Cisco IOS – Enabling netflow

I’ve  been using Netflow to monitor network traffic since beginning of this year and still i’m a big fan. Netflow allowes you to really dig in the actual network traffic that is generated by servers (or services) and let’s you investigate traffic that should be blocked.

Configuring a Cisco to export netflow statistics to a collector (in my case Nfsen&NFdump) can really be a pain. Here i will post the commands needed.

Enabling netflow on an interface is done as shown below:

[code]R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#Interface GigabitEthernet 1/0
R1(config-if)#ip flow ingress

Repeat this step for all the interfaces you need to receive flows (statistics) from. Note When CEF is enabled by default all flows are sent to the flow collector. Some IOS versions require you to setup ip route-cache flow or ip flow ingress

Now exit the interface configuration and set the collector you wish to receive the flow statistics on.

[code]R1(config)# ip flow-export version 5
R1(config)# ip flow-export destination 9995[/code]

After the main configuration we have some small tweaks to do, like the timing parameters. We would like to hit the time-out every 60 seconds so we receive up to date information each minute:

[code]R1{config}#ip flow-cache timeout active 1[/code]

As you can see this is only for ‘active’ traffic. The second parameter sets the export timeout for inactive (completed) traffic:

[code]R1(config)#ip flow-cache timeout inactive 15[/code]

Note that the inactive parameter requires a number based on seconds while the ‘active’ parameter expects a number in minutes.


Geef een reactie

%d bloggers liken dit: