netflow и UTM
netflow и UTM
вопрос такого плана, третий день бьюсь, в детализированном отчете все запросы по нетфло с циски отображаются, а в отчете по траффику считаются какие то копейки, с сети содрал больше 100 Мб, он насчитал около 3Мб
Код: Выделить всё
Router#sh run
Building configuration...
Current configuration : 3351 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot system disk0:c7400-js-mz.124-3.bin
boot-end-marker
!
no logging console
!
aaa new-model
aaa session-mib disconnect
!
!
aaa authentication login default local
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting update newinfo
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
syscon address 10.0.0.1 public
syscon shelf-id 0
ip subnet-zero
!
!
ip cef
ip name-server 217.9.147.42
ip name-server 217.9.148.4
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.1.254
!
ip dhcp pool LOCAL
network 192.168.0.0 255.255.252.0
dns-server 192.168.0.1
default-router 192.168.0.1
!
!
!
virtual-template 1 pre-clone 500
!
!
!
!
!
!
!
!
!
!
!
username phrozen privilege 15 secret 5 $1$dLo1$Lu049LyWt9iafVsAqX4z2/
archive
log config
logging enable
hidekeys
!
!
!
bba-group pppoe global
virtual-template 1
sessions max limit 8000
ac name nas1
sessions per-mac limit 1
sessions per-vlan limit 500
sessions auto cleanup
!
!
interface GigabitEthernet0/0
description BILLING
ip address 10.0.0.2 255.255.255.0
duplex full
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description LOCAL
ip address 192.168.0.1 255.255.252.0
duplex full
speed auto
media-type gbic
negotiation auto
pppoe enable group global
no cdp enable
!
interface FastEthernet1/0
description INTERNET
ip address 172.29.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex full
!
interface Virtual-Template1
mtu 1492
ip unnumbered GigabitEthernet0/0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
autodetect encapsulation ppp
peer default ip address pool PPPoE
ppp max-bad-auth 3
ppp authentication chap
ppp timeout retry 3
ppp timeout authentication 45
ppp timeout idle 3600
!
ip local pool PPPoE 192.168.0.100 192.168.2.200
ip classless
ip route 0.0.0.0 0.0.0.0 172.29.1.1
ip flow-export source Virtual-Template1
ip flow-export version 5
ip flow-export destination 10.0.0.1 9996
!
no ip http server
!
ip nat inside source list 100 interface FastEthernet1/0 overload
ip dns server
!
!
ip access-list standard RW3
access-list 3 permit 10.0.0.1
access-list 3 deny any log
access-list 100 permit ip 192.168.0.0 0.0.3.255 any
snmp-server community public RO RW3
snmp-server ifindex persist
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps aaa_server
snmp-server host 10.0.0.1 161
snmp-server host 10.0.0.1 2c
snmp-server host 10.0.0.1 aaa
snmp-server host 10.0.0.1 public snmp
!
!
!
radius-server attribute 8 include-in-access-req
radius-server attribute nas-port format e UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU
radius-server attribute 31 mac format unformatted
radius-server host 10.0.0.1 auth-port 1812 acct-port 1813
radius-server retransmit 5
radius-server timeout 30
radius-server deadtime 1
radius-server key 7 03175E08140A35
radius-server vsa send accounting
radius-server vsa send authentication
!
control-plane
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
!
!
