Solved: Netflow Config Question

dcanady55 · ‎07-21-2014

Hello,

I'm setting up Netflow and wanted to make sure I wasn't missing anything or If it could be setup in a better manner?

Router is 2801

Switch is C3560

IP flow export is version 9.

On the router I have one fastethernet port going to the high speed WAN connection, one serial port going to a backup T1 and the other fastethernet port is subdivided into two for the LAN (router on a stick) as we have two vlans for this site.

"ip flow-export destination 10.X.X.X 1055" I use SolarWinds to collect.

Then on the serial interface and the WAN interface I have "ip route-cache flow"

This feature is not turned on yet for the two LAN ports. I wanted to make sure there wasn't anything on the switch that I needed to setup? I couldn't find any commands on the switch related to netflow. When I add the "ip route-cache flow" on the LAN interfaces will my setup then be sound? As, I do want to capture traffic on both the WAN and LAN.

How taxing is it for a router to capture netflow data?

Thanks for any input.

Derek

Reza Sharifi · ‎07-21-2014

Hi Derek,

"ip route-cache flow" enables accounting for packet received by the interface (ingress)

For Netflow, you need to configure sampling.

ip flow-export destination 10.X.X.X 1055"

flow-sampler-map derek-2801-router
mode random one-out-of 100

then apply the sampler to the WAN interfaces:

interface fax/x

flow-sampler derek-2801-router

now

check with "sh flow-sampler"

one netflow sampler should not be taxing the router much, but check the CPU utilization by using: sh process cpu

HTH

View solution in original post

Reza Sharifi · ‎07-21-2014