Remotely Configure Cisco Netflow Device

For devices with remote configuration MIBs enabled, the Cisco NetFlow Device Configuration dialog provides Network Traffic Analysis with the ability to configure a Cisco device to export flow records to the Network Traffic Analysis flow collector.

Use this dialog to:

Enter connection information and credentials used to connect to the Cisco device.
Set the NetFlow version to be used by the flow exporter.
Set the active and inactive timeouts used for cache management.
Select the interfaces from which you want the device to collect and send flow data.
Configure the NetFlow collectors, which in most cases includes Network Traffic Analysis.

Enter the connection information and credentials to connect and authenticate with the Cisco network device.

Source IP address. Enter the IP address of the Cisco NetFlow enabled device from which you want to collect NetFlow statistics.
SNMP credentials. Select or create the SNMP credentials to use, with permission to write, to connect to the Cisco NetFlow enabled device. Click the browse (...) button to add, edit or delete SNMP credentials. Click the Advanced button to set SNMP timeout and retry parameters.
When you have selected valid SNMP credentials, the dialog queries the device and populates the NetFlow configuration parameters as well as the interface list. Use the Query button to update this information from the Cisco device. A message appears if you do not have a write credential.
Click Auto to automatically configure the device to collect and send flow data to Network Traffic Analysis. When automatically configured, the device enables collection of flow data on the device and adds itself as a netflow collector.

Enter the NetFlow configuration parameters to set the NetFlow version and configure the NetFlow cache on the Cisco device.

NetFlow version. Enter the NetFlow version you want the exporter to deliver the flow records.
Active timeout. Enter the Active timeout for flow records in the NetFlow cache. This value determines how long active, long-lived flows are kept in the NetFlow cache before sending to the collector (Range: 1-60 minutes) (Default: 2 minutes).
Important: In cases where Network Traffic Analysis is monitoring data flow between devices that have a long-lived connection, such as router linked between two office sites, you may get spikes in the flow data. Cisco routers by default break and send NetFlow stats every thirty-minutes for long-lived connections. To reduce the data spikes, change the router configuration with the following command:
ip flow-cache timeout active <n>

Note: Where n is the number of minutes. The minutes should be configured to less than or equal to the NefFlow Data collection interval setting which is 2 minutes by default.
Inactive timeout. Enter the Inactive timeout value for flow records in the NetFlow cache. This value is used to ensure that completed or inactive flows are not kept in the NetFlow cache indefinitely. (Range 10 - 600 seconds) (Default: 30 seconds)

The Interface list displays the interfaces that can provide NetFlow data.

Name. Displays the interface name as configured on the Cisco network device.
Ingress. Select this option if you want to collect flow statistics on incoming traffic on this interface.
Egress. Select this option if you want to collect flow statistics on outgoing traffic on this interface.
Note: If you have selected to collect flow statistics from both Ingress and Egress traffic on a single interface, we recommend that you do not select to collect flow statistics from any other interface, otherwise traffic may be duplicated as traffic that is internally routed and appear on two interfaces within the device.

Enter the IP address and port number for the devices collecting Network Traffic Analysis traffic.

IP address. Enter the IP address of the collector.
Port. Enter the Port number on which the collector is listening for flow data. (Default port for Network Traffic Analysis: 9999)

Click Update to save the settings.