Configuring Traffic Monitors on Cisco Devices Via CLI

Configuring Traffic Monitors on IOS-XE Devices

Below are example steps for manually configuring network flows on Cisco IOS-XE devices, to be used as traffic monitors, using a command-line interface (CLI). For CLI steps for Nexus devices, see Configuring Traffic Monitors on Nexus Devices.

Before configuring network flows, ensure you have reviewed the network flow record requirements in Flow Record Requirements, which covers minimum and recommended fields.

1. Set Up Unique Forwarding IP on Interface

The traffic monitor’s IP address needs to be unique within your network. While the IP address need not be dedicated solely to Traffic Insights – the device can use the IP address for other purposes – it just means that your exporting interfaces should be assigned with IP addresses that don't overlap with other IP addresses in your network.

2. Configure Network Flow Records

Create the IPv4 record:

flow record te_etm_record_v4 
  match interface input
  match ipv4 source address
  match ipv4 destination address
  match ipv4 protocol
  match transport source-port
  match transport destination-port
  match flow direction
  collect interface output
  collect counter bytes
  collect counter packets
  collect application name
  collect transport tcp flags
  collect routing next-hop address ipv4
  collect timestamp absolute first
  collect timestamp absolute last

Some IOS-XE platforms, such as Cat9K and Nexus, cannot configure application name and next-hop within the same record. Therefore, we recommend excluding the collect routing next-hop address ipv4 command (and ipv6 equivalent) for these platforms.

Create the IPv6 record:

flow record te_etm_record_v6 
  match interface input
  match ipv6 source address
  match ipv6 destination address
  match ipv6 protocol
  match transport source-port
  match transport destination-port
  match flow direction
  collect interface output
  collect counter bytes
  collect counter packets
  collect application name
  collect transport tcp flags
  collect routing next-hop address ipv6
  collect timestamp absolute first
  collect timestamp absolute last

3. Configure Flow Exporter

flow exporter te_etm_exporter 
  destination <Destination IP Address> (optional: vrf <VRF Name>) 
  source <Source Interface> 
  transport udp 18089 
  export-protocol ipfix 
  option interface-table timeout 300 
  option vrf-table timeout 300 
  option sampler-table 
  option application-table timeout 300 
  option application-attributes timeout 300

For Cat9K switches, the export of network flows is not supported on the Ethernet management port, GigabitEthernet 0/0. For more information about Flexible NetFlow restrictions, see Cisco's documentation for 9500, 9400, and 9300 switches.

4. Configure Flow Monitor

Create the IPv4 monitor:

flow monitor te_etm_monitor 
  exporter te_etm_exporter 
  cache timeout inactive 10 
  cache timeout active 60 
  record te_etm_record_v4

Create the IPv6 flow monitor:

flow monitor te_etm_monitor_v6 
  exporter te_etm_exporter 
  cache timeout inactive 10 
  cache timeout active 60 
  record te_etm_record_v6

5. Attach Flow Monitor to All Interfaces

Attach the IPv4 flow monitor:

interface <Interface>
  ip flow monitor te_etm_monitor input

Optional: If you want to get IPv6, attach the IPv6 flow monitor to all interfaces:

interface <Interface>
  ipv6 flow monitor te_etm_monitor_v6 input

Configuring Traffic Monitors on Nexus Devices

Below are example steps for manually configuring network flows on Cisco Nexus devices, to be used as traffic monitors, using a CLI. The configuration approach for Nexus devices follows similar principles to IOS-XE devices but steps 2, 3, and 4 have device-specific syntax variations. The commands for these steps are as follows.

2. Configure Network Flow Records

Create the IPv4 record:

flow record te_etm_record_v4
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match transport source-port
  match transport destination-port
  collect counter bytes long
  collect counter packets long
  collect transport tcp flags
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last

Create the IPv6 record:

 flow record te_etm_record_v6
   match ipv6 source address
   match ipv6 destination address
   match ip protocol
   match transport source-port
   match transport destination-port
   collect counter bytes long
   collect counter packets long
   collect transport tcp flags
   collect timestamp sys-uptime first
   collect timestamp sys-uptime last

3. Configure Flow Exporter

flow exporter te_etm_exte 
  destination 10.20.0.50
  source Vlan1809
  transport udp 18089 
  version 9
  option interface-table timeout 300
  template data timeout 300

4. Configure Flow Monitors

Create the IPv4 monitor:

flow monitor te_etm_monitor 
  exporter te_etm_exporter 
  record te_etm_record_v4

Create the IPv6 flow monitor:

flow monitor te_etm_monitor 
  exporter te_etm_exporter 
  record te_etm_record_v6

PreviousDiscovering Devices NextConfiguring Traffic Monitors Via Cisco SD-WAN

Last updated 28 days ago