We are using ManageEngine NetFlow Analyzer to monitor our network traffic.
We have a few VLAN interfaces on the switch where we have enabled flow-export ingress and egress. We can see traffic that is passing between the VLANs on which flow-export has been configured. However, we have on interface that is connected to remote locations. We have not enabled flow-export on this interface. The idea was that, we have enabled ingress and egress flow-export, and the remote locations connect to VLANs where flow-export is already enabled, we must get all traffic from there. But we cannot see traffic from the remote locations, but we can see traffic from inside network to remote locations.
After checking ManageEngine documentation, I see that we have to enable netflow on all interfaces to get accurate report. Can anyone let me know why this is required. We already have ingress and egress flow-export, and we must be getting all traffic. Please suggest.
As you probably know, NetFlow by default is only collected ingress. The ingress flows collected on all interfaces are used to display the outbound traffic on a selected interface. I don't know about ManageEngine but, in some NetFlow solutions, interfaces without NetFlow/IPFIX enabled will not be displayed regardless of whethor or not flows are going out of it.
Regarding ingress/egress being enabled on the same interface. If you are using flexible NetFlow to configure the export, make sure the "flow direction" is exported in the template. The commands to export both look like this:
ip flow monitor andrew-mon input
ip flow monitor andrew-mon output
Here is a good article on enabling ingress and egress NetFlow. Realize that just because you export both ingress and egress on a single interface and you export the direction, this doesn't mean the NetFlow solution will report on the data with a behavior that you would expect.
Ingress and egress flows are exported at the same time with only one difference "flow direction". For this reason, this element must be included in the template to ensure that utilization isn't overstated in the flow report. Again, this of course depends on your reporting solution.
Many vendors can't deal with a mixture of ingress and egress flows being enabled in a seemingly random fashion on the same device. In other words, they expect all ingress or all egress. Only a few vendors can handle a hybrid approach.
Well, I do not have much expertise on switches. So, i did not completely understand the explanation in the provided link.
From the explanation I understand that the configuration is for felxible NetFlow. We have currently enabled flow export on the interfaces that we are interested on. Do we need to change that and enable NBAR..?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.