Flow collector - general

Flow collector general settings enable you to define settings common to all NetFlow sources. The process for classification and identification within the flow collector is in the following order: defined SS, followed by NBAR name, followed by port lookup in protocols.xml.

To specify flow collector general settings:

  1. In the NAM Console, open Deployment ► Manage devices.
  2. Open the menu for the NAM Probe you are configuring and select Open configuration.
  3. Navigate to Configuration ► Global ► Flow Collector ► General.

The list of options is organized into the following sections.

Flow listening port (UDP)

In general, NetFlow-enabled devices can send flows over UDP or SCTP. NAM requires that UDP be used for flows sent to NAM Probe. The network device is configured with an IP address and port number of the NetFlow collector that will receive the records and process them. This is the port number that the NetFlow collector will listen to for incoming flow records.

Default: 2055 (This can be configured to something more suitable to your environment. Other but less commonly used ports are 9555 and 9995 .)

Flow Source SNMP polling

The NetFlow collector actively polls the network devices from which it receives flow records. Information received through SNMP polling augments the information received through flows. In particular, it helps to associate the interface name and index, thus allowing for byte and packet counts to be calculated for the named interfaces.

The incoming flow records contain an interface index (decimal number) that, when correlated with the interface name, makes reading reports much easier. For example, VPN to Tokyo is much easier than 26 to understand in the context of the reporting data. Also, interface index numbers can change across router and switch reboots, so without the name association you would constantly need to manually update a mapping table to really understand which link the interface index was referring to. By doing the SNMP query, the index and name are correlated automatically. In addition, when retrieving the byte counts over an interval time frame, the utilization for that link can be calculated and provided in the report.

  • SNMP read community name
    This is a string used by SNMP V1 and V2 clients to authenticate with a SNMP agent. A common community string used is public. Note that this allows read-only access and does not compromise the security of your switch.
  • SNMP port
    The SNMP port to be used for SNMP polling. Default: 161.
  • Timeout
    This setting determines the number of seconds that the NetFlow collector will wait for an SNMP query request to return from a SNMP agent before it aborts the request. Default: 1.
  • Retries
    The number of retries for attempting SNMP polling. Default: 5.

Port Finder

Enables and configures port finder functionality.

Advanced

Remove inactive Flow Source from status update after

The number of days after which flow sources that have stopped reporting are removed from the table of flow sources.

SNMP security

Applies to NAM 2019 Beta

These settings control general SNMP security for flow collector devices (flow sources). If you need to configure these settings per device, go to Flow sources (Configuration ► Global ► Flow Collector ► Flow Sources) and add or edit a device configuration.

SNMP version
Select SNMP version 2 or 3. You need version 3 for authentication and privacy.

Security level

  • noAuthorization - no authorization, no privacy.
  • authNoPriv - authorization, no privacy.
  • authPriv - authorization, privacy.

Depending on the security level you select, you need to provide the following:

  • User name
    Required for all security levels.
  • Authentication protocol and Authentication password
    Required for authNoPriv and authPriv security. Select MD5 or SHA and provide the password.
  • Private protocol and Private password
    Required for authPriv security. Select DES or AES and provide the password.