Hello, Peter, In order to see the traffic in both directions, you have to enable cache-flow on both interfaces - incoming and outgoing for your network. I'm using a Cisco to gather billing and traffic accounting statistics with netflow, but I'm not using NAT. Firstly, you have to enable it:
ip flow-cache timeout active 2 This enables a 2 minute active timeout for flows. Then, on each of your interfaces, f.e. : interface GigabitEthernet0/1 ip route-cache flow interface GigabitEthernet0/2 ip route-cache flow And finally to send the netflow data to a nfacctd, or any other NetFlow accounting software: ip flow-export version 5 origin-as ip flow-export destination 192.168.1.2 8888 Hope this helps. On Mon, 22 May 2006 23:35:08 +0300 Peter Nixon <[EMAIL PROTECTED]> wrote: > Hi List > > As a relative newbie to netflow can someone confirm for me whether or > not netflow records from a single interface of a cisco router contain > information about packets in BOTH directions or only one? > > I am attempting to replace a linux box acting as a router running > pmacctd with a cisco router running netflow sending records to > nfacctd. > > The tricky bit is that I am running NAT on the external interface of > the router with a private IP block behind it and I need to see data > on inbound AND outbound traffic. With pmacctd on a linux box I can > see data in both directions on the internal interface(s) but I don't > appear to be getting it with the cisco. If in enable "ip route-cache > flow" on the external interface I see all the flows related to the > external NAT IP which is useless as I need to match it to the hosts > behind. > > I have also tried to setup a looback interface, with netflow enabled > on it, and route all traffic via it, but I dont seem to be receiving > any flow records from it. > > Can anyone help? > > -- > > Peter Nixon > http://www.peternixon.net/ > PGP Key: http://www.peternixon.net/public.asc > -- Regards, Nickola
pgpeKKyermqyi.pgp
Description: PGP signature
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
