Netflow

From Datateknik
(Difference between revisions)
Jump to: navigation, search
(hejdå)
(Verify)
 
(6 intermediate revisions by one user not shown)
Line 3: Line 3:
 
requires 8GB RAM
 
requires 8GB RAM
 
=Setup IOS Connectivity=
 
=Setup IOS Connectivity=
  hostname NetflowCollect
+
  hostname Catalyst3650
 
  enable secret cisco
 
  enable secret cisco
 
  line vty 0 15
 
  line vty 0 15
Line 9: Line 9:
 
  !
 
  !
 
  ! SNMP for Orian to '''read''' (RO) fan & CPU data, and to '''set''' (RW) thing
 
  ! SNMP for Orian to '''read''' (RO) fan & CPU data, and to '''set''' (RW) thing
  snmp-server community secret RW
+
  snmp-server community private RW
 
  snmp-server community public RO
 
  snmp-server community public RO
  
Line 15: Line 15:
 
Use Putty/telnet from the SolarwindsPC to the cisco device to make sure that connectivity works
 
Use Putty/telnet from the SolarwindsPC to the cisco device to make sure that connectivity works
  
=3=
+
=Solarwinds NTA: Discover one device=
=4=
+
* Discover one device only by its IP-address
 +
* Add SNMP passwords (and telnet passwords)
 +
 
 +
=Cisco IOS=
 +
add netflow to the 3650 L3-switch according to https://www.alfredtong.com/cisco/configure-netflow-cisco-catalyst-36503850-switch/
 +
flow record FLOWRECORD
 +
description IPv4flow
 +
match datalink vlan input
 +
match datalink mac source address input
 +
match datalink mac destination address input
 +
match ipv4 tos
 +
match ipv4 ttl
 +
match ipv4 protocol
 +
match ipv4 source address
 +
match ipv4 destination address
 +
match transport source-port
 +
match transport destination-port
 +
match interface input
 +
match flow direction
 +
collect transport tcp flags
 +
collect interface output
 +
collect counter bytes long
 +
collect counter packets long
 +
collect timestamp absolute first
 +
collect timestamp absolute last
 +
collect counter bytes layer2 long
 +
 
 +
flow exporter FLOWEXPORTER
 +
description IPFIX
 +
destination x.x.x.x
 +
source Loopback0
 +
transport udp 2055
 +
export-protocol ipfix
 +
 
 +
flow monitor FLOWMONITOR
 +
description IPv4Monitor
 +
exporter FLOWEXPORTER
 +
cache timeout active 60
 +
record FLOWRECORD
 +
 
 +
# for physical ports
 +
interface range gi 1/0/1 - 24
 +
ip flow monitor FLOWMONITOR input         
 +
 
 +
# for Layer 2
 +
vlan configuration 1-4094
 +
ip flow monitor FLOWMONITOR input
 +
= ?? =
 +
= ?? =
 +
= Verify =
 +
* In Orion: Select the menu "My Dashboards" -> "Netflow" vv "NTA Summary"
 +
* check last recieved Netflow data [[file:netflow1.png]]
 +
* Check the SUMMARY graph in "My Dashboards" -> "Netflow" vv "Apps"
 +
* check distribution data [[file:netflow2.png]]
 +
* asd

Latest revision as of 15:32, 28 February 2019

hej

Contents

[edit] Install NTA (Solarwinds Network Traffic Analyser)

requires 8GB RAM

[edit] Setup IOS Connectivity

hostname Catalyst3650
enable secret cisco
line vty 0 15
password cisco
!
! SNMP for Orian to read (RO) fan & CPU data, and to set (RW) thing
snmp-server community private RW
snmp-server community public RO

[edit] Putty to device

Use Putty/telnet from the SolarwindsPC to the cisco device to make sure that connectivity works

[edit] Solarwinds NTA: Discover one device

  • Discover one device only by its IP-address
  • Add SNMP passwords (and telnet passwords)

[edit] Cisco IOS

add netflow to the 3650 L3-switch according to https://www.alfredtong.com/cisco/configure-netflow-cisco-catalyst-36503850-switch/ flow record FLOWRECORD

description IPv4flow
match datalink vlan input
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect counter bytes layer2 long
flow exporter FLOWEXPORTER
description IPFIX
destination x.x.x.x
source Loopback0
transport udp 2055
export-protocol ipfix
flow monitor FLOWMONITOR
description IPv4Monitor
exporter FLOWEXPORTER
cache timeout active 60
record FLOWRECORD
# for physical ports
interface range gi 1/0/1 - 24
ip flow monitor FLOWMONITOR input          
# for Layer 2
vlan configuration 1-4094
ip flow monitor FLOWMONITOR input

[edit]  ??

[edit]  ??

[edit] Verify

  • In Orion: Select the menu "My Dashboards" -> "Netflow" vv "NTA Summary"
  • check last recieved Netflow data Netflow1.png
  • Check the SUMMARY graph in "My Dashboards" -> "Netflow" vv "Apps"
  • check distribution data Netflow2.png
  • asd
Personal tools
Namespaces

Variants
Actions
Navigation
Tools