Difference between revisions of "Netflow cisco IOS"
From Teknologisk videncenter
m |
m |
||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | =Netflow versoin 5= | ||
<source lang=cli> | <source lang=cli> | ||
router#enable | router#enable | ||
Line 51: | Line 52: | ||
! | ! | ||
! That's it | ! That's it | ||
+ | </source> | ||
+ | =Netflow version 9= | ||
+ | Example | ||
+ | <source lang=text> | ||
+ | flow record NF1 | ||
+ | match datalink mac source address input | ||
+ | match datalink mac destination address input | ||
+ | match ipv4 tos | ||
+ | match ipv4 ttl | ||
+ | match ipv4 protocol | ||
+ | match ipv4 source address | ||
+ | match ipv4 destination address | ||
+ | match transport source-port | ||
+ | match transport destination-port | ||
+ | collect interface input | ||
+ | collect interface output | ||
+ | collect counter bytes | ||
+ | collect counter packets | ||
+ | collect timestamp sys-uptime first | ||
+ | collect timestamp sys-uptime last | ||
+ | ! | ||
+ | ! | ||
+ | flow exporter NF1_EXPORT | ||
+ | destination 192.168.1.98 | ||
+ | source GigabitEthernet8 | ||
+ | transport udp 2055 | ||
+ | ! | ||
+ | ! | ||
+ | flow monitor NF1 | ||
+ | exporter NF1_EXPORT | ||
+ | cache timeout active 60 | ||
+ | statistics packet protocol | ||
+ | statistics packet size | ||
+ | record NF1 | ||
+ | ! | ||
+ | interface GigabitEthernet8 | ||
+ | ip address 192.168.1.84 255.255.255.0 | ||
+ | ip flow monitor NF1 input | ||
+ | ip flow monitor NF1 output | ||
+ | ip nat outside | ||
</source> | </source> | ||
=Links= | =Links= | ||
− | *[[http://mars.tekkom.dk/pdf/IOS_Switching_Services.pdf | + | *[https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf Cisco Flexible Netflow Guide] |
+ | *See [http://mars.tekkom.dk/pdf/IOS_Switching_Services.pdf chapter NetFlow Switching] | ||
{{Source cli}} | {{Source cli}} | ||
[[Category:Cisco]] | [[Category:Cisco]] |
Latest revision as of 06:46, 5 June 2021
Netflow versoin 5
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
Paessler on Cisco IOS
!
! Step 1: Enabling NetFlow
!
! Note: For PRTG we need NetFlow versions 5 or 9,
! no other NetFlow version is supported currently
!
<input>ip flow-export version 5</input>
! or
! ip flow-export version 9
!
! Note: we recommend these values for the timeouts
!
! timeout active value is in minutes
<input>ip flow-cache timeout active 5</input>
!
! timeout inactive value is in seconds
<input>ip flow-cache timeout inactive 10</input>
!
! Step 2: Setting the target address for NetFlow Packets:
!
! Replace 10.0.0.200 with the IP address of your machine running PRTG
! Replace 9991 with another port number of your choice if desired
!
<input>ip flow-export destination 10.0.0.200 9991</input>
!
! Step 3: You can optionally send all NetFlow packets to one other machine, too
!
<input>ip flow-export destination 10.0.0.201 9991</input>
!
! Step 4: Create a "NetFlow Sensor" in PRTG (V7 or later) and enter the port number set above
!
! That's it
Netflow version 9
Example
flow record NF1
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NF1_EXPORT
destination 192.168.1.98
source GigabitEthernet8
transport udp 2055
!
!
flow monitor NF1
exporter NF1_EXPORT
cache timeout active 60
statistics packet protocol
statistics packet size
record NF1
!
interface GigabitEthernet8
ip address 192.168.1.84 255.255.255.0
ip flow monitor NF1 input
ip flow monitor NF1 output
ip nat outside