I have PRTG configured to bring in Netflow data for a Cisco Meraki MX95, but I am noticing that it shows traffic between internal VLANs configured on it. For my use case, I need to see traffic on the WAN and Client VPN interfaces. Would I use the Exclude Filter for this to discard any traffic from our internal VLANs? A quick Wireshark capture doesn't show an Interface I can filter on so that is out for me.
Filtering Cisco Meraki MX Netflow
Votes:
0
8 Replies
Votes:
0
Hello,
Thank you for your message.
To avoid getting bandwidth data for specific interfaces, it is preferable to configure the NetFlow exporter (your device) to discard them when collecting data. This will avoid extra work for both device and PRTG.
You can of course use the Exclude filter field as well. To get an idea of the data transmitted, you can create a new toplist with the column(s) you desire to filter on (ex: Source/Destination VLAN). To create a new toplist, I invite you to have a look at this YouTube video from our colleague Ben: https://youtu.be/JfQ64NlfptE?t=718.
Here is more information regarding how to filter the data: https://www.paessler.com/manuals/prtg/xflow_packet_sniffer_filter_rules#examples.
Regards.
Created on Jul 25, 2022 1:13:03 PM by
Last change on Jul 25, 2022 1:16:53 PM by
Votes:
0
This is not great as this generate more flows and therefore consume more ressources than necessary on both sides. Have you created the toplist to check the information received and applied filter(s) already?
Created on Jul 26, 2022 9:05:22 AM by
Votes:
0
Thank you for your feedback.
As you have many VLANs to exclude, I would recommend to use the Include filter instead. This way, you can only filter the interfaces you want and therefore make the filter much more readable as well as shorter.
Hopefully, Cisco could also help here on their side.
Created on Jul 27, 2022 5:58:15 AM by
Votes:
0
When you say "the Netflow export does not include any interface information in it", have you checked with the toplist as mentioned above (by enabling the interesting fields) and with Wireshark (on the probe server you should receive CFLOW packets with data)?
Have you checked if you have the possibility to rely on one or multiple filters (list available here) to only keep the traffic you desire by using the Include filters field instead.
Created on Jul 29, 2022 11:58:51 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment