Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Configuring Nexus Devices
Below describes six steps to setup V9 netflow on nexus devices. It uses nexus 7000 as an example but should be applicable in general
Step 1: To enable the Netflow Feature on the Nexus 7000, use the command:
tac7000(config)# feature netflow
Step 2: To configure a “Flow Record” use ‘netflow-original’ as follows:
tac7000# show flow record netflow-original
Flow record netflow-original:
Description: Traditional IPv4 input NetFlow with origin ASs
No. of users: 1
Template ID: 261
Fields:
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
Step 3: To set-up a flow exporter or scrutinizer, use commands:
tac7000# conf t
tac7000(config)# flow exporter scrutinizer
tac7 000(config-flow-exporter)# description export netflow to scrutinizer
tac7000(config-flow-exporter)# destination CCEIP
tac7000(config-flow-exporter)# export Version 9
tac7000(config-flow-exporter)# transport udp 9995
tac7000(config-flow-exporter)# source vlan613
*You can replace Version 9 with 5 depending on your system.
Notice above that we specified:
- The name "scrutinizer."
- A description "export netflow to scrutinizer."
- The destination (i.e. the IP address of Scrutinizer).
- The version of NetFlow (i.e. v9).
- The UDP port it will receive on
- The interface the flows need to exit to reach the NetFlow collector (aka Scrutinizer).
Step 4: To bind the record to the exporter or “Monitortac7000,” use commands::
tac7000(config)# flow monitor Monitortac7000
tac7000(config-flow-monitor)# exporter scrutinizer
tac7000(config-flow-monitor)# record netflow-original
tac7000(config)#
This binds the record ‘netflow-original’ to the exporter ‘scrutinizer’ and the name of this flow monitor is called ‘Monitortac7000.’
Step 5: To apply flow monitor ‘Monitorac7000’ to each interface, use commands:
tac7000(config)# interface Vlan612
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan613
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan614
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan615
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan616
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config)# copy running-config startup-config
tac7000(config)# exit
Above example input (ie ingress) is configured input captured flows on every interface
. For further details refer http://www.bradreese.com/blog/plixer-4-8-2010.htm
Seceon Inc. All rights reserved. https://www.seceon.com