Differences

This shows you the differences between two versions of the page.

--- netflow:config [2025/04/01 17:30] – created veera
+++ netflow:config [2025/04/01 17:44] (current) – [DRAC] veera
@@ Line 15: / Line 15: @@
 The scenario is very simple.
-We allocate a free public IP with /31 (point to point) and assign one to the port and another to the NetFlow server.
+We allocate a free public IP ''205.0.118.32'' with a ''255.255.255.254 netmask /31'' (point to point) and assign one to the port and another to the NetFlow server.
+{{:netflow:connection-ipdr_-_page_1.png?600|}}
+The config :
+<code>
+interface GigabitEthernet0/2
+  ip address 203.0.118.32 255.255.255.254
+  ip access-group RestrictedAccess
+  no shutdown
+</code>
+Create and apply the ACL to these IP subnets - these would represent the customers subnets and support IPs of vendor.
+<code>
+ip access-list extended RestrictedAccess
+   permit ip 103.23.228.81 255.255.255.255 any
+   permit ip 203.0.118.0 255.255.255.0 any
+   permit ip 123.23.93.88 255.255.255.255 any
+   deny ip any way
+</code>
+On the Trisul NetFlow server set the other IP in the ''/31'' subnet. Say the interface name is ''eth0''
+<code>
+ ip addr add 203.0.118.33/31 dev eth0
+ ip route add default via 203.0.118.0 dev eth0
+</code>
+===== DRAC =====
+If you wish to use DRAC for remote access then you can configure a second link using the same method.  It is recommended that you disable the port after DRAC activity to prevent unauthorized access.
+{{:netflow:connection-ipdr_-_page_2.png?400|}}
+===== Other options - Management VLAN =====
+If you have a separate management VLAN , then you can replace the public IP Address with private IP addresses in the management VLAN instead.