Gigamon has a web interface called GigaSMART that it uses to configure NetFlow on Gigamon devices. But GigaSMART can be limiting; through working with many Gigamon and Scrutinizer users, I’ve found that most users are far more comfortable configuring NetFlow through the command line. This blog will explain how to configure NetFlow for H  Series Gigamon devices through the CLI.

Gigamon NetFlow configuration

What we need to know before we get started

The configuration we’re about to review is specifically for Netflow v9 and will require a GigaSMART NetFlow license from Gigamon. The NetFlow v9 configuration we’re going to review has been tested and verified for H Series devices. If you’re not working with an H Series device, I recommend using the GigaSMART interface.

First enter ‘configure terminal mode’ on your H Series devices. The below steps can be copied directly to the CLI, but make sure to change the IP addresses listed in the example.

Defining the Exporter

apps netflow exporter alias exp1
destination ip4addr 10.5.7.14
dscp 10
netflow-version netflow-v9
transport udp 9999
template-refresh-interval 15
ttl 64
exit

Define Recorder

apps netflow record alias rec1
netflow-version netflow-v9
collect add ipv4 destination address
collect add datalink vlan
collect add ipv4 tos
collect add ipv4 fragmentation id
collect add ipv4 fragmentation offset
collect add ipv4 source address
collect add transport destination-port
collect add transport source-port
collect add ipv4 protocol
collect add counter bytes collect add counter packets
collect add timestamp sys-uptime first
collect add timestamp sys-uptime last
match add ipv4 destination address
match add ipv4 source address
match add transport destination-port
match add transport source-port
match add ipv4 protocol
exit

Define the Monitor

apps netflow monitor alias mon1
cache timeout active 30
cache timeout inactive 60
cache timeout event transaction-end
record add rec1
exit

(These are the default values for ‘cache timeout active 30’ and ‘cache timeout inactive 60.’ I recommend setting these values to 1.)

Define GSGroup, Tunnel Port & Flow Map

port 1/1/g1 type tool
gsgroup alias gs1 port-list 1/2/e1
tunneled-port 1/1/g1 ip 10.5.7.28 255.255.255.0 gateway 10.5.7.250 mtu 1500 port-list gs1 tunneled-port 1/1/g1 netflow-exporter add exp1 gsop alias gsop1 flow-ops netflow port-list gs1
map alias for-netflow1
from 1/1/g2
use gsop gsop1
to 1/1/g1
rule add pass ipver 4
exit
gsparams gsgroup gs1 netflow-monitor add mon1

And congratulations, you’ve just configured your Gigamon NetFlow from CLI!

Troubleshooting & Configuration Confirmation

Gigamon recommends the following steps to troubleshoot and confirm your configuration.

Show Stats Commands

sh apps netflow exporter stats
sh apps netflow monitor stats
sh gsop stats

Clear Stats Commands

clear port stats all
clear gsgroup stats
clear map stats all
clear gsop stat
clear app netflow exporter stat
clear app netflow monitor cac
clear app netflow monitor stat
clear tunneled-port stats

Delete or Reconfigure

gsparams gsgroup gs1 netflow-monitor delete
no map alias for-netflow1
tunneled-port 1/1/g1 netflow-exporter delete exporter-id 1

OR

tunneled-port 1/1/g1 netflow-exporter delete all

Using the above configuration you’ll gain reports specific to your Gigamon devices, which include details like flow source and destination, URLS, SSL details and much more. Take Scrutinizer for a spin to see what insight can be gained from your NetFlow devices.

Traci Anderberg

Traci Anderberg

Traci is a technical support engineer here at Plixer. It was by accident that she discovered her interest in computer science; she had taken a couple electives in the field whilst chasing a degree in Business Administration. Since then, she has been assisting the Plixer family in tackling new challenges. When not at her desk (plotting new ways to fight the Dark Side), she can be found by the beach, catching the biggest wave.

Related