cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1419
Views
0
Helpful
4
Replies

Netflow Config

EddieG115
Beginner
Beginner

Hi all. I am not well versed with this stuff so I apologize for the rudimentary question. I am trying to configure netflow for an interface on a 3850 switch. In my research, it seems you need to specify the interface that you want the flows exported out of. My NetFlow collector is running on a VM. I have about 8 different VM hosts and depending on where the VM lives (this can change because of vmotion) there are different interfaces that could be candidates and it could change. Maybe I am not understanding what I need to do, but does anyone have any suggestions for this? Thank you!

 

Ed

1 Accepted Solution

Accepted Solutions

Hi
my source is a vlan actually our MGMT vlan SVI , i just removed anything that was local to the network

View solution in original post

4 Replies 4

Mark Malone
Mentor
Mentor
Hi
You can apply it to multiple interfaces if thats what you mean heres an example , the 2 lines under the interface go under any IP interface you want to see a flow from


interface vlan 18
ip flow monitor IBM_nq input
ip flow monitor IBM_nq output

interface vlan 38
ip flow monitor IBM_nq input
ip flow monitor IBM_nq output


flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination X.X.X.X
source XXXXXX
output-features
transport udp 2055
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor IBM_nq
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
exporter NetQos
statistics packet protocol
record FLOW-RECORD

Thank you for the reply. I do understand you can apply it to multiple interfaces, but I am referring to the actual export to the collector host. In your example I would think it is the "source" statement in the below section. Can this just be an SVI or does it have to be a physical interface?

flow exporter NetQos
description export Netflow traffic to HQ
destination X.X.X.X
source XXXXXX
output-features
transport udp 2055
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000

Hi
my source is a vlan actually our MGMT vlan SVI , i just removed anything that was local to the network

PERFECT That's what I needed. Thank you for your help!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers