FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
vjoshi_FTNT
Staff
Staff
Article Id 196310
Description
This article explains how to configure IPFIX on the FortiSwitch 500.

Scope
v4.0 MR1 and later.

Solution
The IPFIX standard defines how IP flow information is to be formatted and transferred from an exporter to a collector.

Similar to NetFlow protocol, IPFIX considers a flow to be any number of packets observed in a specific timeslot and sharing a number of properties, for example "same source, same destination, same protocol". Using IPFIX, devices like routers can inform a central monitoring station about their view of a potentially larger network.

IPFIX is a push protocol which means that each sender will periodically send IPFIX messages to configured receivers without any interaction by the receiver.

Use the following steps to enable the IPFIX feature:

1) From Enable Mode, type config to enter Config Mode.

2) Configure where to send the flow exports to.
# ipfix {collector <ip_address> } {port <0-65535> | format <9> } {all | <slot/port><slot/port> }

This enables IPFIX and sends the IPFIX information to the collector from all switch ports.

The default behavior of this command is to enable IPFIX on all ports. To export information from only one port, replace all with the port to which to export data. The defaults for the parameters it configures are as follows:
  • IPFIX is disabled on all switch ports by default.
  • Switch exports flow data to service port 2055 by default.
  • There are no collectors established by default.
  • IPFIX format is set to version 9 by default.
  • The IPFIX report duration is 15 seconds by default.

Example:
(Config)# ipfix collector 10.50.38.199 port 9996 all

This configuration will send IPFIX to the collector at 10.50.38.199 on port 9996. This will export data from all ports on the switch.

Optional Steps:

3) The default report duration is 15 seconds, it can be changed as follows:
# ipfix {report-timer <5-60>}

To view the information about the configuration of IPFIX use the command:
# show ipfix

It should be noted that IPFIX is not an option on all models of FortiSwitch.

Contributors