Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1135
Views
5
Helpful
2
Replies

Flexible Netflow Configuration on Cisco Catalyst 6500

danielesquaranti
Level 1
Level 1

‎08-23-2021 07:19 AM

Hi,

I'm trying to configure Flexible Netflow on Cisco Catalyst 6500.

The collector is Solarwinds Network Traffic Analyzer.

Here's my configuration example:

 

flow exporter NTAexport
destination 172.17.30.2
transport udp 2055
source vlan 7
export-protocol netflow-v9
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300


flow record NTArecord
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
collect routing source as
collect routing destination as


flow monitor NTAmonitor
record NTArecord
exporter NTAexport
cache timeout active 60
cache timeout inactive 15

 

interface vlan 7
ip flow monitor NTAmonitor input
ip flow monitor NTAmonitor output

 

The questions are:

is it possible to have timeout data on tcp connections? 

do i have to put some particular command for this?

Unfortunately I have yet to try the commands on the switch but I would like to have some ideas already.

 

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎08-23-2021 09:26 AM

 

 - You may find this document useful :

          https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/70974-netflow-catalyst6500.html

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-24-2021 09:55 AM

Hello @danielesquaranti ,

the ip flow monitor commands should be applied to interfaces of interest and usually not to the interface you use for export.

You can do it but also exporting traffic will be accounted.

>> s it possible to have timeout data on tcp connections? 

No netflow collects data about observed flows on monitored interfaces but it does not track the state of TCP connections.

Flows are exported from the local table when table related timers expire per flow.

 

You would need a stateful firewall for that and logging to an external syslog server.

 

Hope to help

Giuseppe

 

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card