02-23-2021 12:24 AM
Hi, Guys,
I am far away from such configuration.
Any document or article about the these configuration in Cat3850 and Cat9300 ?
I would like to enable the netflow in the latest switches, in order to check/inspect network traffic within the devices in real-time; any advice or recommendation ?
Many many thanks
Solved! Go to Solution.
02-23-2021 06:26 AM
Hello @bensonlei ,
Netflow has been always used up to now in this way:
the network device(s) export flow data to a collector .
On the collector you can perform different types of analysis consolidation of data.
From a security point of view you may be interested on the TOP N talkers among hosts and so on.
Running a collector on the switch itself using recent features like IOx or IOS XE guestshell might be difficult as there is also a need to store data on a hard disk.
In other words netflow has been deployed in this distributed way and it is not so "real time" as you may think.
I would suggest you to explore the options of the CLI that can provide the TOPN talkrs from the cache
Hope to help
Giuseppe
02-23-2021 12:31 AM
here is a good example to start with IOS XE (both 3850 and 9300 )
02-23-2021 01:15 AM
Hi BB,
Is this configuration for only exporting netflow data to Solarwinds ?
I would like to find the netflow configuration for inspecting netflow traffic in siwtches themselves, any recommendation ?
Thanks
Benson LEI
02-23-2021 03:14 AM
as i understand you want to have this exported inside switch. ? Cat 9300 you can have app deployment (is this consider here ?)
02-23-2021 06:26 AM
Hello @bensonlei ,
Netflow has been always used up to now in this way:
the network device(s) export flow data to a collector .
On the collector you can perform different types of analysis consolidation of data.
From a security point of view you may be interested on the TOP N talkers among hosts and so on.
Running a collector on the switch itself using recent features like IOx or IOS XE guestshell might be difficult as there is also a need to store data on a hard disk.
In other words netflow has been deployed in this distributed way and it is not so "real time" as you may think.
I would suggest you to explore the options of the CLI that can provide the TOPN talkrs from the cache
Hope to help
Giuseppe
02-24-2021 07:13 PM - edited 02-24-2021 08:28 PM
Hi, Giuseppe,
Great thanks for your update information.
But what a pity, we donot have a netflow device....only be able to inspect the traffic and ip within the device.
By the way, if it is possible to write an EEM script to capture the TOPN talkers in some scheduled periods, any recommendation ?
Cheers
Benson LEI
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide