Have a CCR-1036 router with Traffic Flow enabled on our upstream subinterfaces for domestic and international traffic which is delivered over different VLAN’s on ether1. Our customer endpoints connect via L2TP on another VLAN on that same interface. The domestic route table originates from BGP and anything that doesn’t get a hit from that is routed over the international circuit.
Traffic Flow (v9) is configured to only include the first 2 interfaces (dom/int) and is being sent to PRTG for capture and analysis. This is working fine.
The problem is I need to be able to discriminate between flows to and from the L2TP endpoints via whichever upstream route (dom/int) is used for the traffic. I’ve tried using the NextHop field and specifying the upstream gateway for the international circuit but this is not getting the results I need. Only very low traffic volume is tagged compared to the actual flows on that VLAN.
There is no Netflow field in the template that relates to VLAN and because all the traffic is transiting the same ether1 interface this is of no use.
I can’t see any other configurable stuff around netflow in the Microtik or PRTG that might help.
Can anyone help?
Thanks.