Are you trying to monitor your network traffic ? Then
you will need to consider ManageEngine NetFlow Analyzer as the first
solution because it is a solid tool with user friendly UI and easy to
use software. It is also listed in the ‘Products of the week’ listing by
Network World
Pre-Requisite:-
The
Pre-Requisite is simple. Your routing and switching device should be
capable of exporting any compatible flow format which NetFlow Analyzer
supports.
NetFlow Analyzer supports wide
variety of flow formats like NetFlow, sFlow, jFlow, cFlow, Netstream,
AppFlow, IPFIX etc which are vendor dependent. Click here to know
your devices are supported.
Discovery:-
NetFlow
Analyzer works on Auto Discovery, It uses the NetFlow packets exported
from the router to generate reports for top applications, top
conversation etc in the network.
Router
or switching device has to be configured for NetFlow or similar flow
export and we need to make sure that the packets reaches the NetFlow
Analyzer server. If the packet reaches the server, the product will
automatically show the router with their interfaces. You can sent SNMP
community to retrieve the Router Name, Interface Name and Interface
Speed. You can also drill down to each interface to generate traffic
reports.
What is the use of Add Device option?
Add
device option is in the product only to add device which are not
capable of exporting NetFlow packets and has QoS polices in it. Click
here to know more about this feature.
Troubleshooting :-
You would have configured the device to export flow packets and still the device may not be visible in NetFlow Analyzer.
What I can Check ?
1.
Firewall Device between Router and NetFlow Analyzer server is blocking
the UDP packets on 9996. You should allow UDP port 9996 on firewall to
get the packets in server.
2. Router reach-ability (Ping or Telnet) from NetFlow Analyzer server.
3. Software Firewall (Windows Firewall) on the NetFlow Analyzer server is blocking the UDP packets on port 9996.
If
all the three points are verified, at last you can install
Wireshark(Link) on the NetFlow Analyzer to verify whether packets are
reaching the server. In case of Linux machine, you can use TCP DUMP option on port 9996.
Router Configuration:-
The
following is a set of commands issued on a Cisco router to enable
NetFlow version 5 on the FastEthernet 0/1 interface and export to the
machine 192.168.9.101 (IP Address of NetFlow Analyzer server) on port
9996 (UDP port to export NetFlow packets).
router#enable
Password:*****
router#configure terminal
Interface Level configuration:-
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow // (This command has to be executed on all the L3/VLAN interfaces).
router-2621(config-if)#exit
Global Configuration :-
router-2621(config)#ip flow-export destination NetFlow Analyzer Server IP 9996
router-2621(config)#ip
flow-export source FastEthernet 0/1 // You should specify the interface
through which you are going to export packets to the server.
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
The
above configuration is for Cisco Routers for Cisco ASA refer
here. If you have other vendor device and it supports compatible
flow formats, send email to nfs@manageengine.com with the model number of device, our TAC team will send you the configuration details.
You can download the 30 day trial of ManageEngine NetFlow Analyzer from here.
Reach us on Facebook at NetFlow Analyzer TAC
Catch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for Enterprises
Praveen Kumar
NetFlow Analyzer
Technical Team
Download | Interactive
Demo | Twitter |
Customers
You Can Learn More About the ManageEngine Product Line By Going to manageengine.optrics.com
The original article/video can be found at ManageEngine NetFlow Analyzer: Traffic Analysis and Bandwidth Monitoring