Gigamon has a web interface called GigaSMART that it uses to configure NetFlow on Gigamon devices. But GigaSMART can be limiting; through working with many Gigamon and Scrutinizer users, I’ve found that most users are far more comfortable configuring NetFlow through the command line. This blog will explain how to configure NetFlow for H Series Gigamon devices through the CLI.
What we need to know before we get started
The configuration we’re about to review is specifically for Netflow v9 and will require a GigaSMART NetFlow license from Gigamon. The NetFlow v9 configuration we’re going to review has been tested and verified for H Series devices. If you’re not working with an H Series device, I recommend using the GigaSMART interface.
First enter ‘configure terminal mode’ on your H Series devices. The below steps can be copied directly to the CLI, but make sure to change the IP addresses listed in the example.
Defining the Exporter
apps netflow exporter alias exp1
destination ip4addr 10.5.7.14
dscp 10
netflow-version netflow-v9
transport udp 9999
template-refresh-interval 15
ttl 64
exit
Define Recorder
apps netflow record alias rec1
netflow-version netflow-v9
collect add ipv4 destination address
collect add datalink vlan
collect add ipv4 tos
collect add ipv4 fragmentation id
collect add ipv4 fragmentation offset
collect add ipv4 source address
collect add transport destination-port
collect add transport source-port
collect add ipv4 protocol
collect add counter bytes collect add counter packets
collect add timestamp sys-uptime first
collect add timestamp sys-uptime last
match add ipv4 destination address
match add ipv4 source address
match add transport destination-port
match add transport source-port
match add ipv4 protocol
exit
Define the Monitor
apps netflow monitor alias mon1 cache timeout active 30
cache timeout inactive 60
cache timeout event transaction-end
record add rec1
exit
(These are the default values for ‘cache timeout active 30’ and ‘cache timeout inactive 60.’ I recommend setting these values to 1.)
Define GSGroup, Tunnel Port & Flow Map
port 1/1/g1 type tool
gsgroup alias gs1 port-list 1/2/e1
tunneled-port 1/1/g1 ip 10.5.7.28 255.255.255.0 gateway 10.5.7.250 mtu 1500 port-list gs1 tunneled-port 1/1/g1 netflow-exporter add exp1 gsop alias gsop1 flow-ops netflow port-list gs1
map alias for-netflow1 from 1/1/g2 use gsop gsop1 to 1/1/g1 rule add pass ipver 4 exit
gsparams gsgroup gs1 netflow-monitor add mon1
And congratulations, you’ve just configured your Gigamon NetFlow from CLI!
Troubleshooting & Configuration Confirmation
Gigamon recommends the following steps to troubleshoot and confirm your configuration.
Show Stats Commands
sh apps netflow exporter stats sh apps netflow monitor stats sh gsop stats
Clear Stats Commands
clear port stats all clear gsgroup stats clear map stats all clear gsop stat clear app netflow exporter stat clear app netflow monitor cac clear app netflow monitor stat clear tunneled-port stats
Delete or Reconfigure
gsparams gsgroup gs1 netflow-monitor delete no map alias for-netflow1 tunneled-port 1/1/g1 netflow-exporter delete exporter-id 1
OR
tunneled-port 1/1/g1 netflow-exporter delete all
Using the above configuration you’ll gain reports specific to your Gigamon devices, which include details like flow source and destination, URLS, SSL details and much more. Take Scrutinizer for a spin to see what insight can be gained from your NetFlow devices.
