Advanced Settings


 

The Advanced Settings option includes the Flow Filter Settings and the Radius Server Settings and their corresponding configuration settings.

 

Flow Filter Settings

 


The Flow Filter settings empower the administrator with the option to

  • exclude ESP_App on user defined interfaces - This helps in ensuring that traffic is not double counted in case of ESP tunnels.

  • suppress Access Control List related drops (based on destination interface being null) on user defined interfaces.
  • suppress output interface accounting on user defined interfaces - Useful when working with WAN accelarator.
  • apply GRE filter on the cryptomap tunnels to prevent double counting of GRE traffic.

    Option Description
    Select edge interfaces of a cryptomap tunnel to apply ESP application filter

    One could add or modify interfaces to apply the ESP application filter. Enabling NetFlow on cryptomap tunnel interfaces double counts the ESP traffic. To prevent this please apply this filter on cryptomap tunnel interfaces. It is possible to add or modify interfaces.

    Select interfaces to apply access control traffic filter

    Access control filter drops the flow information which contains data pertaining to dropped traffic due to Access Control List. Please apply this filter to drop such flows. These flows have the destination interface as null. If any interface is selected to apply this filter, all the traffic coming from this interface with destination as null interface will be dropped.

    Select interfaces to apply output interface suppression filter

    Please select any WAN optimizer's LAN facing interfaces to suppress the incorrect out traffic ( due to compression ) reported by them. This filter stops the out traffic for any interface that is coming as a destination interface of a flow for a selected interface. When a WAN optimizer sends a flow which has source and destination interfaces as A and B respectively , if you select interface A to perform output suppression, B will not get out traffic which is not a correct traffic if reported by interface A ( since compression is happening on interface B on the WAN optimizer )

    Select edge interfaces of a cryptomap tunnel to apply GRE application filter

    Please select any cryptomap tunnel interface in which you want to apply GRE fiter. This prevents the GRE traffic getting double counted. Otherwise the cryptomap interface in which NetFlow is enabled double counts the GRE traffic.


    Radius Server Settings


    Radius Server ( Remote Authentication Dial In User Service ) is an AAA (Authentication, Authorization and Accounting ) protocol for controlling access to resources in a network. Radius Server is useful in centralised management of user credential details. It facilitates a single global set of credentials that are usable on many public networks.Once the user roles are defined in the User Management feature of NetFlow Analyzer subsequent handling of the user profiles can be done from the Radius Server.


    Option Description
    Radius Server IP

    The IP address of the Radius Server where credentials are configures

    Radius Server Authentication Port

    The authentication port of the Radius Server

    Radius Server Protocol

    The Radius Server Protocol could be any of PAP, CHAP, MSCHAP, MSCHAP2

    Radius Server Secret The Secret refers to the password that is necessary to access the Radius Server
    Authentication Retries Authentication Retries can take one of the values from 1, 3, 5. This defines the number of times authentication attempt is allowed

     

     

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine