EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USConfiguring Cflowd Traffic Monitoring
Configuring Cflowd Traffic Monitoring
By using basic component of Centralized data policy, Cflowd traffic flow monitoring can be configured. By using Cflowd template option, including location of Cflowd collector and actions in data policy Cflowd monitoring can be enabled.
Cflowd Routing Policy CLI Configuration Procedure
Create the list of Network Sites to which Cflowd policy is to be applied.
vSmart(config)# policy
vSmart(config-policy)# lists site-list list-name
vSmart(config-lists-list-name)#& site-id site-id
Create the List of VPN, for which Cflowd policy is to be configured.
vSmart(config)# policy lists
vSmart(config-lists)# vpn-list list-name
vSmart(config-lists-list-name)# vpn vpn-id
Create lists of IP prefixes
vSmart(config)# policy lists
vSmart(config-lists)# prefix-list list-name
vSmart(config-lists-list-name)# ip-prefix prefix/length
Configure Cflowd template, its parameters, collector location , flow export timers, and sampling intervals.
vSmart(config)# policy cflowd-template template-name
vSmart(config-cflowd-template-template-name)# collector vpn vpn-id address ip-address port port-number transport-type (transport_tcp | transport_udp) source-interface interface-name
vSmart(config-cflowd-template-template-name)# flow-active-timeout seconds
vSmart(config-cflowd-template-template-name)# flow-inactive-timeout seconds
vSmart(config-cflowd-template-template-name)# flow-sampling-interval number
vSmart(config-cflowd-template-template-name)# template-refresh seconds
- By default active flow data is exported to collector every 600 sec.
- A data set for a flow to which no traffic is flowing is sent every 60 sec.
If you configure a logging action, configure how often to log packets to the syslog files:
vEdge(config)# policy log-frequency number
Create a data policy instance and associate it with a list of VPNs:
vSmart(config)# policy data-policy policy-name
vSmart(config-data-policy-policy-name)# vpn-list list-name
Create a sequence to contain a single match–action pair:
vSmart(config-vpn-list-list-name)# sequence number
vSmart(config-sequence-number)#
Define match parameters for the data packets:
vSmart(config-sequence-number)# match parameters
In the action, enable cflowd:
vSmart(config-sequence-number)# action Cflowd
In the action, count or log data packets:
vSmart(config-sequence-number)# action count counter-name
vSmart(config-sequence-number)# action log
if a route has no match in any sequence that it is rejected and but for nonmatching prefixes to be accepted , configure default action policy
vSmart(config-policy-name)# default-action accept
Apply the policy and the cflowd template to one or more sites in the overlay network:
vSmart(config)# apply-policy site-list list-name data-policy policy-name
vSmart(config)# apply-policy site-list list-name cflowd-template template-name
Enable Cflowd Visibility on vEdge Routers
It is also possible to enable Cflowd visibility directly on vEdge router , without configuring data policy. With this option traffic monitoring can be done from all VPN to in the LAN.
Comment
TABLE OF CONTENTS
- Onboarding & Provisioning Configuring Templates
- Authentication between vSmart & vBond
- Authentication between vSmart Controller
- Authentication between vBond & vEdge Router
- Authentication between vEdge Router & vManage NMS
- Authentication between vSmart Controller & vEdge Router
- Viptela Specific Port Terminology
- Configure vManage & Generate Certificate
- Configure vBond & Generate Certificate
- Configure vSmart & Generate Certificate
- Configure vEdge & Generate Certificate
- Secure DataPlane Bringup
- Control Plane & Data Plane Operation - Unicast Routing Overview
- Configuring OMP & Its attributes
- Configure Unicast Overlay Routing
- Routing Configuration Example
- Segmentation Overview
- Configuring Segmentation
- Segmentation Configuration Example
- Data Traffic across Private WANs
- NAT in SDWAN & Data Encryption
- SD-WAN Viptela Policy Overview
- SD-WAN Centralized & Localized Control Policy Overview
- SD-WAN Centralized & Localized Data Policy
- Application – Aware Routing Overview
- Service Chaining
- Traffic Flow Monitoring
- vEdge Router as NAT Device
- Zone Based Firewalls
- Configuring Application Aware Routing
- Configure Centralized Control Policy
- Configuring Centralized Data Policy
- Configuring Cflowd Traffic Monitoring
- Configuring Zone based Firewall
- Service Chaining Configuration Example
- Configuring Service Side NAT
- Configuring Transport side NAT
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.