Netflow
From Datateknik
(Difference between revisions)
(→hej) |
(→Verify) |
||
| (8 intermediate revisions by one user not shown) | |||
| Line 2: | Line 2: | ||
=Install NTA (Solarwinds Network Traffic Analyser)= | =Install NTA (Solarwinds Network Traffic Analyser)= | ||
requires 8GB RAM | requires 8GB RAM | ||
| − | == | + | =Setup IOS Connectivity= |
| + | hostname Catalyst3650 | ||
| + | enable secret cisco | ||
| + | line vty 0 15 | ||
| + | password cisco | ||
| + | ! | ||
| + | ! SNMP for Orian to '''read''' (RO) fan & CPU data, and to '''set''' (RW) thing | ||
| + | snmp-server community private RW | ||
| + | snmp-server community public RO | ||
| − | = | + | =Putty to device= |
| − | = | + | Use Putty/telnet from the SolarwindsPC to the cisco device to make sure that connectivity works |
| − | = | + | |
| + | =Solarwinds NTA: Discover one device= | ||
| + | * Discover one device only by its IP-address | ||
| + | * Add SNMP passwords (and telnet passwords) | ||
| + | |||
| + | =Cisco IOS= | ||
| + | add netflow to the 3650 L3-switch according to https://www.alfredtong.com/cisco/configure-netflow-cisco-catalyst-36503850-switch/ | ||
| + | flow record FLOWRECORD | ||
| + | description IPv4flow | ||
| + | match datalink vlan input | ||
| + | match datalink mac source address input | ||
| + | match datalink mac destination address input | ||
| + | match ipv4 tos | ||
| + | match ipv4 ttl | ||
| + | match ipv4 protocol | ||
| + | match ipv4 source address | ||
| + | match ipv4 destination address | ||
| + | match transport source-port | ||
| + | match transport destination-port | ||
| + | match interface input | ||
| + | match flow direction | ||
| + | collect transport tcp flags | ||
| + | collect interface output | ||
| + | collect counter bytes long | ||
| + | collect counter packets long | ||
| + | collect timestamp absolute first | ||
| + | collect timestamp absolute last | ||
| + | collect counter bytes layer2 long | ||
| + | |||
| + | flow exporter FLOWEXPORTER | ||
| + | description IPFIX | ||
| + | destination x.x.x.x | ||
| + | source Loopback0 | ||
| + | transport udp 2055 | ||
| + | export-protocol ipfix | ||
| + | |||
| + | flow monitor FLOWMONITOR | ||
| + | description IPv4Monitor | ||
| + | exporter FLOWEXPORTER | ||
| + | cache timeout active 60 | ||
| + | record FLOWRECORD | ||
| + | |||
| + | # for physical ports | ||
| + | interface range gi 1/0/1 - 24 | ||
| + | ip flow monitor FLOWMONITOR input | ||
| + | |||
| + | # for Layer 2 | ||
| + | vlan configuration 1-4094 | ||
| + | ip flow monitor FLOWMONITOR input | ||
| + | = ?? = | ||
| + | = ?? = | ||
| + | = Verify = | ||
| + | * In Orion: Select the menu "My Dashboards" -> "Netflow" vv "NTA Summary" | ||
| + | * check last recieved Netflow data [[file:netflow1.png]] | ||
| + | * Check the SUMMARY graph in "My Dashboards" -> "Netflow" vv "Apps" | ||
| + | * check distribution data [[file:netflow2.png]] | ||
| + | * asd | ||
Latest revision as of 15:32, 28 February 2019
hej
Contents |
[edit] Install NTA (Solarwinds Network Traffic Analyser)
requires 8GB RAM
[edit] Setup IOS Connectivity
hostname Catalyst3650 enable secret cisco line vty 0 15 password cisco ! ! SNMP for Orian to read (RO) fan & CPU data, and to set (RW) thing snmp-server community private RW snmp-server community public RO
[edit] Putty to device
Use Putty/telnet from the SolarwindsPC to the cisco device to make sure that connectivity works
[edit] Solarwinds NTA: Discover one device
- Discover one device only by its IP-address
- Add SNMP passwords (and telnet passwords)
[edit] Cisco IOS
add netflow to the 3650 L3-switch according to https://www.alfredtong.com/cisco/configure-netflow-cisco-catalyst-36503850-switch/ flow record FLOWRECORD
description IPv4flow match datalink vlan input match datalink mac source address input match datalink mac destination address input match ipv4 tos match ipv4 ttl match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match flow direction collect transport tcp flags collect interface output collect counter bytes long collect counter packets long collect timestamp absolute first collect timestamp absolute last collect counter bytes layer2 long
flow exporter FLOWEXPORTER description IPFIX destination x.x.x.x source Loopback0 transport udp 2055 export-protocol ipfix
flow monitor FLOWMONITOR description IPv4Monitor exporter FLOWEXPORTER cache timeout active 60 record FLOWRECORD
# for physical ports interface range gi 1/0/1 - 24 ip flow monitor FLOWMONITOR input
# for Layer 2 vlan configuration 1-4094 ip flow monitor FLOWMONITOR input
[edit] ??
[edit] ??
[edit] Verify
- In Orion: Select the menu "My Dashboards" -> "Netflow" vv "NTA Summary"
- check last recieved Netflow data
- Check the SUMMARY graph in "My Dashboards" -> "Netflow" vv "Apps"
- check distribution data
- asd
