This is a quick-start guide for enabling NetFlow export on CISCO IOS version 12.4.
Begin by logging into your switch or router using
telnet
.Enter the privileged EXEC mode (password required) using the
enable
command.# enable
Enter the global configuration mode using the
configure terminal
command.# configure terminal
At this point, configure a flow monitor on all the interfaces that you want to monitor using the
ip route-cache flow
command for each. (In our example below, we configure a flow monitor on the FastEthernet0/0 and FastEthernet0/1 interfaces).# interface FastEthernet0/0 # ip route-cache flow # exit # interface FastEthernet0/1 # ip route-cache flow # exit
Once the interfaces have been configured to collect NetFlow statistics, you will need to configure the export destination. In the configuration terminal, set the destination:
# ip flow-export destination 192.168.17.3 2055
This sets the export destination to host 192.168.17.3, port UDP/2055. Of course, you will want to replace 192.168.17.3 with the address of the host running FlowTraq Server.
Select the source of the flow information:
# ip flow-export source FastEthernet0/0
Set the preferred NetFlow version, one of 1, 5, 7, or 9:
#ip flow-export version 5
Important You must use NetFlow version 9 if you have IPv6 traffic on your network.
Configure the export policy for active connections:
# ip flow-cache timeout active 1
This command command configures the exporting of active connections once per minute. This means that the flow statistics of, e.g., a streaming video are exported to the FlowTraq collector every 60 seconds even if more packets are expected later in the session.
Configure the export policy for connections that have been closed or have become inactive:
# ip flow-cache timeout inactive 15
This command tells the NetFlow exporting engine that sessions that have seen no new packets for more than 15 seconds should be exported at that time. A lower value here reduces the load on your CISCO device CPU, but increases NetFlow export traffic on your network. A value of 15 is commonly used as a good compromise.
Exit the configuration terminal with
CTRL-Z
.Store the new configuration by using the
write
command before closing the connection.