How can we help?

Configure Flexible Netflow on Cisco IOS XE devices

Follow

Flexible NetFlow consists of components that can be used together in several variations to perform traffic analysis and data export, and the new command-line interface (CLI) configuration follows the same traditional logic.

In this, user-defined flow records and the component structure of Flexible NetFlow make it easy to create various configurations for traffic analysis and data export on a networking device with a minimum number of configuration commands.

Flexible NetFlow can be configured in three easy steps.

Items that are between { } and in bold should be replaced with values specific to the environment being configured.

 

1. Configuring Exporter

Enter global configuration mode on the router or MSFC, and issue the following commands for creating the exporter:

Device> enable
Device# configure terminal
Device(config)# flow exporter {AuvikExporter}
Device(config-flow-exporter)# destination [Auvik collector IP address]
Device(config-flow-exporter)# export-protocol netflow-v9
Device(config-flow-exporter)# transport udp 9996
Device(config-flow-exporter)# end

Flow exporter can be configured with a unique name. Multiple Flow exporter profiles can be configured. 

 

2. Flow Monitor and Flow Record Configuration

Device(config)# flow monitor {AuvikMonitor}
Device(config-flow-monitor)# record netflow ipv4 original-input
Device(config-flow-monitor)# exporter {AuvikExporter}
Device(config-flow-monitor)# cache timeout active 60
Device(config-flow-monitor)# cache timeout inactive 15
Device(config-flow-monitor)# end

Flow record configuration defines the fields exported via NetFlow protocol. Flexible pre-defined Flow records are based on the original NetFlow ingress or egress caches. Cisco provides a unique keyword to identify the pre-defined records and these records can be associated with a Flexible NetFlow Flow record configuration. The Flexible NetFlow “netflow-original” and Netflow ipv4 original-input are predefined records and these two records can be used interchangeably to export the basic key fields and time stamp fields. Flow monitors can also include packet sampling information if sampling is required. 

 

3. Associate Flow Monitor to Interface

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable NetFlow:

Device(config)# interface {interface} {interface_number}
Device(config-if)# ip flow monitor {AuvikMonitor} input

Flow Monitor has to be attached to a specific physical or logical interface to export Flow statistics for that particular interface. Above is the configuration to attach a Flow monitor to a specific interface.

 

4. Verifying Device Configuration

Issue the following commands in normal (not configuration) mode to verify whether NetFlow export has been configured correctly:

To verify information about aggregation cache.

show ip cache flow aggregation

To confirm the data export.

show ip flow
export

Please note that NetFlow data export has to be enabled on all interfaces of a router in order to see accurate IN and OUT traffic. Suppose you have a router with interface A and B. Since NetFlow, by default, is done on an ingress basis, when you enable NetFlow data export on interface A, it will only export the IN traffic for interface A and OUT traffic for interface B. The OUT traffic for interface A will be contributed by the NetFlow data exported from interface B.

Even if you are interested in managing only interface A, please enable NetFlow data export on A and B. You may subsequently unmanage interface B from the License Management link.

Was this article helpful?
0 out of 1 found this helpful
Have more questions? Submit a request