cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5650
Views
0
Helpful
2
Replies

Configure Netflow via DNA Center

pagosojayson
Level 1
Level 1

Hi,

 

We are on the process of enabling Stealthwatch on our network and one of the requirements is to configure netflow on the devices.  Is there a way to configure netflow via DNA Center?  I tried to enable it via telemetry on DNA Center but it seems like the commands that it configured on the switches is very limited.  Here are the commands that we are after:

 

flow record SW_FLOW_RECORD
description NetFlow record format to send to SW
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last

flow record SW_FLOW_RECORD
match flow cts source group-tag
match flow cts destination group-tag

flow exporter NETFLOW_TO_SW_FC
description Export NetFlow to SW FC
destination X.X.X.X
source Loopback0
transport udp 9995
template data timeout 30

flow monitor IPv4_NETFLOW_SW
record SW_FLOW_RECORD
exporter NETFLOW_TO_SW_FC
cache timeout active 60
cache timeout inactive 15

 

interface VlanX
ip flow monitor IPv4_NETFLOW_SW input

 

If this is something that DNA Center is capable of? If not, then can we configure them via template?  Will it not break the support agreement?

 

Regards,

Jayson

 

2 Replies 2

Benjamin-A
Level 1
Level 1

Hi,

have you followed this Guide? 

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/2-2-2/stealthwatch/b_ssa_on_dnac_user-guide_2-2-2/b_ssa_on_dnac_user-guide_eft_2_chapter_01.html

 

As written here you want to use the Stealthwatch Flow Destionation. This is configured under Design > Network Settings > Add Servers / Not Design > Telemetry.

Then follow the steps to enable Stealthwatch on the Switches within Povision > Stealthwatch Security Analytics .

Worked fine for me.

 

If you really not satisfied with the record collection you will have to use templates. 

Don't know if the support agreement will be broken. Maybe someone else can awnser that. But be aware that changes might be overwritten if you change the defaults. 


.:|:..:|:.Please rate helpful posts.:|:..:|:.

This video I think does a good job of showing the Stealthwatch Security Analytics workflow @Benjamin-A  mentioned, that Cisco DNA provides to configure devices according to best practice.  As the video shows it will configure the necessary netflow but also tell you which devices can support both SW netflow and Cisco DNA telemetry netflow (a.k.a AVC).  

 

Is there a reason you can't just use the best practice netflow config?  It will make your life easier because it's simpler to provision and has been thoroughly tested by Cisco and all the Cisco DNA + Stealthwatch users.  The day-N templates is the solution if you need further customization.  It won't break any support agreements, it just makes it harder to troubleshoot bespoke netflow configs (for you and for TAC). 

Review Cisco Networking for a $25 gift card