8 Feb 2022

Netflow setup for Cisco devices

Let's see how we Export Netflow from Cisco Switches to Solarwinds Netflow:

  1. Create Flow Record
  2. Create Flow Exporter
  3. Create Flow Monitor
  4. Apply flow monitor to interfaces


Example for Cisco Catalyst 9200/9300 devices

This setup will also solve the following error Solarwinds gives when exporting netflow from Cat9200/9300:
"The NetFlow Receiver Service [Solarwinds-Host] received an invalid V9 template with ID 256 from device . See knowledge base for more information."

Then you must do a similar configuration to the following: 

flow record NETFLOW_INPUT_RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match flow direction
match interface input
collect counter bytes long
collect counter packets long
!
flow record NETFLOW_OUTPUT_RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match flow direction
match interface output
collect counter bytes long
collect counter packets long
!
flow exporter NETFLOW_EXPORTER
destination <ip_address_of_Solarwinds_server>
source <your_source_interface_for_netflow_traffic>
transport udp 2055
!
flow monitor NETFLOW_MONITOR_OUTPUT
exporter NETFLOW_EXPORTER
record NETFLOW_OUTPUT_RECORD
!
flow monitor NETFLOW_MONITOR_INPUT
exporter NETFLOW_EXPORTER
record NETFLOW_INPUT_RECORD
!
sampler NETFLOW_SAMPLER
mode random 1 out-of 2
!
interface <the_interface_which_you_want_to_export_netflow_of>
ip flow monitor NETFLOW_MONITOR_INPUT sampler NETFLOW_SAMPLER input
ip flow monitor NETFLOW_MONITOR_OUTPUT sampler NETFLOW_SAMPLER output
!


NOTES:

 If you have NBAR:

#collect application name

If you use BGP:
#collect routing source as
#collect routing destination as


Some Other Links:





Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)