Do you want to find out who is the culprit on your network chewing up valuable bandwidth and killing your network admin's reputation:
Go here and download NTA
To configure via GUI/ web on an ASA click here
Next go here to configure your cisco hardware to talk or read below:
(config)#ip flow-export ver
(config)#ip flow-export version 5
(config)#ip flow
(config)#ip flow-expo
(config)#ip flow-export destion
(config)#ip flow-export desti
(config)#ip flow-export destination [your NTA flow server] 2055
(config)#int vlan 3
(config-if)#ip flow egress
(config-if)#ip flow ingress
(config-if)#ip route-ca
(config-if)#ip route-cache flow
(config-if)#exit
(config)#wr mem
To configure on a cisco switch click here
below I got some really good information from Jake over there at ploxer:
Setting up NetFlow Lite on the 2960x:
!
! step 1: create a flow record
flow record flows
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect interface input
collect flow sampler
! below I specified ‘long’ because the 2960x supports 64 bit counters
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
! step 2: create a flow exporter
flow exporter export-to-inside
description flexible NF v9
destination 10.1.1.1
source Vlan7
transport udp 2055
template data timeout 60
!
! lets export some cool option templates
option interface-table
option exporter-stats
option sampler-table
!
!
! step 3: create a flow monitor
flow monitor nftest
record flows
exporter export-to-inside
cache timeout active 60
statistics packet protocol
!
! Below was used for the deterministic sampling configuration
! that I didn’t like because of the 4 interface limitation
! sampler full
! mode deterministic 1 out-of 32
!
! below is the random sampler configuration that I replaced
! the above with.
sampler my-random-sampler
mode random 1 out-of 100
!
!
!
! step 4: apply the flow monitor ‘nftest’ to each interface with
! the defined sampler ‘my-random-sampler’
! input is for ingress. Egress was not supported in this release…
interface GigabitEthernet1/0/1
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/2
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/3
ip flow monitor nftest sampler my-random-sampler input
!
interface GigabitEthernet1/0/4
ip flow monitor nftest sampler my-random-sampler input
!
No comments:
Post a Comment