Try Auvik Free
Try Auvik Free

How can we help?

  1. Auvik Support
  2. Audit and Reporting
  3. Device configuration for Auvik TrafficInsights
  4. How to Configure Netflow

How to configure NetFlow on Cisco Routers

Avatar
Lawrence Popa
Follow

These instructions assume:

  • The router is running a minimum of IOS version 12.0(22)S, 12.2(14)S, or 12.2(15)T.
  • The date, time and time zone are correctly set on the router.
  • You have Telnet or SSH credentials and access to your Cisco router.
  • The IP address of your Auvik collector is known.

If you are using a shared collector and want TrafficInsights to associate flow data with the correct site, you must add the source IP address as a dedicated /32 network within Auvik.

For example:

192.168.1.10/32

Even if the source IP address is already included in a larger monitored subnet, a dedicated /32 entry is required for TrafficInsights to correctly associate flow records with the appropriate site.

After making this change, it may take several minutes before flow data appears in TrafficInsights.

Access your router CLI

  1. Telnet or SSH into your router.
  2. Enter privileged mode by typing enable and entering your enable password.

Enable NetFlow

  1. Run the following command. Replace AuvikCollectorIP with the IP address of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995 or 9996. 
    enable
configure terminal
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
ip flow-capture vlan-id
ip flow-capture mac-addresses
ip flow-export version 9 origin-as
ip flow-export destination <AuvikCollectorIP> <AuvikPort>
  2. Now enable NetFlow collection on the interface(s) from which you want to capture information. Run the following based on the IOS version running on your router. Replace GigabitEthernet0/1 with the name of the interface you want to use for flow. 
    # IOS version 12.0(22)S, 12.2(14)S, or 12.2(15)T
interface GigabitEthernet0/1
ip flow ingress

# IOS older than 12.0(22)S, 12.2(14)S, or 12.2(15)T

interface GigabitEthernet0/1
ip route-cache flow
  3. Run the following command to confirm the configuration. 
    exit
show ip cache flow
show ip flow interface
show ip flow export
show ip flow export template
  4. Save the active configuration: write memory
  5. Save the current running configuration to the startup configuration file: copy running-config startup-config

Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_book/cfg_nflow_data_expt.html#wp1087069

 

Was this article helpful?
4 out of 6 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles