Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Example Cisco NetFlow Config - Standard version 5

Example Cisco NetFlow Config - Standard version 5

Table of contents

Overview

The configuration detailed in this article applies to standard Cisco routers from which you would like to export flow data. This shows what entries are required for a basic NetFlow v5 device config.

Environment

  • Cisco router
  • All NTA versions

Detail

 

Command

Purpose

ip flow-export destination {hostname|ip_address} 2055

Exports the NetFlow cache entries to the specified IP address. Use the IP address of the Orion Netflow Traffic Analysis server  and the. The default port is 2055.

ip flow-export source {interface} {interface_number}

Sets the source IP address of the NetFlow exports sent by the device to the specified IP address o f the NetFlow Collector. NOTE: Must be a layer 3 interface and does not have to be an interface that is enabled to collect flow data.  Only used in the packet header as the source

ip flow-export version 5 [peer-as | origin-as]

Sets the NetFlow export version to version 5. NetFlow Analyzer supports only versions 1 5, or version 9.  If BGP AS information would like to be collected set the [peer-as or origin-as]

ip flow-cache timeout active 1

Breaks up long-lived flows into 1-minute fragments . You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes.

Setting  this value to 1 will normalize the data

ip flow-cache timeout inactive 15

Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. However, if you choose a value greater than 250 seconds, NetFlow Analyzer may report traffic levels that are too low.

snmp-server ifindex persist

Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots.

 

Enables flow data to be collected on layer 3 interfaces, configure this command on all interfaces interested in collecting Netflow data on


router-2621(config)#interface FastEthernet 0/0 


router-2621(config-if)# ip flow ingress and ip flow egress ( the rule of thumb is:  If only one interface is enables to capture Netflow data the both commands should be configured.  If there is more than one interface enabled to capture Netflow data then only “ip flow ingress” should be used on all the interface.


 

Final configuration

 

ip flow-export source FastEthernet2/1 ( this is the interface used to export the Netflow data to the collector)

ip flow-export version 5

ip flow-export destination 1.1.1.1 2055

ip flow-cache timeout active 1

ip flow-cache timeout inactive 15

!

snmp-server ifindex persist

!

Interface FastEthernet0/0 ( This is the interface where the Netflow data will be collected on when traffic flows through this interface)

Ip flow ingress

Ip flow egress

 

 

How to verify data is being exported


router#show ip flow export
router#show ip cache flow

 

Last modified
11:38, 28 Nov 2016

Tags

Classifications

Public