Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Configuring Nexus Devices

Below describes six steps to setup V9 netflow on nexus devices. It uses nexus 7000 as an example  but should be applicable in general


Step 1: To enable the Netflow Feature on the Nexus 7000, use the command:

tac7000(config)# feature netflow

Step 2: To configure a “Flow Record” use ‘netflow-original’ as follows:


tac7000# show flow record netflow-original
Flow record netflow-original:

Description: Traditional IPv4 input NetFlow with origin ASs

No. of users: 1

Template ID: 261

Fields:

     match ipv4 source address

     match ipv4 destination address

     match ip protocol

     match ip tos

     match transport source-port

     match transport destination-port

     match interface input

     match interface output

     match flow direction

     collect routing next-hop address ipv4

     collect transport tcp flags

     collect counter bytes

     collect counter packets

     collect timestamp sys-uptime first

     collect timestamp sys-uptime last


 

Step 3: To set-up a flow exporter or scrutinizer, use commands:


tac7000# conf t
tac7000(config)# flow exporter scrutinizer
tac7
 000(config-flow-exporter)# description export netflow to scrutinizer
tac7000(config-flow-exporter)# destination CCEIP
tac7000(config-flow-exporter)# export Version 9
tac7000(config-flow-exporter)# transport udp 9995
tac7000(config-flow-exporter)# source vlan613

 

*You can replace Version 9 with 5 depending on your system.

Notice above that we specified:

  • The name "scrutinizer."
  • A description "export netflow to scrutinizer."
  • The destination (i.e. the IP address of Scrutinizer).
  • The version of NetFlow (i.e. v9).
  • The UDP port it will receive on
  • The interface the flows need to exit to reach the NetFlow collector (aka Scrutinizer).

 

Step 4: To bind the record to the exporter or “Monitortac7000,” use commands::

 

tac7000(config)# flow monitor Monitortac7000
tac7000(config-flow-monitor)# exporter scrutinizer
tac7000(config-flow-monitor)# record netflow-original
tac7000(config)#

 

 This binds the record ‘netflow-original’ to the exporter ‘scrutinizer’ and the name of this flow monitor is called ‘Monitortac7000.’


Step 5: To apply flow monitor ‘Monitorac7000’ to each interface, use commands:


tac7000(config)# interface Vlan612
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan613
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan614
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan615
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan616
tac7000(config-if)# ip flow monitor Monitortac7000 input

tac7000(config)# copy running-config startup-config
tac7000(config)# exit

 

Above   example  input (ie ingress) is configured input captured flows on every interface

.   For further details refer  http://www.bradreese.com/blog/plixer-4-8-2010.htm

Seceon Inc. All rights reserved. https://www.seceon.com