Hello Matthews,

mmasenya · ‎02-01-2017

Hi there

My company has bought ISR4451 router as a replacement of ISR3800. It was easy and simple to configure netflow on the old routers like;

ip flow-export source Loopback0

ip flow-export version 5

ip flow-export destination 10.19.14.22 9996

This was enough to get netflow running our routers

I need some help or tips in getting netflow configured on the new ISR4000. I searched on the web and this is what i configured on my router but struggle to succeed,

flow record NTA

description NETFLOW

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input snmp

match interface output snmp

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last

-------------------------------------------------------------

flow exporter NTA

description Exporter for NTA

destination 192.168.3.2

source GigabitEthernet0/0/1.2211

transport udp 2055

export-protocol netflow-v5

template data timeout 60

-------------------------------------------------------------

flow monitor NTA

exporter NTA

cache timeout active 60

record NTA

--------------------------------------------------------

on the interfaces i have the following;

interface GigabitEthernet0/0/0

description LINK-TO-LAN

ip address 172.18.255.42

ip flow monitor NTA input

ip flow monitor NTA output

interface GigabitEthernet0/0/1

no ip address

ip flow monitor NTA input

ip flow monitor NTA output

negotiation auto

!

interface GigabitEthernet0/0/1.2211

description LINK-TO-WAN

bandwidth 102400

encapsulation dot1Q 2211

ip address 172.16.0.10

ip flow monitor NTA input

ip flow monitor NTA output

Looking at the configs above, what have i missed to get netflow going?

Regards

Matthews

Mark Malone · ‎02-01-2017

hi heres a working one off my 4000s , your looks right

check this command see if the flows are trying to be sent first

xxxxxxxx#sh flow exporter statistics
Flow Exporter NetQos:
Packet send statistics (last cleared 41w2d ago):
Successfully sent: 58740008 (72672722641 bytes)
No destination address: 24

..................................................................................................

flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination x.x.x.x
source Loopback3
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor xilinx_nq
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
record FLOW-RECORD
exporter NetQos
statistics packet protocol

Then under any layer 3 interface you want to collect add these

ip flow monitor xilinx_nq input
ip flow monitor xilinx_nq output

Michael Patterson · ‎02-01-2017

Hello Matthews,

You might want to consider exporting flow direction as well just in case you decide to export egress flows:

match flow direction

Also, you can enrich your flow export by looking at this flexible netflow configuration. It includes NBAR, MAC address, VLANS, etc.

I hope this helps.

Mike

In need of help on Netflow configuration on the new ISR4000