|
|
This is a brief guide to setting up NetFlow on your Cisco routers. For more detailed information, refer the Cisco web-site at http://www.cisco.com/go/netflow. It is recommended that only people with experience in configuring Cisco devices follow these steps.
Log in to the router and enter the global configuration mode.
router#enable
Password:(Enter your password )
router#configure terminal
Then issue the following commands to enable NetFlow export:
interface <interface> <interface number>
ip route-cache flow
exit
This enables NetFlow on the specified interface alone. Remember that on a Cisco router, NetFlow is enabled on a per-interface basis.
Repeat the above commands for each interface on which you want to enable NetFlow.
ip flow-export destination <address> 9996
This command exports the NetFlow cache entries to the specified IP address. Use the IP address of your NetFlow Analyzer machine and the configured NetFlow listener port. The default port is 9996.
ip flow-export source <interface> <interface number>
This sets the source IP address of the NetFlow exports sent by the router. NetFlow Analyzer will make SNMP requests of the router on this address.
ip flow-export version 5
This sets the NetFlow export version. NetFlow Analyzer supports only version 5.
ip flow-cache timeout active 5
This breaks up long-lived flows into 5-minute fragments. You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes.
ip flow-cache timeout inactive 15
This ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. However, if you choose a value greater than 250 seconds, NetFlow Monitor may report traffic levels that are too low.
snmp-server ifindex persist
This enables ifIndex persistence globally. This ensures that the ifIndex values are persisted during router reboots.
show ip flow export
This command shows the current NetFlow configuration. Issue this in normal (not configuration) mode.
show ip cache flow
show ip cache verbose flow
These commands summarize the active flows and give an indication of how much NetFlow data the router is exporting. Issue these in normal (not configuration) mode.
The following is a set of commands issued on a router to enable NetFlow on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.
|
router#enable router-2621(config)#interface FastEthernet 0/1 router-2621(config-if)#ip route-cache flow router-2621(config-if)#exit router-2621(config)#ip flow-export destination 192.168.9.101 9996 router-2621(config)#ip flow-export source FastEthernet 0/1 router-2621(config)#ip flow-export version
5 router#show ip flow export |
*repeat these commands to enable NetFlow for each interface
If you need to stop exporting NetFlow data from a router, issue the following command in global configuration mode:
no ip flow-export destination <address> <port>
This will stop exporting the NetFlow cache entries to the specified destination IP address on the specified port number.
If you need to disable NetFlow on an interface, issue the following commands in global configuration mode:
interface <interface> <interface number>
no ip route-cache flow
exit
Repeat the commands for each interface on which you need to disable NetFlow.
For further information on configuring your router
for NetFlow data export, look up Cisco NetFlow commands documentation at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt3/xcdnfc.htm
|
|