on a networking gadget with a minimal number of configuration commands.To make use of Flexible NetFlow to its fullest possible or to keep track of a specific network behaviour, you should generate your very own customized information
Versatile NetFlow move can become configured in three simple actions.
Configuring Exporter
Enter global configuration setting on the router or MSFC, and concern the subsequent instructions for producing the exporter:
stream exporterexportername
locationdestinationipaddress
Export-protocol edition-9
transportation udp 9996
get out of
Flow exporter can become configured with a distinctive name. Multiple Circulation exporter users can end up being configured. Below can be the configuration to configure Movement Exporter.
Circulation Monitor and Movement record Construction
ip stream keep track ofmonitorname
record netflow-original
exporterexportername
cache timeout active 60
cache timeout inactive 15
exit
Verifying Gadget Settings
Concern the subsequent commands innormal (not configuration) modeto confirm whether NetFlow move has happen to be configured correctly:
Evidently there are two methods to configure NetFlow.
One method you configure it like this and make use of these verification instructions.
ip flow-export supply Loopback0
ip flow-export version 9
ip flow-export destination 4.4.28.28 35028
interface Ethernet,0/2
ip address 5.5.37.17 255.255.255.0
ip movement ingress
ip flow egress
ip flow-top-talkers
top 5
sort-by bytes
cache-timeout 60000
show ip circulation export
present ip cache movement
sho ip flow top-talkers
The additional way you configure it like this and use these verification commands.
flow exporter FLOW-EXPORTER
location 4.4.28.28
supply Loopback0
transportation udp 35028
stream keep track of FLOW-MONITOR
exporter FLOW-EXPORTER
record netflow ipv4 protocol-port
user interface Ethernet0/2
ip tackle 5.5.37.17 255.255.255.0
ip circulation monitor FLOW-MONITOR input
show circulation exporter
display flow monitor
sho flow monitor FLOW-EXPORTER cache
It appears to to me like the 1st way demonstrated above is usually the outdated method.
And the second way proven above is the brand-new method.
The great old display ip circulation top-talkers just works on the very first method.
If you configure NetFlow making use of method 2 above you will obtain this.
L17#sho ip movement top-talkers
% Netflow isn'capital t enabled.
Ur17#
Ur17#
If I had been to notice something like this on a laboratory.
R17 should be set up for NetFlow traffic evaluation by making use of version 9.
NetFlow statistics should be exported to 4.4.28.28 by making use of the UDP process, slot 35028, and the source user interface Loopback0.
On the Ethernet,0/2 user interface, enable the NetFlow ingress and egress statistics collection.
Enable the NetFlow top talkers feature to view the list of the first five top talkers and kind these top talker entries by the number of bytes. The NetFlow top talkers should end up being retained in the NetFlow figures desk for 1 minute.
Could I rapidly determine that because of the verbiage of the last requirement now there speaking about best talkers, that they would like me to use method amount one above?
Why would the Routing and Turning version 5 laboratory exam consult you to configure it the older way?
If not really for that final requirement right now there talking about best talkers, I think the requirement could become met making use of either technique above.
What method perform you prefer?
Possibly any technique that satisfies the lab requirement will work eh.
I think because of that final requirement generally there speaking about best talkers, that only method one over would work, although I believe there is a method to show best talkers making use of method quantity 2 mainly because well although it can be nothing at all that you would configure.
.