netflow cisco ios

Configuring NetFlow Export on an IOS Device

---

Follow the steps below to configure NetFlow export on a Cisco IOS device.

Refer the Cisco Version Matrix for information on Cisco platforms and IOS versions supporting NetFlow

Enabling NetFlow Export

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable NetFlow:

interface {interface} {interface_number}

ip route-cache flow

bandwidth

exit

In some recent IOS releases Cisco Express Forwarding has to be enabled. Issue the command ip cef in global configuration mode on the router or MSFC for this.

This enables NetFlow on the specified interface alone. Remember that on a Cisco IOS device, NetFlow is enabled on a per-interface basis. The bandwidth command is optional, and is used to set the speed of the interface in kilobits per second. Interface speed or link speed value is used to later calculate percentage utilization values in traffic graphs.

Exporting NetFlow Data

Issue the following commands to export NetFlow data to the server on which NetFlow Analyzer is running:

Command	Purpose
ip flow-export destination {hostname|ip_address} 9996	Exports the NetFlow cache entries to the specified IP address. Use the IP address of the NetFlow Analyzer server and the configured NetFlow listener port. The default port is 9996.
ip flow-export source {interface} {interface_number}	Sets the source IP address of the NetFlow exports sent by the device to the specified IP address. NetFlow Analyzer will make SNMP requests of the device on this address.
ip flow-export version 5 [peer-as | origin-as]	Sets the NetFlow export version to version 5. NetFlow Analyzer supports only version 5, version 7 and version 9. If your router uses BGP you can specify that either the origin or peer AS is included in exports - it is not possible to include both.
ip flow-cache timeout active 1	Breaks up long-lived flows into 1-minute fragments. You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes. It is important to set this value to 1 minute in order to generate alerts and view troubleshooting data.
ip flow-cache timeout inactive 15	Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. However, if you choose a value greater than 250 seconds, NetFlow Analyzer may report traffic levels that are too low.
snmp-server ifindex persist	Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots.

For more information on BGP reporting in NetFlow Analyzer, look up the section on Configuring NetFlow for BGP

Verifying Device Configuration

Issue the following commands in normal (not configuration) mode to verify whether NetFlow export has been configured correctly:

Command	Purpose
show ip flow export	Shows the current NetFlow configuration
show ip cache flow	These commands summarize the active flows and give an indication of how much NetFlow data the device is exporting
show ip cache verbose flow

A Sample Device Configuration

The following is a set of commands issued on a router to enable NetFlow version 5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.

router#enable Password:***** router#configure terminal router-2621(config)#interface FastEthernet 0/1 router-2621(config-if)#ip route-cache flow router-2621(config-if)#exit router-2621(config)#ip flow-export destination 192.168.9.101 9996 router-2621(config)#ip flow-export source FastEthernet 0/1 router-2621(config)#ip flow-export version 5 router-2621(config)#ip flow-cache timeout active 1 router-2621(config)#ip flow-cache timeout inactive 15 router-2621(config)#snmp-server ifindex persist router-2621(config)#^Z router#write router#show ip flow export router#show ip cache flow

*repeat these commands to enable NetFlow for each interface

Please note that NetFlow data export has to be enabled on all interfaces of a router in order to see accurate IN and OUT traffic. Suppose you have a router with interface A and B. Since NetFlow, by default, is done on an ingress basis, when you enable NetFlow data export on interface A, it will only export the IN traffic for interface A and OUT traffic for interface B. The OUT traffic for interface A will be contributed by the NetFlow data exported from interface B. Even if you are interested in managing only interface A, please enable NetFlow data export on A and B. You may subsequently unmanage interface B from the License Management link.

Turning off NetFlow

Issue the following commands in global configuration mode to stop exporting NetFlow data:

Command	Purpose
no ip flow-export destination {hostname|ip_address} {port_number}	This will stop exporting NetFlow cache entries to the specified destination IP address on the specified port number
interface {interface} {interface_number}	This will disable NetFlow export on the specified interface. Repeat the commands for each interface on which you need to disable NetFlow.
no ip route-cache flow
exit

For further information on configuring your IOS device for NetFlow data export, refer Cisco's NetFlow commands documentation

Blackberry menjadi modem

Blackberry jadi Modem

Administrator

Ada kalanya Anda membutuhkan modem untuk koneksi ke PC atau Laptop anda, selain screen yang luas, browsing dengan PC atau Laptop juga bisa menjadi solusi jika browsing pake BB anda dirasa kurang maksimal.

