This page describes a simple connection between Trisul NetFlow Server and an ISP Gateway router/switch. We use Cisco ASR as a sample device.

Key features:

- Using a public IP for the NetFlow server - Using ACL to restrict access - Using a separate IP for the DRAC (Remote management)

The scenario is very simple.

We allocate a free public IP 205.0.118.32 with a 255.255.255.254 netmask /31 (point to point) and assign one to the port and another to the NetFlow server.

The config :

interface GigabitEthernet0/2
  ip address 203.0.118.32 255.255.255.254
  ip access-group RestrictedAccess
  no shutdown

Create and apply the ACL to these IP subnets - these would represent the customers subnets and support IPs of vendor.

ip access-list extended RestrictedAccess
   permit ip 103.23.228.81 255.255.255.255 any 
   permit ip 203.0.118.0 255.255.255.0 any
   permit ip 123.23.93.88 255.255.255.255 any
   deny ip any way

On the Trisul NetFlow server set the other IP in the /31 subnet. Say the interface name is eth0

 ip addr add 203.0.118.33/31 dev eth0
 ip route add default via 203.0.118.0 dev eth0 

If you wish to use DRAC for remote access then you can configure a second link using the same method. It is recommended that you disable the port after DRAC activity to prevent unauthorized access.

If you have a separate management VLAN , then you can replace the public IP Address with private IP addresses in the management VLAN instead.