Difference between revisions of "Cisco NetFlow"
From HackerNet
Helikopter (talk | contribs) m (→Konfiguration) |
Helikopter (talk | contribs) |
||
| Line 3: | Line 3: | ||
Komponenter: | Komponenter: | ||
* Flow exporter | * Flow exporter | ||
| − | * Flow collector, t.ex. [[ | + | * Flow collector, t.ex. [[Pmacct]] |
| − | * Analysis application | + | * Analysis application, t.ex. [[Ntopng]], [[FastNetMon]] |
=Konfiguration= | =Konfiguration= | ||
| Line 21: | Line 21: | ||
===ASR=== | ===ASR=== | ||
| − | + | OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten | |
| − | ip flow- | + | flow exporter COLLECTOR |
| − | + | destination 10.0.0.10 | |
| + | transport udp 2055 | ||
| + | source gi0/1 | ||
| + | export-protocol netflow-v9 | ||
| + | flow monitor FLOW-MONITOR | ||
| + | record netflow ipv4 original-input | ||
| + | exporter COLLECTOR | ||
| + | cache timeout active 60 | ||
| + | interface gi0/3 | ||
| + | ip flow monitor FLOW-MONITOR input | ||
| + | "Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco | ||
| + | sampler SAMPLER-1 | ||
| + | mode random 1 out-of 1000 | ||
| + | interface gi0/3 | ||
| + | ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input | ||
| − | show | + | Verify |
| + | show flow exporter | ||
| + | show flow interface | ||
| + | show flow monitor | ||
| + | show flow exporter statistics | ||
[[Category:Cisco]] | [[Category:Cisco]] | ||
Revision as of 12:19, 20 April 2016
Netflow är ett Cisco-properitärt protokoll som används för att se vilka protokoll som används i ett nätverk och hur mycket trafik de genererar.
Komponenter:
- Flow exporter
- Flow collector, t.ex. Pmacct
- Analysis application, t.ex. Ntopng, FastNetMon
Konfiguration
int gi0/0 ip flow ingress ip flow egress
Top-talkers
ip flow-top-talkers sort-by bytes top 5
Show
show ip flow top-talkers show ip cache flow
ASR
OBS en ASR kan inte sitt management-interface som source för NetFlow-exporten
flow exporter COLLECTOR destination 10.0.0.10 transport udp 2055 source gi0/1 export-protocol netflow-v9 flow monitor FLOW-MONITOR record netflow ipv4 original-input exporter COLLECTOR cache timeout active 60 interface gi0/3 ip flow monitor FLOW-MONITOR input
"Random Sampled NetFlow is more statistically accurate than Sampled NetFlow." - Cisco
sampler SAMPLER-1 mode random 1 out-of 1000 interface gi0/3 ip flow monitor FLOW-MONITOR sampler SAMPLER-1 input
Verify
show flow exporter show flow interface show flow monitor show flow exporter statistics
