# Configuring Traffic Monitors Via Cisco SD-WAN Cisco SD-WAN environments require a different configuration approach for network flow compared to standalone IOS-XE or Nexus devices. In SD-WAN deployments, you configure a centralized Cflowd policy through the Cisco SD-WAN Manager (formerly vManage), rather than manually configuring individual devices. See the Cisco documentation titled [Cisco SD-WAN Policies Configuration Guide for Cisco IOS XE Release 17.x](https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/policies/ios-xe-17/policies-book-xe/traffic-flow-monitor.html#traffic-flow-mon-config) for instructions to set up and configure Cflowd. Refer to the example below to create a Cflowd policy for your sites. {% hint style="info" %} **Notes for Cisco SD-WAN networking platform:** * For Cisco SD-WAN environments that use Cisco Catalyst SD-WAN, see [Traffic Monitor Requirements](https://docs.thousandeyes.com/product-documentation/traffic-insights/traffic-insights-system-requirements/traffic-monitor-requirements). * The forwarder used for Traffic Insights must have **SNMP read-only** access to the devices that are sending Cflowd. * If this is a new network device, you may have to create a feature template for it. Additionally, make sure sites are already created before following the steps listed below as they will be assigned to the Cflowd policy. {% endhint %} ## Create Cflowd Policy Via UI ### Locate or Create a Centralized Policy Locate the centralized default policy in your Cisco SD-WAN manager. If you do not have one, you need to create one. In the following example, you create a policy called "Default\_Central\_Policy". 1. Go to **Configuration > Policies > Centralized Policies > Default\_Central\_Policy**. 2. Select "..." (ellipsis). 3. Click **Edit**. ![Cisco Catalyst SD-WAN Screen](/files/qxMLtO2CQrNWxq1PJNjv) 4. Select **Traffic Rules** as shown in the figure above. ![Traffic rules screen](/files/lzmzurzgcTzNnnxOt29y) 5. Select the **Cflowd** tab. 6. Click **Add Policy**. ![Add Cflowd policy screen](/files/vOXXca7qj8NwkzWbX7Nj) 7. In the Cflowd Policy screen, fill in the following fields: * **Name**: Enter a policy name, in this example we use *ThousandEyes-ETM.* * **Description**: Enter a simple description for the policy. * **Active Flow Timeout**: 60 * **Inactive Flow Timeout**: 15 * **Flow Refresh**: 120 * **Sampling Interval**: 1 * **Protocol**: IPv4 (an additional policy can be created for IPv6). 11. Click **New Collector** and fill in the following fields: * **VPN ID**: Use the VPN that will send traffic to the cflowd collector. * **IP Address**: IP of the ThousandEyes Enterprise Agent that has Traffic Insights enabled. * **Port**: 18089 (that can be customized for example 9995). * **Transport Protocol**: TCP or UDP (this must match the forwarder settings in [Enabling and Managing Forwarders](https://docs.thousandeyes.com/product-documentation/traffic-insights/traffic-insights-configuration-guide/enabling-managing-forwarders)). * **Source Interface**: Type the interface that will send Cflowd records to the forwarder. Use the dropdown to help select the interface type. 11. Click **Add**. 12. Click **Save Cflowd Policy**. ![Cflowd apply policy to sites](/files/5KPy0OoESgbOH80MxPkO) ### Apply the Cflowd Policy to Sites * Select **Policy Application**. * Click the **Cflowd** tab. * Click the **+ New Site List**. * Select your site(s) from the popup list. * Click **Add**. * Click **Save Policy Changes** to update your policy. ## Create Cflowd Policy Via Command-Line Below is a command-line example of the Cflowd configuration; the IP address 192.168.100.176 and port 18089 refer to the Enterprise Agent that has been enabled as a forwarder. ``` #show sdwan policy from-vsmart cflowd-template flow-active-timeout 60 flow-inactive-timeout 15 template-refresh 120 flow-sampling-interval 1 protocol ipv4 no collect-tloc-loopback customized-ipv4-record-fields no collect-tos no collect-dscp-output collector vpn 2 address 192.168.100.176 port 18089 transport transport_udp source-interface GigabitEthernet0/0/3 bfd-metrics-export export-interval 60 ``` Additionally, the command `show sdwan app-fwd cflowd statistics` can be used to verify flow statistics. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.thousandeyes.com/product-documentation/traffic-insights/traffic-insights-configuration-guide/configuring-traffic-monitors-via-sd-wan.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.