Difference between revisions of "Netflow cisco IOS"

From Teknologisk videncenter
Jump to: navigation, search
m (Links)
m
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 +
=Netflow versoin 5=
 
<source lang=cli>
 
<source lang=cli>
 
router#enable
 
router#enable
Line 51: Line 52:
 
!
 
!
 
! That's it
 
! That's it
 +
</source>
 +
=Netflow version 9=
 +
Example
 +
<source lang=text>
 +
flow record NF1
 +
match datalink mac source address input
 +
match datalink mac destination address input
 +
match ipv4 tos
 +
match ipv4 ttl
 +
match ipv4 protocol
 +
match ipv4 source address
 +
match ipv4 destination address
 +
match transport source-port
 +
match transport destination-port
 +
collect interface input
 +
collect interface output
 +
collect counter bytes
 +
collect counter packets
 +
collect timestamp sys-uptime first
 +
collect timestamp sys-uptime last
 +
!
 +
!
 +
flow exporter NF1_EXPORT
 +
destination 192.168.1.98
 +
source GigabitEthernet8
 +
transport udp 2055
 +
!
 +
!
 +
flow monitor NF1
 +
exporter NF1_EXPORT
 +
cache timeout active 60
 +
statistics packet protocol
 +
statistics packet size
 +
record NF1
 +
!
 +
interface GigabitEthernet8
 +
ip address 192.168.1.84 255.255.255.0
 +
ip flow monitor NF1 input
 +
ip flow monitor NF1 output
 +
ip nat outside
 
</source>
 
</source>
 
=Links=
 
=Links=
 +
*[https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf Cisco Flexible Netflow Guide]
 
*See [http://mars.tekkom.dk/pdf/IOS_Switching_Services.pdf chapter NetFlow Switching]
 
*See [http://mars.tekkom.dk/pdf/IOS_Switching_Services.pdf chapter NetFlow Switching]
 
{{Source cli}}
 
{{Source cli}}
 
[[Category:Cisco]]
 
[[Category:Cisco]]

Latest revision as of 06:46, 5 June 2021

Netflow versoin 5

router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow
router-2621(config-if)#exit 
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow

Paessler on Cisco IOS

!
! Step 1: Enabling NetFlow
!
! Note: For PRTG we need NetFlow versions 5 or 9,
!       no other NetFlow version is supported currently
!
<input>ip flow-export version 5</input>
! or
! ip flow-export version 9
!
! Note: we recommend these values for the timeouts
!
! timeout active value is in minutes
<input>ip flow-cache timeout active 5</input>
!
! timeout inactive value is in seconds
<input>ip flow-cache timeout inactive 10</input> 
!
! Step 2: Setting the target address for NetFlow Packets:
!
! Replace 10.0.0.200 with the IP address of your machine running PRTG
! Replace 9991 with another port number of your choice if desired
!
<input>ip flow-export destination 10.0.0.200 9991</input>
!
! Step 3: You can optionally send all NetFlow packets to one other machine, too
!
<input>ip flow-export destination 10.0.0.201 9991</input>
!
! Step 4: Create a "NetFlow Sensor" in PRTG (V7 or later) and enter the port number set above
!
! That's it

Netflow version 9

Example

flow record NF1
 match datalink mac source address input
 match datalink mac destination address input
 match ipv4 tos
 match ipv4 ttl
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
 collect interface output
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter NF1_EXPORT
 destination 192.168.1.98
 source GigabitEthernet8
 transport udp 2055
!
!
flow monitor NF1
 exporter NF1_EXPORT
 cache timeout active 60
 statistics packet protocol
 statistics packet size
 record NF1
!
interface GigabitEthernet8
 ip address 192.168.1.84 255.255.255.0
 ip flow monitor NF1 input
 ip flow monitor NF1 output
 ip nat outside

Links