Are you trying to monitor your network traffic ? Then you will need to consider ManageEngine NetFlow Analyzer as the first solution because it is a solid tool with user friendly UI and easy to use software. It is also listed in the ‘Products of the week’ listing by Network World
Pre-Requisite:-
The Pre-Requisite is simple. Your routing and switching device should be capable of exporting any compatible flow format which NetFlow Analyzer supports.
NetFlow Analyzer supports wide variety of flow formats like NetFlow, sFlow, jFlow, cFlow, Netstream, AppFlow, IPFIX etc which are vendor dependent. Click here to know your devices are supported.
Discovery:-
NetFlow Analyzer works on Auto Discovery, It uses the NetFlow packets exported from the router to generate reports for top applications, top conversation etc in the network.
Router or switching device has to be configured for NetFlow or similar flow export and we need to make sure that the packets reaches the NetFlow Analyzer server. If the packet reaches the server, the product will automatically show the router with their interfaces. You can sent SNMP community to retrieve the Router Name, Interface Name and Interface Speed. You can also drill down to each interface to generate traffic reports.
What is the use of Add Device option?
Add device option is in the product only to add device which are not capable of exporting NetFlow packets and has QoS polices in it. Click here to know more about this feature.
Troubleshooting :-
You would have configured the device to export flow packets and still the device may not be visible in NetFlow Analyzer.
What I can Check ?
1. Firewall Device between Router and NetFlow Analyzer server is blocking the UDP packets on 9996. You should allow UDP port 9996 on firewall to get the packets in server.
2. Router reach-ability (Ping or Telnet) from NetFlow Analyzer server.
3. Software Firewall (Windows Firewall) on the NetFlow Analyzer server is blocking the UDP packets on port 9996.
If all the three points are verified, at last you can install Wireshark on the NetFlow Analyzer to verify whether packets are reaching the server. In case of Linux machine, you can use TCP DUMP option on port 9996.
Router Configuration:-
The following is a set of commands issued on a Cisco router to enable NetFlow version 5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 (IP Address of NetFlow Analyzer server) on port 9996 (UDP port to export NetFlow packets).
router#enable
Password:*****
router#configure terminal
Interface Level configuration:-
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip route-cache flow // (This command has to be executed on all the L3/VLAN interfaces).
router-2621(config-if)#exit
Global Configuration :-
router-2621(config)#ip flow-export destination NetFlow Analyzer Server IP 9996
router-2621(config)#ip flow-export source FastEthernet 0/1 // You should specify the interface through which you are going to export packets to the server.
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
The above configuration is for Cisco Routers for Cisco ASA refer here. If you have other vendor device and it supports compatible flow formats, send email to nfs@manageengine.com with the model number of device, our TAC team will send you the configuration details.
You can download the 30 day trial of ManageEngine NetFlow Analyzer from here.
Reach us on Facebook at NetFlow Analyzer TAC
Catch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for Enterprises
Praveen Kumar
NetFlow Analyzer Technical Team
Download | Interactive Demo | Twitter | Customers