User Guide for the Cisco NetFlow Generation Appliance
Getting Started
Downloads: This chapterpdf (PDF - 407.0KB) The complete bookPDF (PDF - 1.16MB) | Feedback

Getting Started

Table Of Contents

Getting Started

Understand What to Configure

Log In

Set System Parameters

Configure Your Traffic Sources

Configure the IP Address of Your Traffic Source

Configure a Single Set of Components Quickly


Getting Started


This chapter covers the post-installation configuration of a single NetFlow monitor instance (monitor, exporter, and collector) on one instead of multiple web pages that Cisco NetFlow Generation Appliance uses to export traffic data. Use this chapter to quickly get started with flow component setup. You can set up a single NetFlow monitor instance using the details in this chapter, then move to the next chapter to configure more advanced configurations such as multiple components, filters, and v9 and IPFIX records.

This chapter contains the following sections:

Understand What to Configure

Log In

Configure Your Traffic Sources

Configure a Single Set of Components Quickly

Understand What to Configure

Figure 2-1 depicts an overview of what you need to do to configure a single NetFlow monitor instance on the Cisco NGA using Quick Setup. The flowchart contains links to the various sections in this guide that instruct you on what steps to perform.

Figure 2-1 Quick Start Workflow Overview

The overview steps are described in more details below:

To set up and log into Cisco NetFlow Generation Appliance (NGA) user interface, follow the steps in the Quick Start Guide for Cisco NetFlow Generation Appliance.

You must configure your traffic sources so that they will forward traffic information to the Cisco NGA. You can optionally configure the IP address of your traffic sources as managed devices in the appliance. For more details, see Configure Your Traffic Sources.

Configure Cisco NGA flow components. At a minimum, your configuration must include a collector, an exporter, and a monitor. To quickly configure all of these components using one instead of multiple web pages, use the Quick Setup graphical user interface (GUI). For details, see Configure a Single Set of Components Quickly.

The grey flowchart task in Figure 2-1 indicates that even though you can go directly to the Advanced Setup UI to configure multiple flow components, it is not the quickest way to complete your configuration. To go directly to an overview on how to configure additional components or how to set up multiple components using the GUI, see Advanced Configuration Overview.

To check your flow component configuration once your configuration is complete, you should verify that flow records are being sent to their destination (see Verify Flow Records Generated).

To complete your Cisco NGA configuration, you should set your SNMP Agent and system time (see Access System Parameters or Diagnostics).

If you prefer to use the command line to perform set up or configuration tasks on the appliance, see the Command Reference Guide for Cisco NetFlow Generation Appliance.

Log In

To log into Cisco NetFlow Generation Appliance from the user interface, open a supported browser and enter the URL: http://<NetFlow_Gen_IP_address> or https://<NetFlow_Gen_IP_address>.

If you are having problems logging in, do the following:

Ensure Cisco NGA is configured with an IP address and that ping can be used to reach it from a workstation.

Use a supported browser that has the appropriate options enabled. See the installation documentation for information on what browsers are supported.

Clear the browser cache and restart the browser.

To view the full documentation set (including the User Guide and Release Notes) for the software, choose Network Management and Automation > Switch and Router Management > Cisco NetFlow Generation Appliance in the Support Technical Documentation area on Cisco.com.

Set System Parameters

Before you begin to configure your traffic sources and flow components, you must set up these system parameters which are required for Cisco NetFlow Generation Appliance.

Procedure


Step 1 Select Administration > System to view or configure the following system parameters:

Network Parameters—Allows you to reconfigure the system network parameters including IP address, IP broadcast, subnet mask, IP gateway, hostname, domain name, and optional nameservers. The initial information is prepopulated based on your installation responses.

SNMP Agent—Display and configure the System Group and community strings for the appliance SNMP Agent. Your collectors may use SNMP to poll Cisco NGA, so these community strings are required.

System Time—Synchronize the software clock using a local or a Network Time Protocol (NTP) time server. You must synchronize your clock before use. If you choose Local, you must enter the local Region and Zone. If you choose NTP, you must enter the NTP Server IP address. Setting the system time ensures accurate time stamps.

For more details on how to configure these parameters, see Set Cisco NGA System Parameters.


Configure Your Traffic Sources

There are two tasks to configuring your traffic sources. The traffic source in Cisco NetFlow Generation Appliance is either a switch or router. The first task is required; the second task is optional.

Perform these tasks to set up your traffic sources, for example a Nexus 5000 or Nexus 7000 Series switch.

1. (Required) Create a Switched Port Analyzer (SPAN) session (also known as port mirroring) on your switch or router using the Nexus supervisor command line interface, or use a tap device to forward traffic to your Cisco NGA. Port mirroring selects network traffic for analysis by a network analyzer.

Ensure that your traffic sources are connected to the data ports on the appliance with the appropriate 10-Gb Ethernet cable. This guide does not provide details on how to create SPAN sessions or to use a network tap device. See your device documentation for details on how to set up these configurations.

2. (Optional) Configure the IP address of your traffic source in Cisco NGA as a managed device.

If your traffic source is a Nexus 5000 or Nexus 7000 Series switch and you want the appliance to export flow records with the input and output interface of the device rather than dataport interface index on the appliance, you need to configure the IP address and login credentials of your traffic source as a managed device. For details, see Configure the IP Address of Your Traffic Source.

