We need to create three types of map to configure NetFlow on Cisco ASR 100 router.
1. Exporter Map
2. Sampler Map and
3. flow Monitor Map
And finally it is to be applied on the interface which we have to monitor.
EXPORTER MAP
Below configuration shows how to create Exporter Map on router config mode: -
flow exporter TEST (Name of the Exporter)
destination 10.10.10.100 (Ip address of Netflow collector)
source Loopback10 (Interface through which Netflow enalyzer collects the logs)
transport udp 9995 (Transmission protocol used to send the data)
template data timeout 60 (Time in seconds when data will be resend)
option interface-table timeout 60 (Time in seconds when SNMP index will be resend)
SAMPLER MAP
Creating sampler map on router config mode
sampler TEST
mode random 1 out-of 10000
FLOW MONITOR MAP
Creating monitor on router config mode
flow monitor TEST
exporter TEST
cache timeout active 60
record netflow-original
cache timeout inactive 15
APPLY MAP TO THE INTERFACE
Now maps are defined, we need to apply the Flow Monitor and Sampler maps to each of the active interfaces: -
interface Gi0/0
ip flow monitor TEST sampler TEST input (For ingress traffic)
ip flow monitor TEST sampler TEST output (For egress traffic)
exit
Once NetFlow configuration completed, we can analyze the data with NetFlow reporting using NetFlow Anysis tool.
Commands to check the Netflow Status:-
show ip cache flow
show ip cache flow
No comments:
Post a Comment