A.1. CISCO IOS

This is a quick-start guide for enabling NetFlow export on CISCO IOS version 12.4.

  1. Begin by logging into your switch or router using telnet .

  2. Enter the privileged EXEC mode (password required) using the enable command. 

     # enable

  3. Enter the global configuration mode using the configure terminal command. 

     # configure terminal

  4. At this point, configure a flow monitor on all the interfaces that you want to monitor using the ip route-cache flow command for each. (In our example below, we configure a flow monitor on the FastEthernet0/0 and FastEthernet0/1 interfaces). 

    					# interface FastEthernet0/0 
					# ip route-cache flow
					# exit
					# interface FastEthernet0/1 
					# ip route-cache flow
					# exit

  5. Once the interfaces have been configured to collect NetFlow statistics, you will need to configure the export destination. In the configuration terminal, set the destination: 

     # ip flow-export destination 192.168.17.3 2055

    This sets the export destination to host 192.168.17.3, port UDP/2055. Of course, you will want to replace 192.168.17.3 with the address of the host running FlowTraq Server.

  6. Select the source of the flow information:

     # ip flow-export source FastEthernet0/0

  7. Set the preferred NetFlow version, one of 1, 5, 7, or 9:

     #ip flow-export version 5
    [Important]Important

    You must use NetFlow version 9 if you have IPv6 traffic on your network.

  8. Configure the export policy for active connections: 

     # ip flow-cache timeout active 1

    This command command configures the exporting of active connections once per minute. This means that the flow statistics of, e.g., a streaming video are exported to the FlowTraq collector every 60 seconds even if more packets are expected later in the session.

  9. Configure the export policy for connections that have been closed or have become inactive: 

     # ip flow-cache timeout inactive 15

    This command tells the NetFlow exporting engine that sessions that have seen no new packets for more than 15 seconds should be exported at that time. A lower value here reduces the load on your CISCO device CPU, but increases NetFlow export traffic on your network. A value of 15 is commonly used as a good compromise.

  10. Exit the configuration terminal with CTRL-Z .

  11. Store the new configuration by using the write command before closing the connection.

Prev Up Next
 Home