Berikut cara yang bisa dilakukan untuk menjadikan Blackberry anda sebagai Modem:

• Anda tentu sudah punya Blackberry Desktop Manager di komputer anda, jika belum silahkan download di http://blackberry.com , kemudian buka aplikasi tersebut dan hubungkan BB Handset dengan komputer pake kabel USB.
  

  

• Kemudian buka Control Panel caranya klik Start, pilih Control Panel

• Lalu pilih Phone and Modem Options

• Pada Box Phone and Modem Options, klik tab Modem

• Kemudian Pilih Standard Modem, lalu klik Properties

• Kemudian Pilih tab Diagnostics, klik tombol Query Modem, lalu akan muncul informasi modem dengan simbol AT

• Kira-kira lebih hasil query modem adalah seperti ini:

• Langkah terakhir untuk setting modem yaitu mengisi kode pada Extra Initialization, dengan cara klik tab Advanced pada kotak isian Extra Initialization commands: tulis command sesuai dengan operator yang anda gunakan :

- Untuk Telkomsel : at+cgdcont=1,"IP","Telkomsel"

- Untuk Indosat : at+cgdcont=1,"IP","www.indosatgprs"

- Untuk XLl : at+cgdcont=1,"IP","www.xlgprs.net"

PERHATIAN! silahkan anda lihat di website masing-masing operator untuk kejelasan command ini

Setelah selesai setting Modem langkah berikutnya anda perlu menambah koneksi Internet, caranya baca di bagian menambah koneksi internet blackberry

Artikel ini adalah lanjutan dari menjadikan Blackberry sebagai modem, silahkan anda baca caranya disini setelah selesai menjadikan Blackberry anda sebagai modem, langkah selanjutnya adalah menambah koneksi Internet dengan cara

• Klik Start lalu klik Control Panel

• Klik Create a new connection

• Pada Box New connection wizard pilih Connect to the Internet

• Klik Next lalu pilih pilihan kedua Set up my connection manually

• klik Next lalu pilih Connect using a dial-up modem

• Lalu select device Modem-standard modem (yang telah kita create sebelumnya-baca artikel sebelumnya)

• Kasih nama connection yang akan dibuat (penamaan terserah anda :)

• Pada pertanyaan Phone number, isikan *99# atau *99***1# (perhatian! jika belum jelas silahkan anda check atau tanyakan pada operator masing-masing untuk kejelasan pengisian ini)

• Pada isian username dan password silahkan dikosongkan saja.

• Klik Next Kemudian klik tombol Finish

• Klik Dial Kini anda siap mengarungi dunia maya dengan Blackberry anda sebagai modem.

WARNING! apa yang anda di lihat di gambar mungkin sedikit berbeda, dikarenakan versi windows atau yang lainnya, silahkan anda tanyakan ke operator masing-masing jika ada yang belum jelas, Andapun dapat mendiskusikan artikel ini di bagian Forum FORUMBLACKBERRY.COM

Allowing New port in Juniper Firewall SSG5

Allowing New port in Juniper Firewall SSG5

I was digging for allowing a new port in Juniper SSG5 firewall, an entry level firewall which used for internet connection, after long R&D i was able to do that, and planning to share it with you
A step by step approach for more clarity

1.Internet explorer take http://192.168.x.x or https://192.168.x.x Userid: netscreen
and password

Step - I

Creating a port

1.Policy ->Policy elements ->Services -> Custom -> Click on New
a.Give service name abc(for which purpose you are opening port give
description of that ex- if you are opening port 1111 for abc give service
name abc)
b.Select Transport protocol -> TCP
c.Source port -> Low =0 High -> 65535 (default)
d.Destination port -> Low= 1111(the port you want to open ex-1111)
High=1111(the port you want to open ex-1111) low and high should be same

Step - II
Assigning new port to group

1.Policy -> Policy elements -> Services -> Group -> edit group1
a. Select the service name you have given from left side and add them