FREE IT Monitoring Webcast
Don’t miss out on our webcast, Essential IT Monitoring with SolarWinds ipMonitor, where we will show you how to keep an eye on your IT environment from one centralized, affordable, and lightweight monitoring tool: SolarWinds® ipMonitor®.
Register now.
The configuration detailed in this article applies to standard Cisco routers from which you would like to export flow data. This shows what entries are required for a basic NetFlow v5 device config.
| Command | Purpose |
| ip flow-export destination {hostname|ip_address} 2055 | Exports the NetFlow cache entries to the specified IP address. Use the IP address of the Orion Netflow Traffic Analysis server and the. The default port is 2055. |
| ip flow-export source {interface} {interface_number} | Sets the source IP address of the NetFlow exports sent by the device to the specified IP address o f the NetFlow Collector. NOTE: Must be a layer 3 interface and does not have to be an interface that is enabled to collect flow data. Only used in the packet header as the source |
| ip flow-export version 5 [peer-as | origin-as] | Sets the NetFlow export version to version 5. NetFlow Analyzer supports only versions 1 5, or version 9. If BGP AS information would like to be collected set the [peer-as or origin-as] |
| ip flow-cache timeout active 1 | Breaks up long-lived flows into 1-minute fragments . You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes. Setting this value to 1 will normalize the data |
| ip flow-cache timeout inactive 15 | Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. However, if you choose a value greater than 250 seconds, NetFlow Analyzer may report traffic levels that are too low. |
| snmp-server ifindex persist | Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots. |
Enables flow data to be collected on layer 3 interfaces, configure this command on all interfaces interested in collecting Netflow data on
router-2621(config)#interface FastEthernet 0/0
router-2621(config-if)# ip flow ingress and ip flow egress ( the rule of thumb is: If only one interface is enables to capture Netflow data the both commands should be configured. If there is more than one interface enabled to capture Netflow data then only “ip flow ingress” should be used on all the interface.
Final configuration
ip flow-export source FastEthernet2/1 ( this is the interface used to export the Netflow data to the collector)
ip flow-export version 5
ip flow-export destination 1.1.1.1 2055
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
!
snmp-server ifindex persist
!
Interface FastEthernet0/0 ( This is the interface where the Netflow data will be collected on when traffic flows through this interface)
Ip flow ingress
Ip flow egress
How to verify data is being exported
router#show ip flow export
router#show ip cache flow