Getting Cisco Netflow to work on Solarwinds


I don’t have the details as to which version of IOS does what, we just call it the “new netflow” where you separately specify the exporter, the monitor, etc.  It’s usefulness comes from it’s ability to be specific and puts to bed once and for all the whole “is it version 5 or 9 Netflow?” question since you have control over it.

Here is a basic setup that uses UDP 2055 for Solarwinds instead of the standard 9991.

flow record NF-Record1
     match ipv4 protocol
     match ipv4 source address
     match ipv4 destination address
     match transport source-port
     match transport destination-port
     match interface input
     collect transport tcp flags
     collect routing forwarding-status
     collect interface output
     collect counter packets long
     collect counter bytes long
     collect timestamp sys-uptime first
     collect timestamp sys-uptime last
!
flow exporter NF-Export1
     destination aaa.bbb.ccc.ddd   <-- IP Address of collector/Solarwinds system
     source Loopback0
     transport udp 2055
     template data timeout 60
!
flow monitor NF-Monitor1
     record NF-Record1
     exporter NF-Export1
     cache timeout inactive 30
     cache timeout active 60
     cache entries 1000

interface Gig x/xxx   <-- the interface to be monitored
  ip flow monitor NF-Monitor1 input

I added additional collection stats out of habit in the flow record, it’s worth investigating what other flags/packets your interested in.

To view the exporter settings do a

show flow exporter
4500-Switch#sho flow exporter 
Flow Exporter NF-Export1:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: aaa.bbb.ccc.ddd
    Source IP address:      eee.fff.ggg.hhh
    Source Interface:       Loopback0
    Transport Protocol:     UDP
    Destination Port:       2055
    Source Port:            56118
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used

To switch between Netflow Version 5 and 9, issue the export-protocol netflow-v5 or netflow-v9 from within the exporter config as see below as command completion:

4500-Switch(config)#flow exporter NF-Export1
4500-Switch(config-flow-exporter)#export-protocol ?
  netflow-v5  NetFlow Version 5
  netflow-v9  NetFlow Version 9

Share
  1. No comments yet.
(will not be published)
CAPTCHA Image
*


  1. No trackbacks yet.