Configuring Flow Exports on Cisco IOS Devices
Enabling NetFlow Export
Enter global configuration mode on the router or Multilayer Switch Feature Card (MSFC), and issue the following commands for each interface on which you want to enable flow:
interface {interface} {interface_number}
ip flow ingress
bandwidth
exit
This enables NetFlow on the specified interface alone. Remember that on a Cisco IOS device, NetFlow is enabled on a per-interface basis.
In some recent Cisco Internetwork Operating System (IOS) releases, Cisco Express Forwarding has to be enabled. For this, issue the command ip cef in global configuration mode on the router or MSFC.
Exporting NetFlow data
Issue the following commands to export NetFlow data to the machine on which Site24x7 On-Premise Poller is installed.
Command | Purpose |
---|---|
ip flow-export destination{hostname|ip_address}9996 | Exports the NetFlow cache entries to the specified IP address. Use the IP address of the machine on which Site24x7 On-Premise Poller is installed. Though the default port is 9996, the port number may vary. Learn how to find the port number of your On-Premise Poller. |
ip flow-export source {interface}{interface_number} | Sets the source IP address of the NetFlow exports sent by the device to the specified IP address. Site24x7 will make SNMP requests of the device on this address. |
ip flow-export version 5 [peer-as | origin-as] | Sets the NetFlow export version to v5. Site24x7 supports only v5, v7 and v9. If your router uses Border Gateway Protocol (BGP) you can specify that either the origin or peer autonomous system (AS) is included in exports, since it is not possible to include both. |
ip flow-cache timeout active 1 |
Breaks up long-lived flows into 1-minute fragments. You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes. It is important to set this value to 1 minute. |
ip flow-cache timeout inactive 15 | Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. |
snmp-server ifindex persist | Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots. |
Verifying device configuration
Issue the following commands in normal (not configuration) mode to verify whether NetFlow export has been configured correctly:
show ip flow export
show ip cache flow
show ip cache verbose flow
Sample device configuration
Here is a set of commands issued on a router to enable NetFlow v5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip flow ingress
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 9996
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
*repeat these commands to enable NetFlow for each interface
Turning off NetFlow
Issue the following commands in global configuration mode to stop exporting NetFlow data:
no ip flow-export destination{port_number}
interface {interface_number}
no ip flow ingress or no ip flow egress
exit