Network devices must be configured to generate and send NetFlow data to Network Traffic Analysis. This is accomplished manually using the device's command line interface (CLI), or automatically through the Source configuration dialog (Flow Monitor > Configuration) for devices that are NetFlow enabled and have the Cisco NetFlow MIB (OID: 1.3.6.1.4.1.9.9.387).
To manually configure NetFlow enabled devices to send Flow data to the Network Traffic Analysis collector:
Caution: This procedure applies to a Cisco 1812 router and should not be used for other devices. The process for configuring a device to export Flow data varies widely from device to device and dependent upon your network configuration. Please see your router's documentation to determine the correct process for your device.
Step 1. Open the configuration interface for the router and enter the commands detailed in the following table to configure global options for all interfaces on the router.
Command |
Purpose |
|
Enters privileged EXEC mode. Enter your password if prompted. |
|
Enters configuration mode. |
Example: |
Sets the version of the NetFlow protocol that should be used to export data. Network Traffic Analysis supports versions 1, 5, 7, and 9 only. |
|
Enables the router to export Flow data. —where <IP> is the Network Traffic Analysis server's IP address. —and, where <port> is the listener port specified in the NTA Settings dialog. By default Network Traffic Analysis uses port 9999. |
Step 2. Enter the commands detailed in the following table to enable the router to export flow data about the traffic on an interface. You must repeat these commands for each interface.
Command |
Purpose |
|
Enters the configuration mode for the interface you specify. Substitute <interface> with the interface's name on the router. |
( and / or )
|
Enables Flow data export. Select the command that best fits your needs.
|
Tip: If the device exporting flow data is also performing network address translation (NAT), we recommend exporting egress data from the internal interface so that private network addresses are communicated. Any other configuration results in all private addresses reporting as the public addresses of the device performing the network address translation.
Note: Other options exist for configuring NetFlow. For a complete list of available options, see Configuring NetFlow on the Cisco Web site.
Important: In cases where NetFlow Monitor is monitoring data flow between devices that have a long-lived connection, such as router linked between two office sites, you may get spikes in the flow data. Cisco routers by default break and send NetFlow stats every 35 for long-lived connections. To reduce the data spikes, change the router configuration with the following command:ip flow-cache timeout active <n>
—where n
is the number of minutes. The minutes should be configured to less than or equal to the NefFlow Data collection interval setting which is two minutes by default.