Wednesday, 15 May 2013

Enabling SNMP and Netflow for Solarwinds NPM and NTA on Cisco ISR, ASR and ASA firewalls

This assumes that your Solarwinds collector and Netflow analyser are on 192.168.0.55.

For Cisco ASR's or ISR's with Flexible Netflow:

Firstly, lets create an ACL for our Solarwinds Server:

ip access-list standard Solarwinds
  permit host 192.168.0.55
!

Now we can enable SNMP:

snmp-server community tceo RO Solarwinds
snmp-server location Mario's Pizza Shop
snmp-server contact Mario Bros

Now to enable NetFlow:

flow record NETFLOW_RECORD
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 collect interface output
 collect counter bytes
 collect counter packets
!
flow exporter NETFLOW_EXPORT
 destination 192.168.0.55
 transport udp 2055
!
flow monitor NETFLOW_MONITOR
 exporter NETFLOW_EXPORT
 record NETFLOW_RECORD


Choose which interface to monitor traffic on for both ingress and egress. In this case I'm picking GigabitEthernet0/0/0

interface GigabitEthernet0/0/0
 ip flow monitor NETFLOW_MONITOR input
 ip flow monitor NETFLOW_MONITOR output
!

To check if all is working as expected, you can type the following command:


sh flow monitor

For Cisco ISR's without Flexible Netflow:


Firstly, lets create an ACL for our Solarwinds Server:


ip access-list standard Solarwinds
  permit host 192.168.0.55
!

Now we can enable SNMP:

snmp-server community public RO Solarwinds
snmp-server location Marios Pizza Shop
snmp-server contact Mario Bros
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

Now to enable NetFlow:

ip flow-export version 9
ip flow-export destination 192.168.0.55 2055

Choose which interface to monitor traffic on for both ingress and egress. In this case I'm picking Gi0/0

interface GigabitEthernet0/0
  ip flow ingress
  ip flow egress
!

To check if all is working as expected, you can type the following command:


sh ip cache flow

If you just want to use Netflow without the export to a Netflow collector, just negate the "ip flow-export" commands.

For ASA Firewalls:


This process is a bit more complicated on a Cisco ASA firewall that the above Cisco configuration.

Firstly we name our Solarwinds Server:

name 192.168.0.55 Solarwinds

Enable SNMP:

snmp-server host dmz Solarwinds community public
snmp-server location Marios Pizza Shop
snmp-server contact Mario Bros
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

Now to enable Netflow - first we create an ACL for what traffic you wish to monitor - typically everything:

access-list netflow-export extended permit ip any any

Now we set the Netflow parameters:

flow-export destination <output interface name> Solarwinds 2055
flow-export template timeout-rate 3
flow-export delay flow-create 10

Configure our Netflow Classes:

class-map netflow-export-class
 match access-list netflow-export
!

Configure our Policies:

policy-map global_policy
 class netflow-export-class
  flow-export event-type all destination Solarwinds
!


2 comments:

  1. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in SOLARWINDS TRAINING, kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on SOLARWINDS TRAINING. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us:
    Name : Arunkumar U
    Email : arun@maxmunus.com
    Skype id: training_maxmunus
    Contact No.-+91-9738507310
    Company Website –http://www.maxmunus.com



    ReplyDelete
  2. Great post! I am see the programming coding and step by step execute the outputs.I am gather this coding more information. It's helpful for me my friend. Also great blog here with all of the valuable information you have.
    CCNA Training in Chennai

    ReplyDelete