Since PRTG free version supports 100 Sensors, it is great tool for any small network to maintain data, voice and video network.
Here is basic and simple configuration.
Notes;
Cisco router 2921, IOS 15.3
WAN : gi0/0 – 192.168.77.1/30
LAN1 (user network) : 10.1.1.0/24
LAN3 (server network) : 20.1.1.0/24
PRTG Server : 172.16.10.1
1. Configuring Router
Netflow_RTR# conf t
Netflow_RTR(conf)# flow exporter FlowExporter
Netflow_RTR(config-flow-exporter)# destination 172.16.10.1
Netflow_RTR(config-flow-exporter)# source VLAN1
Netflow_RTR(config-flow-exporter)# transport udp 2055
Netflow_RTR(config-flow-exporter)# export-protocol netflow-v5
Netflow_RTR(config-flow-exporter)# output-features
Netflow_RTR(config-flow-exporter)# exit
Netflow_RTR(conf)# flow monitor FlowMonitor
Netflow_RTR(conf-flow-monitor)# record netflow ipv4 original-input
Netflow_RTR(conf-flow-monitor)# exporter FlowExporter
Netflow_RTR(conf-flow-monitor)# cache timeout active 1
Netflow_RTR(conf-flow-monitor)# exit
Netflow_RTR(conf)# int fa 0/0
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor input
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor output
Netflow_RTR(conf)# int vlan1
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor input
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor output
Netflow_RTR(conf)# int vlan2
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor input
Netflow_RTR(conf-if)# ip flow monitor FlowMonitor output
2. Configuring PRTG
Being updated
Exclude Filter
(SourceIP[10.1.1.*] AND DestinationIP[10.1.1.*]) OR
(SourceIP[20.1.1.*] AND DestinationIP[20.1.1.*]) OR
(SourceIP[10.1.1.*] AND DestinationIP[20.1.1.*]) OR
(SourceIP[20.1.1.*] AND DestinationIP[10.1.1.*]) OR
3. Verifying
Netflow_RTR#sh flow monitor
Flow Monitor FlowMonitor:
Description: User defined
Flow Record: netflow ipv4 original-input
Flow Exporter: FlowExporter
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 344088 bytes
Inactive Timeout: 15 secs
Active Timeout: 1 secs
Update Timeout: 1800 secs
Synchronized Timeout: 600 secs
Flow Monitor Flff:
Description: User defined
Flow Record: not configured
Cache:
Type: normal
Status: not allocated
Size: 4096 entries / 0 bytes
Inactive Timeout: 15 secs
Active Timeout: 1800 secs
Update Timeout: 1800 secs
Synchronized Timeout: 600 secs
Netflow_RTR#sh flow exporter
Flow Exporter FlowExporter:
Description: User defined
Export protocol: NetFlow Version 5
Transport Configuration:
Destination IP address: 172.16.10.1
Source IP address: 10.1.1.1
Source Interface: Vlan1
Transport Protocol: UDP
Destination Port: 2055
Source Port: 54043
DSCP: 0x0
TTL: 255
Output Features: Used
Netflow_RTR#sh flow monitor FlowMonitor cache aggregate record netflow-original
Processed 1 flow
Aggregated to 1 flow
IPV4 SOURCE ADDRESS: xx.xx.xx.xx
IPV4 DESTINATION ADDRESS: 192.168.77.1
TRNS SOURCE PORT: 23452
TRNS DESTINATION PORT: 22
INTERFACE INPUT: Fa0/0
FLOW SAMPLER ID: 0
IP TOS: 0x20
IP PROTOCOL: 6
ip source as: 0
ip destination as: 0
ipv4 next hop address: 0.0.0.0
ipv4 source mask: /0
ipv4 destination mask: /0
tcp flags: 0x18
interface output: Null
counter flows: 1
counter bytes: 128
counter packets: 1
timestamp first: 20:15:31.914
timestamp last: 20:15:31.914
4. Tips
– How to calculate a required bandwidth for netflow traffic
https://www.lancope.com/bandwidth-calculator
every active connection will require 1 NetFlow record to be exported every minute
The www.ipBalance.com runs by a volunteer group with IT professionals and experts at least over 25 years of experience developing and troubleshooting IT in general. ipBalance.com is a free online resource that offers IT tutorials, tools, product reviews, and other resources to help you and your need.
