ZEN Tech NZ

AvatarIf there are no technical difficulties rights now, there will be!

Oct 23, 2007

NMS Part 2 - How to Set Up Netflow

To set up netflow on a Cisco router (in our case a Cisco 3750 with IOS 12.2) we need to tell it where to send the netflow data to. In the example below the destination (172.17.1.1) should have a netflow listener or capture running on udp port 9696.

  • Router#enable
  • Router#configure terminal
  • Router(config)#ip flow-export
  • Router(config-if)#version 5
  • Router(config)#ip flow-export destination 172.17.1.1 9696
Next we have to set up each interface for which we want the netflow data from. In the case where the interface is not part of a defined VLAN
  • Router(config)#interface GigabitEthernet1/0/1
  • Router(config-if)#ip route-cache flow
  • Router(config-if)#ip flow ingress
In the case of VLANs and trunking the set up is slightly different (just to confuse myself I put in all the gory details). First we define the interface/port that we are interested in.
  • Router(config-if)#interface GigabitEthernet1/0/2
  • Router(config-if)# description a VLANed interface
  • Router(config-if)# switchport access vlan 2
  • Router(config-if)# switchport trunk encapsulation dot1q
  • Router(config-if)# switchport trunk native vlan 2
  • Router(config-if)# switchport mode trunk
  • Router(config-if)# speed 1000
  • Router(config-if)# duplex full
Then we define the VLAN interface
  • Router(config-if)#interface Vlan2
  • Router(config-if)# description a VLAN for our interface
  • Router(config-if)# ip address 172.17.1.2 255.255.255.0
  • Router(config-if)# ip flow ingress
  • Router(config-if)# ip route-cache flow
Exit from the configure mode and then do:
  • Router(config-if)#show ip flow export

You should get something like:

Flow export v5 is enabled for main cache
Exporting flows to 172.17.1.1 (6969)
Exporting using source IP address 172.17.1..249
Version 5 flow records
853478 flows exported in 66526 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level

Other useful commands are:
  • Router(config-if)#show ip flow interface
  • Router(config-if)#show ip cache flow
Labels: , , , ,