How to Configure Netflow Data Export on Cisco Router or Switch

NetFlow is a Cisco IOS application that provides statistics on packets flowing through the Router. Using NetFlow you can export data (traffic statistics) to a remote workstation for processing. NetFlow is performed independently on each internetworking device, it does not need to be operational on each router in the network. Network Engineers can configure NetFlow selectively on a Routers or Router Interfaces to gain traffic statistics, Control or accounting benefits in Specific Network. NetFlow does consume additional memory and CPU resources; therefore, it is important to understand the resources required on your Router before enabling NetFlow.

Prerequisites for NetFlow Configuration and Data Export on Router:

1. Configure IP routing on Router

2. If you want to configure NetFlow on  interfaces ,you must enable one of the following on Router

    • Cisco Express Forwarding (CEF)
    • Distributed CEF
    • Fast switching

Special notes on Netflow for specific Cisco IOS versions:

1. If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlow on an interface.

2. If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later the ip flow ingress command is used to enable NetFlow on an interface.

To configure NetFlow, complete the  tasks in the following sections. At a minimum, you must configure NetFlow and Netflow statistics export. The remaining tasks are optional.

Configure NetFlow on Cisco Router Interfaces:

Router>enable
Router# configure terminal

Router(config)# interface interface-type interface-number

Router(config-if)# ip flow {ingress | egress}
or
Router(config-if)# ip route-cache flow
Router(config-if)# end
Router# copy run start

Repeat interface command on any others you want to see traffic statistics on and save the Running configuration to Startup configuration on Cisco Router.

Now that Netflow Statistics is collecting, configure an export destination:

Now configure Data flow export with destination server IP address on Router.

Router>enable
Router# configure terminal
Router(config)#ip flow-export ?
destination  Specify the Destination IP address
source       Specify the interface for source address
template     Specify the template specific configurations
version      Specify the version number

Router(config)# ip flow-export source interface-type interface-number

Router(config)# ip flow-export destination <ip address of NetFlow collector>
<UDP Port number>– UDP port number is optional

Router(config)# ip flow-export version number

You can use the IP address of your NetFlow Collector and configured listening port. It is an optional command. If your Router uses BGP protocol, you can configure AS to be included in exports with command:

Router(config)# ip flow-export version 9 [peer-as | origin-as]

The following commands break up flows into shorter segments.

Router(config)# ip flow-cache timeout active 5
Router(config)# ip flow-cache timeout inactive 30

Disabling Netflow Configuration:

This command will tell the router not to send any netflow packets to the specified address

Router(config)# no ip flow-export destination <ip address of NetFlow> <UDP Port>

To disable Netflow for a specific interface use these commands:

Router(config)# interface interface-type interface-number
Router(config-if)# no ip flow {ingress | egress}
Router(config-if)# no ip route-cache flow

Customize the Number of Entries in the NetFlow Cache:

You can increase or decrease the number of entries maintained in the cache to meet the needs of your NetFlow traffic rates. The default is 64K flow cache entries. Each cache entry is approximately 64 bytes of storage. Assuming a cache with the default number of entries, approximately 4 MB of DRAM would be required. Each time a new flow is taken from the free-flow queue, the number of free flows is checked. If there are only a few free flows remaining, NetFlow attempts to age 30 flows using an accelerated timeout. If there is only one free flow remaining, NetFlow automatically ages 30 flows regardless of their age. The intent is to ensure free flow entries are always available.

To customize the number of entries in the NetFlow cache, use the following command in global configuration mode. You can Change the NetFlow cache number of entries can be 1024 to 524288. The default is 65536.

Router(config)#ip flow-cache entries <number>

Note: We recommend that you not change the NetFlow cache entries

Commands to verify Netflow configuration:

You can verify the NetFlow configuration status and output statistics on Cisco Router with fallowing commands.

Router# show ip cache flow (shows a summary of Netflow capture statistics)
Router# show ip flow interface (shows which interfaces netflow is configured on)
Router# show ip flow export
Router# show ip cache verbose flow

Video -Netflow Data Export Configuration on Cisco IOS:

Following video covered how to configure Netflow Data export on Cisco Router or Switch.

Filed Under: NetFlow

Tags:

About the Author:

RSSComments (0)

Trackback URL

Leave a Reply




If you want a picture to show with your comment, go get a Gravatar.