Device Configuration - Cisco Switches

Modified on Mon, 9 Dec at 9:52 PM

TABLE OF CONTENTS


Overview 

The following steps will configure a Cisco switch to send netflow records with the required template fields to the ADR Collector (CCE) VM.


Note: Make sure to allow UDP port 9995 from the firewall between your switch and the CCE VM.


For more details see:
https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/Cisco_NetFlow_Configuration.pdf


Steps of Configuration


Note: In the steps below,
- replace <CCE_IP_Address>  with the IP address of your CCE VM

- replace <InterfaceName> with the interfaces that you are interested in monitoring traffic for, e.g. TenGigabitEthernet1/0/8-10. Use the command show interfaces for more detail.

First, login to the device. Then run the configuration steps below.

Switch# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)# flow exporter aria
Switch(config-flow-exporter)# destination <CCE_IP_Address>
Switch(config-flow-exporter)# transport udp 9995
Switch(config-flow-exporter)# exit

Switch(config)# flow record aria
Switch(config-flow-record)# match ipv4 source address
Switch(config-flow-record)# match ipv4 destination address
Switch(config-flow-record)# match ipv4 protocol
Switch(config-flow-record)# match transport source-port 
Switch(config-flow-record)# match transport destination-port
Switch(config-flow-record)# collect transport tcp flags
Switch(config-flow-record)# collect counter bytes
Switch(config-flow-record)# collect counter packets
Switch(config-flow-record)# collect timestamp sys-uptime first
Switch(config-flow-record)# collect timestamp sys-uptime last
Switch(config-flow-record)# exit

Switch(config)# flow monitor MonitorAria
Switch(config-flow-monitor)# record aria
Switch(config-flow-monitor)# exporter aria
Switch(config-flow-monitor)# exit

Switch(config)# interface range <InterfaceName>
Switch(config-if)# ip flow monitor MonitorAria input
Switch(config-if)# end



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article