Cisco Meraki MX: Now with NetFlow!


With the massive increase in mobile devices, guest networking, and web-based services in recent years, knowing exactly what clients are doing on your network is more important than ever. Luckily, the IT world has many different methods and tools to help administrators do just that. With Cisco Meraki this comes in the form of in-depth application visibility features built into the cloud management interface.

In some cases, however, administrators may want to combine traffic data from Meraki devices with similar data from third-party equipment, or aggregate traffic data from multiple Meraki networks into a single view. That’s why the MX Security Appliance now includes NetFlow functionality.

What is NetFlow?

NetFlow is a protocol that records information about every traffic flow that passes through a device, and transmits that information to a device or software service known as a NetFlow collector. Specifically, the device sends the NetFlow collector the source IP address, source port, destination IP address, and destination port of each flow. The collector then serves as a sort of log server for this flow data. Many NetFlow collectors include powerful analytics tools that can map the ports and IP addresses in the flows to web sites, protocols, or services – similar to the Traffic Analytics data shown in the Meraki cloud dashboard.

How can an administrator configure NetFlow?

First things first, the MX will have to be running firmware that supports NetFlow. Currently the feature is only in beta firmware, so administrators will need to open a case with Meraki Support. This step is temporary, of course, and will no longer be necessary once the feature is available in non-beta firmware.

NetFlow configuration can be found on the Network-wide>General page. Set the NetFlow collector field to “Enabled” and enter the the IP address and UDP port of the NetFlow collector.