Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Netflow filter, remove management traffic from stats

A customer would like to see NetFlow traffic from a managed CPE. I would like to remove my group of management ip addresses from the NetFlow statistics. Below is a possible config - will this work?

class-map match-all no-mgmt

match access-group name mgmt

flow-sampler-map one-of-one

mode random one-out-of 1

policy-map mgmtpolicy

class no-mgmt

netflow-sampler one-of-one

interface G0/1

service-policy input mgmtpolicy

ip access-list standard mgmt

deny 157.11.22.56

deny 157.12.33.45

deny 157.13.44.34

permit any

3 REPLIES
New Member

Re: Netflow filter, remove management traffic from stats

Hello,

I think that the better solution is use some filtering on collector side. Which collector do you using? I bought Caligare and there is nice feature "Filtering", where I can specify which flows I want to drop. Another solution is create a new user group "i.e. my_customer" and set there restrictions what your customer can see...

Let me know what collector do you using. If you are not using Caligare, maybe in your collector you will find similar feature.

Bye,

Peter

New Member

Re: Netflow filter, remove management traffic from stats

Thanks for the reply Peter, the problem is that the collector is owned by the customer and I need to filter the NetFlow traffic at source. The NetFlow export destination is their collection station so I have no control of the data once it leaves the router.

I would have thought some on might have had this requirement before or maybe I am looking at this from the wrong angle? Any ideas?

New Member

Re: Netflow filter, remove management traffic from stats

It is a problem, because you cannot filter out flows on Cisco. If you configure/enable netflow, your customer will see all flows which goes through your device (you can only enable/disable netflow on L3 interfaces, but if you have 7600 with mls your customer will see almost of the traffic). I think that a "netflow proxy" could be solution. I'm not sure if some proxy software exists (I'm fancying), but maybe this proxy software filter out unwanted flows, then create a new netflow record that will send to your customer with spoofed IP address of your cisco. Try Google (flow-tools), but really I don't know if this kind of software exists. In the Caligare you can restrict view, but if your customer has own software it is really problem.

Kind regards,

Peter

281
Views
0
Helpful
3
Replies