Hi Nikola I already have a configuration almost identical to yours. As I mentioned below, I am happily getting data from the external interface also however the flows are all hidden by the single nat overload which means I have no way to associate them with the traffic on the internal interface.
Does anyone have a way to resolve this? I figure that there must be a way to get around this problem by using a loopback interface but as yet I haven't figured out the correct configuration. Cheers Peter On Tue 23 May 2006 10:38, Nickola Kolev wrote: > Hello, Peter, > > In order to see the traffic in both directions, you have to enable > cache-flow on both interfaces - incoming and outgoing for your network. > I'm using a Cisco to gather billing and traffic accounting statistics > with netflow, but I'm not using NAT. Firstly, you have to enable it: > > ip flow-cache timeout active 2 > > This enables a 2 minute active timeout for flows. Then, on each of your > interfaces, f.e. : > > interface GigabitEthernet0/1 > ip route-cache flow > > interface GigabitEthernet0/2 > ip route-cache flow > > And finally to send the netflow data to a nfacctd, or any other NetFlow > accounting software: > > ip flow-export version 5 origin-as > ip flow-export destination 192.168.1.2 8888 > > Hope this helps. > > On Mon, 22 May 2006 23:35:08 +0300 > > Peter Nixon <[EMAIL PROTECTED]> wrote: > > Hi List > > > > As a relative newbie to netflow can someone confirm for me whether or > > not netflow records from a single interface of a cisco router contain > > information about packets in BOTH directions or only one? > > > > I am attempting to replace a linux box acting as a router running > > pmacctd with a cisco router running netflow sending records to > > nfacctd. > > > > The tricky bit is that I am running NAT on the external interface of > > the router with a private IP block behind it and I need to see data > > on inbound AND outbound traffic. With pmacctd on a linux box I can > > see data in both directions on the internal interface(s) but I don't > > appear to be getting it with the cisco. If in enable "ip route-cache > > flow" on the external interface I see all the flows related to the > > external NAT IP which is useless as I need to match it to the hosts > > behind. > > > > I have also tried to setup a looback interface, with netflow enabled > > on it, and route all traffic via it, but I dont seem to be receiving > > any flow records from it. > > > > Can anyone help? > > > > -- > > > > Peter Nixon > > http://www.peternixon.net/ > > PGP Key: http://www.peternixon.net/public.asc -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
pgpPTveD4h382.pgp
Description: PGP signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