Configure the IP Address of Your Traffic Source

One of the benefits of configuring the IP address of your Cisco Nexus 5000 or Nexus 7000 Series switches is that when your switch is configured as a managed device, Cisco NetFlow Generation Appliance uses the switch's interface index values when exporting records. This allows you more visibility into the collected data. This is an optional task.

Ensure that your traffic sources are connected to the data ports on the Cisco NGA with the appropriate 10Gb Ethernet cable.

To add, edit, or delete managed devices:

Procedure


Step 1 To configure up to four Nexus 7000 or 5000 Series devices as managed devices in Cisco NGA, choose Setup > NetFlow > Managed Devices.

Step 2 Choose one of the following tasks:

To add managed devices, click Create and enter the required information in the Create Managed Device window. See Table 2-1 for field descriptions.

To edit an existing managed device, select the row, click Edit. and enter the device information.

To delete a managed device, select the row and click Delete.

Table 2-1 Managed Devices Table Field Descriptions 

Field
Field Description

Address

Device IP address. Use address and not domain name.

Username/Password
Verify Password

Enter the managed device (switch) access credentials.

Data Ports

Enter the appliance data ports that are connected to the managed device (for example, the Nexus 5000 or Nexus 7000 Series device) as SPAN destinations. These ports will receive replicated packets for monitoring. Any combination of data ports may be connected to the same managed device. If you connect the appliance to multiple Nexus 5000 or Nexus 7000 Series switches, ensure you define a separate managed device for each switch that specifies the correct data ports that the switch connects to on the appliance.


You can configure up to four managed devices. For each managed device, you can specify which set of data ports are attached to it. Once a data port is assigned to one managed device, you cannot assign it to another managed device.

Step 3 Once you configure the managed device or devices, to configure your Cisco NGA flow components choose Setup > NetFlow > Quick Setup or Setup > NetFlow > Advanced Setup.

We recommend using the Quick Setup to configure your initial NetFlow monitor instance, then use Advanced Setup if you require additional components or filters. (See Configure a Single Set of Components Quickly or Advanced Configuration Overview.)


Configure a Single Set of Components Quickly

Cisco NetFlow Generation Appliance requires both hardware and software configuration so that its software can monitor traffic and forward NetFlow records to NetFlow collectors and other consumers that you specify.

To quickly configure a single NetFlow monitor instance to export version 5 or 9 NetFlow Data Export packets from Cisco NGA, use the Quick Setup pane. You can use this interface to configure export to a single collector with no filters.

To configure an environment that requires filters, IPV6 or Layer 2 records, or multiple components, see Configure Filters.

You can also use the command line interface (CLI) to configure the appliance. See the Command Reference Guide for Cisco NetFlow Generation Appliance for details.

Once set, you can modify existing configurations using the Advanced Setup user interface.

Before You Begin

You must complete the hardware setup steps in the Quick Start Guide for Cisco NetFlow Generation Appliance document before you configure the appliance.

To configure a single NetFlow monitor instance quickly using a single window, the Quick Setup pane:

Procedure


Step 1 To configure Cisco NetFlow Generation Appliance for NetFlow Data Export version 5 or 9, enter the required information in the Quick Setup pane. See Table 2-2 for field descriptions.

Table 2-2 Quick Setup Pane Field Descriptions

Field
Field Description

Name

Enter a unique name to identify this configuration. Use up to 54 alpha-numeric characters for this field. You can also use the dash (-) or underscore (_).

Data Port

Check the check box for each appliance data port that will accept incoming packets.

Collector Address

Enter the IP address for the collector.

Collector Port (UDP)

Enter the port on which the collector device is listening. This is typically configurable on the collector device. This is a critical step. See your collector device user documentation for configuration details. Ensure the data port configured matches this port number. (for example, UDP port 3000).

NetFlow Version

Select V5 or V9. 1

V5

Select version 5 to configure the appliance to perform standard NetFlow version 5 monitoring and export. You do not need to select individual record fields since they are predetermined by the NetFlow version 5 standard.

V9

Select which version 9 fields you want to include in your monitoring/collecting. See Table B-1 for match and collect field descriptions.

1 Quick Setup pane allows configuration for IPv4 records only. To configure IPv6 or Layer 2 records, you must use the Advanced Setup tab or the CLI.


Step 2 Click Submit.

The following components are created:

For V5:
For V9:

A collector named name_collector

A collector named name_collector

An exporter named name_exporter

An exporter named name_exporter

A monitor named name_monitor

A monitor named name_monitor

A record named name_record


The Monitor tab appears displaying the newly added name_monitor.

Step 3 Select name_monitor in the Monitor tab and click Activate/Inactivate to enable this flow monitor to generate NetFlow information to the collector.

Step 4 To verify flow records have reached their destination, check the collector data by entering both of the following commands:

show cache statistics rates monitor_name command. Counters begin to increment only after a minute has passed. This command displays the rate of raw traffic being processed and the number of flows being created and forwarded to the exporter engine.

show collector statistics collector_name command. This displays the information about NetFlow packets being sent to the collector.

You can now add more flow components, add filters or define flow records for IPv6 or Layer 2. See Setting Up Multiple NetFlow Monitor Instances.