09-04-2015 03:02 PM - edited 03-05-2019 02:14 AM
I am trying to set up a NetFlow analyzer, and wanted to enable NBAR. My routers were configured with NetFlow V5, but I learned that I needed NetFlow V9. I removed V5 and configured V9 and all of my links went down in the NFA. I was wondering if my 2821 routers were able to use NetFlow V9.
09-04-2015 05:33 PM
Yes it does support.
{
!This defines the usage of Netflow v9
2821(config)# ip flow-export version 9
!This command tells the router to send the flow to destination IP address on specified UDP port
09-08-2015 05:18 PM
Thank you for your quick response. I really do appreciate it.
This is the first config that allowed the analyzer to detect my routers:
ip flow-export version 5
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
ip flow-export destination A.B.C.D 9996 - Address changed
ip flow-export source g0/0
int g0/0
ip route-cache flow
I then found this config for V9 to enable NBAR with my routers:
flow exporter NBAREXP
destination A.B.C.D
source GigabitEthernet 0/0
transport udp 9996
export-protocol netflow-v9
flow record NBARREC
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match ipv4 protocol
match ipv4 tos
match ipv4 dscp
match application name
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect interface output
collect flow direction
collect ipv4 id
collect ipv4 source mask
collect ipv4 destination mask
flow monitor NBARMON
exporter NBAREXP
record NBARREC
cache timeout active 1
cache timeout inactive 15
int GigabitEthernet 0/0
ip flow monitor NBARMON input
I removed the previous V5 config and entered this one. As soon as I did this, I lost all connectivity with my routers. I tried to tweek it, but had to remove this and re-install the V5 config.
I am just tyring to get my NetFlow Analyzer to collect NBAR info.
I have 2821 routers with adventerprisek9-mz.151-4.M10 for the image. Now I am not sure how to get my NFA to read NBAR data.
Thanks again for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide