Q: How do I set up Netflow on my router?
A: First make sure Netflow is included in the IOS you are running. You might try one of the "show" commands given below, or use Cisco's Software Advisor tool (on the CCO website).
Turn on CEF, and set up the flow parameters. Here we are sending Netflow packets in version 5 format to 10.1.2.3 on port 2003/UDP. For active connections, we're sending flow info every 1 minute, and we are sending the flow info on connections that have gone inactive every 15 seconds:
ip flow-cache timeout active 1 ip flow-cache timeout inactive 15 ip flow-export version 5 ip flow-export destination 10.1.2.3 2003Note that even if you dn't have a place to send the flow information to, you can still do this setup, omitting the destination line, to make your router keep netflow stats for you to inspect using the show commands given below. Also, if you do send the flows to a host which is not listening on the given UDP port, you'll get an ICMP port unreachable message back for each datagram you send. Now enable netflow on each interface. You can use either "ingress" or "egress"; I'm not sure which is better from a perfomance standpoint. If you miss some interfaces, you won't see both sides of some conversations:
int f0/0 ip flow ingress int f0/1 ip flow ingress int s0/1 ip flow ingressUse
show ip flow export to look at the netflow setup and flow counters on your router. clear ip cache stats will clear these counters.
To see the whole table of netflow stats, use show ip cache flow. clear ip cache flow will clear these counters.
<< Home