netflow 9 filter by destination MAC

Hi there,

Netflow v9 includes the SourceMAC and DestinationMAC fields. You can enter the settings of the sensor to either create your own channels using these filter definitions, or you can create a filter to just include traffic for a particular MAC addresses.

Best regards, Felix

Dec, 2017 - Permalink

Awesome - thanks for pointing me in the right direction.

Dec, 2017 - Permalink

Is this the proper format? DestinationMAC[0024.387d.3300] AND SourceMAC[0024.387d.3300]

Dec, 2017 - Permalink

Hi,

I'd recommend to use an OR:

(DestinationMAC[0024.387d.3300] OR SourceMAC[0024.387d.3300])

And as an additional hint, PRTG likes round brackets a lot...:)

Best regards, Felix

Dec, 2017 - Permalink

Well that is not working - I am still getting all traffic on the interface.

Hurricane Electric suggests using polling mac accounting via snmp instead.

Dec, 2017 - Permalink

So this is why I stopped using PRTG -

(DestinationMAC[0024.387d.3300] OR SourceMAC[0024.387d.3300])

That filter does not filter anything. Just get full bandwidth reading of all traffic.

I even tried using MAC accounting with SNMP and that does not work either. It just alternates between 3.5gig approx and 0.5gig and the other pretty much stays at 0.01gig
1.3.6.1.4.1.9.9.84.1.2.1.1.4.54.2.0.36.56.125.51.0
1.3.6.1.4.1.9.9.84.1.2.1.1.4.54.1.0.36.56.125.51.0
Just a zig zag on the graph. :-(

Dec, 2017 - Permalink

Hi,

Could you please forward a screenshot of the sensor's settings page so that we can check where the filter is configured?

In regards to the SNMP counters, you can use the SNMP Tester to perform a Custom OID scan against the mentioned OID above. Mark the Repeat Every option at the upper right side of the tool and choose the same time which is configured for the scanning interval in PRTG (preferably at least one minute). Copy and paste the results in here for every OID so that we can see what the device returns.

Best regards, Felix

Dec, 2017 - Permalink