Flow collector - general

Flow collector general settings enable you to define settings common to all NetFlow sources. The process for classification and identification within the flow collector is in the following order: defined SS, followed by NBAR name, followed by port lookup in protocols.xml .

To specify flow collector general settings, navigate to Configuration  ► Global  ► Flow Collector  ► General to access the list of general configuration settings for the flow collector.

The list of options is organized into the following sections and includes:

Flow listening port (UDP)

In general, NetFlow-enabled devices can send flows over UDP or SCTP. NAM requires that UDP be used for flows sent to NAM Probe. The network device is configured with an IP address and port number of the NetFlow collector that will receive the records and process them. This is the port number that the NetFlow collector will listen to for incoming flow records.

Default: 2055 (This can be configured to something more suitable to your environment. Other but less commonly used ports are 9555 and 9995 .)

Flow Source SNMP polling

The NetFlow collector actively polls the network devices from which it receives flow records. Information received through SNMP polling augments the information received through flows. In particular, it helps to associate the interface name and index, thus allowing for byte and packet counts to be calculated for the named interfaces.

The incoming flow records contain an interface index (decimal number) that, when correlated with the interface name, makes reading reports much easier. For example, VPN to Tokyo is much easier than 26 to understand in the context of the reporting data. Also, interface index numbers can change across router and switch reboots, so without the name association you would constantly need to manually update a mapping table to really understand which link the interface index was referring to. By doing the SNMP query, the index and name are correlated automatically. In addition, when retrieving the byte counts over an interval time frame, the utilization for that link can be calculated and provided in the report.

SNMP read community name

This is a string used by SNMP V1 and V2 clients to authenticate with a SNMP agent. A common community string used is public . Note that this allows read-only access and does not compromise the security of your switch.

SNMP port

The SNMP port to be used for SNMP polling.

Default: 161

Timeout

This setting determines the number of seconds that the NetFlow collector will wait for an SNMP query request to return from a SNMP agent before it aborts the request.

Default: 1

Retries

The number of retries for attempting SNMP polling.

Default: 5

Advanced

Remove inactive Flow Source from status update after

The number of days after which flow sources that have stopped reporting are removed from the table of flow sources.