LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Cisco Netflow
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-13-2008, 04:59 AM   #1
eliufoo
Member
 
Registered: Oct 2007
Posts: 71

Rep: Reputation: 15
Cisco Netflow

Hi All,

The following are instruction on enabling Netflow on Cisco equipments

set the following from the routers global mode.
===============================Begging=======================================

ip cef ----> Cisco Express Forwarding has to be enabled if it was disabled.
ip flow-cache timeout active 60
ip flow-export version 5
ip flow-aggregation cache prefix
export destination x.x.x.x 65535 ----> where x.x.x.x is the destination (ip address) or syslog box or any machine.
enabled ----> This is very important as it enables net-flow.


set the following on each interface on the router which you want to collect network flow data.
===========================================================================

interface fa0/1
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow ---> this enables net flow on per interface basis.

============================End Of File=================================

Simple and straight forward :-).

Cisco and SolarWind have their own non open-source tools to read the logs created by netflow feature.

Does anyone know which tool I can on my Linux to read the logs?

Thanks in Advance
 
Old 06-13-2008, 07:01 AM   #2
istoff
LQ Newbie
 
Registered: Feb 2008
Posts: 1

Rep: Reputation: 0
ntop and netflow
Hi,

NTOP can collect the netflow data and aggregate it into a history view with graphs per protocol, etc.

Just google ntop. I can't post the url due to spam restrictions.

On the features page:
"Act as a NetFlow/sFlow collector for flows generated by routers (e.g. Cisco and Juniper) or switches (e.g. Foundry Networks)"

I believe it handles netflow versions upto v9, although v5 works fine.

You need to enable the collector in the plugins section, as I recall. It becomes available as another interface (instead of eth0, the default).

Ensure that your ntop box has the required netflow ports open or it will receive nothing. You then configure the router to forward the netflow traffic to the IP of the pc running ntop and off you go.

Good luck.
istoff.
 
Old 06-16-2008, 02:12 AM   #3
eliufoo
Member
 
Registered: Oct 2007
Posts: 71

Original Poster
Rep: Reputation: 15
I already have NTOP running on my network but, haven't enabled NetFlow features.
Let me work on this and will get back to you guys.

Thanks.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
netflow highm Linux - Networking 3 01-27-2009 03:23 PM
Netflow Analyzer On Solaris talat Solaris / OpenSolaris 4 01-27-2009 02:57 PM
Cisco wundersuprise Linux - Wireless Networking 3 04-20-2006 04:43 PM
cisco help joel112 General 4 11-10-2003 01:14 PM
Connect to Cisco VPN w/o Cisco VPN Client gboutwel Linux - Networking 4 02-07-2003 12:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:18 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration