90 ESR Series Routers Operation Manual
7.28 sFlow configuration
Sflow is a computer network, wireless network and network device monitoring standard designed
for traffic accounting and analysis.
Objective: Establish accounting for traffic between 'trusted' and 'untrusted' zones.
Fig. 7.30—Network structure
Solution:
Create two security zones for ESR networks:
esr# configure
esr(config)# security zone TRUSTED
esr(config-zone)# exit
esr(config)# security zone UNTRUSTED
esr(config-zone)# exit
Configure network interfaces and identify their inherence to security zones:
esr(config)# interface gi1/0/1
esr(config-if-gi)# security-zone UNTRUSTED
esr(config-if-gi)# ip address 10.10.0.1/24
esr(config-if-gi)# exit
esr(config)# interface gi1/0/2-3
esr(config-if-gi)# security-zone TRUSTED
esr(config-if-gi)# exit
esr(config)# interface gi1/0/2
esr(config-if-gi)# ip address 192.168.1.5/24
esr(config-if-gi)# exit
esr(config)# interface gi1/0/3
esr(config-if-gi)# ip address 192.168.3.5/24
esr(config-if-gi)# exit
Specify collector IP address:
esr(config)# sflow collector 192.168.1.8
Enable sFlow protocol statistics export for all traffic within 'rule1' for TRUSTED-UNTRUSTED
direction:
esr(config)# security zone-pair TRUSTED UNTRUSTED
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# action sflow-sample