Cisco Catalyst 4500
For processing NetFlow this switch uses Supervisor Engine 5 or Supervisor Engine 7. With SE 5 the Cisco 4500 supports a regular NetFlow (v5) configuration. With SE 7 the device must be configured for Flexible NetFlow, however.
Supervisor Engine 6 is not supported.
Supervisor Engine 5
For this setup of the device you can use a regular NetFlow configuration such as:
ip route-cache flow infer-fields ip flow ingress infer-fields ip flow ingress layer2-switchedConfiguring Devices for NetFlow 5 ip flow-export source <port with the IP address managed in Orion> ip flow-export version 5 ip flow-export destination <Orion_Server_IP_address> 2055 ip flow-cache timeout active 1 ip flow-cache timeout inactive 45 snmp-server ifindex persist
Supervisor Engine 7
A Flexible NetFlow configuration consists in a flow record, a flow exporter, and a flow monitor, each of which includes parameters that you assign appropriate values.
Required tasks to create a flexible NetFlow configuration
- Creating and configuring the flow record.
- Creating and configuring the flow exporter(s).
- Creating a flow monitor to bind the flow record to the exporter.
- Applying the flow monitor to the appropriate interface on the device.
Configuration example
The following configuration example creates a custom flow record and flow monitor. Each section in the example includes notes that explain what the commands do.
Flow record
flow record ipv4 ! match ipv4 tos match ipv4 protocol match ipv4 destination address match transport source-port match transport destination-port match interface input collect interface output collect counter bytes collect counter packets
The flow record part of this configuration example creates the record called ipv4 and uses the match ipv4, match transport, and collect commands to define the key fields in the record by which flow data will be processed.
Flow exporter
flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlan254
transport udp 2055
export-protocol netflow-v5
The flow exporter part of the configuration examples defines the following:
- An exporter called NetFlow-to-Orion.
- The
destination, which is the IP address of the SolarWinds Platform server, to which flow data will be exported. - The
sourcecalled vlan254, which is the interface with the IP address with which SolarWinds Platform is managing the device, from which flow data will be exported. - The
transportprotocol (udp) and port (2055, SolarWinds Platform collection port) through which the flow data will pass. - The NetFlow
export protocol(NetFlow version 5) that the NetFlow collector should expect and use to process the data.
Flow monitor
flow monitor NetFlow-Monitor
description Original Netflow captures
record ipv4
exporter NetFlow-to-Orion
cache timeout inact 10
cache timeout act 5
interface vlan254
ip flow monitor NetFlow-Monitor input
The flow monitor part of the configuration example defines the following:
- A monitor called NetFlow-Monitor that uses the
recordandexportercommands to bind the flow record (ipv4) to the flow exporter (NetFlow-to-Orion) you already created. - The
interfacecommand defines the interface, called vlan254, to which the flow monitor NetFlow-Monitor applies. - The
ip flow monitorcommand specifies the capture of ingress data (input).
Full configuration
The overall configuration without annotations looks like this:
flow record ipv4
! match ipv4 tos
match ipv4 protocol
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlan254
transport udp 2055
export-protocol netflow-v5
flow monitor NetFlow-Monitor
description Original Netflow captures
record ipv4
exporter NetFlow-to-Orion
cache timeout inact 10
cache timeout act 5
interface vlan254
ip flow monitor NetFlow-Monitor input