Try Auvik Free
Try Auvik Free

How can we help?

  1. Auvik Support
  2. Audit and Reporting
  3. Device configuration for Auvik TrafficInsights
  4. How to Configure Netflow

How to configure NetFlow on Cisco Routers

Avatar
Lawrence Popa
Follow

These instructions assume:

  • The router is running a minimum of IOS version 12.0(22)S, 12.2(14)S, or 12.2(15)T.
  • The date, time and time zone are correctly set on the router.
  • You have Telnet or SSH credentials and access to your Cisco router.
  • The IP address of your Auvik collector is known.

If you have a shared collector and want to ensure that it receives netflow data to enable TrafficInsights, you will need to add the source IP address as a /32 in order for Auvik to register the flows from that specific address in the TrafficInsights portal. There may be some delay for the shared collector to receive the data after the change.

Note: Even if that source IP address is already being scanned, you must add a /32 targeting only the source IP address, due to some limitations, the collector can’t tell if it should be sent to site A or B.

Access your router CLI

  1. Telnet or SSH into your router.
  2. Enter privileged mode by typing enable and entering your enable password.

Enable NetFlow

  1. Run the following command. Replace AuvikCollectorIP with the IP address of your Auvik collector and AuvikPort with one of the following ports: 2055, 2056, 4432, 4739, 6343, 9995 or 9996. 
    enable
configure terminal
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
ip flow-capture vlan-id
ip flow-capture mac-addresses
ip flow-export version 9 origin-as
ip flow-export destination <AuvikCollectorIP> <AuvikPort>
  2. Now enable NetFlow collection on the interface(s) from which you want to capture information. Run the following based on the IOS version running on your router. Replace GigabitEthernet0/1 with the name of the interface you want to use for flow. 
    # IOS version 12.0(22)S, 12.2(14)S, or 12.2(15)T
interface GigabitEthernet0/1
ip flow ingress

# IOS older than 12.0(22)S, 12.2(14)S, or 12.2(15)T

interface GigabitEthernet0/1
ip route-cache flow
  3. Run the following command to confirm the configuration. 
    exit
show ip cache flow
show ip flow interface
show ip flow export
show ip flow export template
  4. Save the active configuration: write memory
  5. Save the current running configuration to the startup configuration file: copy running-config startup-config

Reference: http://www.cisco.com/c/en/us/td/docs/ios/netflow/configuration/guide/12_2sr/nf_12_2sr_book/cfg_nflow_data_expt.html#wp1087069

 

Was this article helpful?
4 out of 6 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles