Cisco Meraki MX: Now with NetFlow!

With the massive increase in mobile devices, guest networking, and web-based services in recent years, knowing exactly what clients are doing on your network is more important than ever. Luckily, the IT world has many different methods and tools to help administrators do just that. With Cisco Meraki this comes in the form of in-depth application visibility features built into the cloud management interface.

In some cases, however, administrators may want to combine traffic data from Meraki devices with similar data from third-party equipment, or aggregate traffic data from multiple Meraki networks into a single view. That’s why the MX Security Appliance now includes NetFlow functionality.

What is NetFlow?

NetFlow is a protocol that records information about every traffic flow that passes through a device, and transmits that information to a device or software service known as a NetFlow collector. Specifically, the device sends the NetFlow collector the source IP address, source port, destination IP address, and destination port of each flow. The collector then serves as a sort of log server for this flow data. Many NetFlow collectors include powerful analytics tools that can map the ports and IP addresses in the flows to web sites, protocols, or services – similar to the Traffic Analytics data shown in the Meraki cloud dashboard.

How can an administrator configure NetFlow?

First things first, the MX will have to be running firmware that supports NetFlow. Currently the feature is only in beta firmware, so administrators will need to open a case with Meraki Support. This step is temporary, of course, and will no longer be necessary once the feature is available in non-beta firmware.

NetFlow configuration can be found on the Network-wide>General page. Set the NetFlow collector field to “Enabled” and enter the the IP address and UDP port of the NetFlow collector.

NetFlow can be enabled on configuration templates as well, allowing administrators to send data from multiple MXs to a central NetFlow collector without having to enable the feature on each network individually. For more information on configuration templates, see this post.

Once these changes are saved and the MX has fetched the new configuration, NetFlow data should begin appearing on the collector for all new flows.

Using this data, administrators can not only better understand the current traffic patterns in their network, they can also identify trends that may require action. For example, if the amount of Netflix traffic is steadily rising, perhaps it’s time to configure a traffic shaping rule in the Meraki dashboard to limit Netflix usage before it begins to impact business-critical applications. Being able to to identify these changing network needs before they become urgent is beneficial both to the end user’s experience and to the emotional health of the network team.