Ever since Flexible NetFlow was introduced by Cisco, they started supporting this advanced NetFlow export on most of the routers and switches. This Flexible NetFlow is really flexible such that user can define their own custom record to be exported as NetFlow packets.
Cisco Performance Monitoring like Medianet can only be exported as Flexible NetFlow. The traditional NetFlow export with predefined has its own limitation and it is not as flexible as Flexible NetFlow.
Cisco started supporting Flexible NetFlow on most of the IOS trains and Switches like Cisco 4500 (Sup7E), the devices that are not included in the Flexible NetFlow list is Cisco 6500 and 7600 series devices.
These devices serve as a core distribution channel and always by critical monitoring entity when it comes bandwidth monitoring. These devices with Supervisor 720 supports traditional NetFlow export and NetFlow commands has to be applied on “mls” and “msfc” to get proper bandwidth utilization.
With new Supervisor 2T on Cisco 6500 and 7600 device supports Flexible NetFlow export which is exactly similar to Flexible NetFlow export on the Cisco routers.
Flexible NetFlow Configuration:
Flexible NetFlow configuration is somewhat different from traditional NetFlow export as it needs multiple entities like:
- Flow Exporter
- Flow Record
- Flow Monitor
- Attaching the monitor to interface.
Flow Exporter Configuration:
Flow exporter is the one which defines export source and destination which receives the NetFlow packets.
flow exporter ManageEngine
transport udp 9996
data template timeout 60
Flow Record Configuration :-
Flow record configuration defines the fields exported via NetFlow protocol. The Supervisor 2T does not have option to enable default NetFlow records. We need to define the flow records manually as shown below:
flow record ManageEngine
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface input
match flow sampler
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
Flow Monitor Configuration:
Flow monitor is the one defines the exporter and record which has to be sent to Analyzing software.
flow monitor ManageEngine
cache timeout active 60
cache timeout inactive 15
Associating the Monitor to Interface for NetFlow accounting:
The flow monitor has to attached to every physical or logical interfaces to capture the traffic and export NetFlow packets.
ip flow monitor ManageEngine input
Hope the configuration steps for enabling Flexible NetFlow on Supervisor 2T is helpful. Feeling bored applying all these command through CLI, then you want to take advantage of our NetFlow configurator.
The original article/video can be found at Cisco Sup 2T NetFlow Configuration