end
Router#
Код: Выделить всё
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
------------------------------------------------------------------------------
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vi39 192.168.0.70 Local 192.168.0.1 06 D7A4 0017 55
Vi38 192.168.0.91 Fa1/0 95.52.218.35 06 C0FF F13B 1
Vi38 192.168.0.91 Fa1/0 95.161.252.153 06 C0F4 A098 3
Vi38 192.168.0.91 Fa1/0 94.245.121.253 11 D1F2 0DD8 1
Fa1/0 95.28.184.223 Vi38* 192.168.0.91 06 F040 C101 1
Vi38 192.168.0.91 Fa1/0 93.81.195.176 11 D1F2 D9A4 1
Fa1/0 66.220.146.49 Vi39* 192.168.0.70 06 01BB D8F9 1
Fa1/0 213.79.112.170 Vi38* 192.168.0.91 11 B6A0 C625 1
Vi38 192.168.0.91 Fa1/0 95.28.184.223 06 C101 F040 1
Vi38 192.168.0.91 Fa1/0 95.55.237.218 11 C625 9ACA 1
Fa1/0 86.100.17.193 Vi38* 192.168.0.91 11 C2D2 D1F2 1
Vi38 192.168.0.91 Fa1/0 213.79.112.170 11 C625 B6A0 1
Vi39 192.168.0.70 Fa1/0 66.220.146.49 06 D8F9 01BB 1
Vi38 192.168.0.91 Fa1/0 93.116.70.113 11 C625 6FAC 1
Vi38 192.168.0.91 Fa1/0 95.55.237.218 06 C0FD 9ACA 2
Fa1/0 94.100.179.35 Vi39* 192.168.0.70 06 07F9 CC8E 1
Fa1/0 199.59.149.232 Vi39* 192.168.0.70 06 01BB D8FB 1
Vi38 192.168.0.91 Fa1/0 94.24.208.165 11 C625 8B6B 1
Vi38 192.168.0.91 Fa1/0 95.52.96.147 06 C0F6 0689 3
Fa1/0 93.81.195.176 Vi38* 192.168.0.91 11 D9A4 D1F2 1
Vi38 192.168.0.91 Fa1/0 95.135.188.194 06 C0FB 9A82 3
Vi38 192.168.0.91 Fa1/0 86.100.17.193 11 D1F2 C2D2 1
Vi38 192.168.0.91 Fa1/0 178.72.93.148 06 C100 76EB 1
Vi38 192.168.0.91 Fa1/0 78.159.45.197 11 C625 2EE2 1
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vi38 192.168.0.91 Fa1/0 178.90.79.17 11 C625 7176 1
Vi38 192.168.0.91 Fa1/0 94.24.208.165 06 C0F9 8B6B 3
Vi38 192.168.0.91 Fa1/0 95.135.188.194 11 C625 9A82 1
Vi38 192.168.0.91 Fa1/0 89.254.230.186 11 C625 7215 1
Vi38 192.168.0.91 Fa1/0 94.179.137.198 11 C625 912F 1
Fa1/0 94.179.137.198 Vi38* 192.168.0.91 11 912F C625 1
Vi38 192.168.0.91 Fa1/0 10.10.43.95 11 D1F2 F82B 1
Fa1/0 46.0.10.94 Vi38* 192.168.0.91 06 AD9C C0FE 1
Fa1/0 78.159.45.197 Vi38* 192.168.0.91 11 2EE2 C625 1
Fa1/0 89.254.198.2 Vi38* 192.168.0.91 06 7F5C C102 1
Vi38 192.168.0.91 Fa1/0 94.25.103.9 11 D1F2 F82B 1
Fa1/0 89.254.230.186 Vi38* 192.168.0.91 11 7215 C625 1
Vi38 192.168.0.91 Fa1/0 109.188.226.240 06 C0F5 724C 3
Vi38 192.168.0.91 Fa1/0 95.26.68.106 06 C0F7 EE23 3
Vi38 192.168.0.91 Fa1/0 89.254.198.2 06 C102 7F5C 1
Vi39 192.168.0.70 Fa1/0 199.59.149.232 06 D8FB 01BB 1
Vi38 192.168.0.91 Fa1/0 92.62.62.29 06 C0FA 8B6B 3
Vi38 192.168.0.91 Fa1/0 95.129.239.61 11 C625 70F6 1
Vi38 192.168.0.91 Fa1/0 92.62.62.29 11 C625 8B6B 1
Vi39 192.168.0.70 Fa1/0 94.100.179.35 06 CC8E 07F9 1
Fa1/0 212.124.27.26 Vi38* 192.168.0.91 11 B195 C625 1
Vi38 192.168.0.91 Fa1/0 95.220.147.128 11 C625 E40B 1
Vi39 192.168.0.70 Fa1/0 69.171.228.13 06 CC9E 0050 1
Fa1/0 69.171.228.13 Vi39* 192.168.0.70 06 0050 CC9E 2
Router#