Below describes six steps to setup V9 netflow on nexus devices. It uses nexus 7000 as an example but should be applicable in general

Step 1: To enable the Netflow Feature on the Nexus 7000, use the command:

tac7000(config)# feature netflow

Step 2: To configure a “Flow Record” use ‘netflow-original’ as follows:

tac7000# show flow record netflow-original
Flow record netflow-original:

Description: Traditional IPv4 input NetFlow with origin ASs

No. of users: 1

Template ID: 261

Fields:

match ipv4 source address

match ipv4 destination address

match ip protocol

match ip tos

match transport source-port

match transport destination-port

match interface input

match interface output

match flow direction

collect routing next-hop address ipv4

collect transport tcp flags

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

Step 3: To set-up a flow exporter or scrutinizer, use commands:

tac7000# conf t
tac7000(config)# flow exporter scrutinizer
tac7 000(config-flow-exporter)# description export netflow to scrutinizer
tac7000(config-flow-exporter)# destination CCEIP
tac7000(config-flow-exporter)# export Version 9
tac7000(config-flow-exporter)# transport udp 9995
tac7000(config-flow-exporter)# source vlan613

*You can replace Version 9 with 5 depending on your system.

Notice above that we specified:

The name "scrutinizer."
A description "export netflow to scrutinizer."
The destination (i.e. the IP address of Scrutinizer).
The version of NetFlow (i.e. v9).
The UDP port it will receive on
The interface the flows need to exit to reach the NetFlow collector (aka Scrutinizer).

Step 4: To bind the record to the exporter or “Monitortac7000,” use commands::

tac7000(config)# flow monitor Monitortac7000
tac7000(config-flow-monitor)# exporter scrutinizer
tac7000(config-flow-monitor)# record netflow-original
tac7000(config)#

This binds the record ‘netflow-original’ to the exporter ‘scrutinizer’ and the name of this flow monitor is called ‘Monitortac7000.’

Step 5: To apply flow monitor ‘Monitorac7000’ to each interface, use commands:

tac7000(config)# interface Vlan612
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan613
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan614
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan615
tac7000(config-if)# ip flow monitor Monitortac7000 input
tac7000(config-if)# exit
tac7000(config)# interface Vlan616
tac7000(config-if)# ip flow monitor Monitortac7000 input

tac7000(config)# copy running-config startup-config
tac7000(config)# exit

Above example input (ie ingress) is configured input captured flows on every interface

. For further details refer http://www.bradreese.com/blog/plixer-4-8-2010.htm

Browser not supported