How to enable flow on Cisco 2960x switches -- AuvikFlow (Kentik)


If you're collecting flow from multiple devices sharing the same public IP, you must configure chfagent to send flow to Kentik.

These instructions assume:

Access your switch’s CLI

  1. Telnet or SSH into your Cisco switch.
  2. (If necessary) Enter privileged mode by typing enable and entering your enable password.

Set up a flow exporter

First, we define the export parameters for a flow.

On your switch, execute:

configure terminal
flow exporter AuvikFlowExporter 
description Flow export to Kentik and AuvikFlow

Enable and configure export of NetFlow packets to AuvikFlow

Now we instruct the switch on how to package and send flow packets.

In the source command, replace GigabitEthernet1/0/1 with the interface (uplink) that connects to your firewall or core switch.

On your switch, execute:

dscp 0
source GigabitEthernet1/0/1 transport udp 20013 ttl 255 export-protocol netflow-v9 exit

Set up a flow monitor

Then we set up a flow monitor and associate it with the flow exporter.

On your switch, execute:

flow monitor AuvikFlowMonitor
description AuvikFlow Monitor and route cache
exporter AuvikFlowExporter
flow record test
match ipv4 version cache timeout active 15000 exit

Set up the NetFlow sampler

Now we define the sampling rate that NetFlow uses.

On your switch, execute:

sampler AuvikFlowSampler
description set a sampling rate of 100 for use with AuvikFlow
mode random 1 out-of 32

Assigning flow to an interface

The final step is to apply the flow monitor on an interface.

In the code below, replace GigabitEthernet1/0/1 with the interface to which you’d like to export the flow packets.

On your switch, execute:

interface GigabitEthernet1/0/1
ip flow monitor AuvikFlowMonitor sampler AuvikFlowSampler output

Commit the changes to memory

copy running-config startup-config
