It is recommended that only users with experience in configuring Cisco devices follow these steps.

As an example, this section offers a brief guide for configuring NetFlow on a Cisco router or switch. Look up more specific information about configuring your own router on Cisco website.


Software Platform Configuration

The following is an example of a basic router configuration for NetFlow. NetFlow basic functionality is very easy to configure. NetFlow is configured on a per interface basis. When NetFlow is configured on the interface, IP packet flow information will be captured into the NetFlow cache. Also, the NetFlow data can be configured to export the NetFlow data to the NetFlow Server.

1. Configuring the interface to capture flows into the NetFlow cache. CEF followed by NetFlow flow capture is configured on the interface

Router(config)# ip cef 
Router(config)# interface FastEthernet 1/0 
Router(config-if)# ip flow ingress
          Or
Router(config-if)# ip route-cache flow 

(info) Either ip flow ingress or ip route-cache flow command can be used depending on the Cisco IOS Software version. IP flow ingress is available in Cisco IOS Software Release 12.2(15)T or above.

2. For exporting the NetFlow cache to the NetFlow Server. A version or a format of the NetFlow export packet is chosen and then the destination IP address of the server (in this example 1.1.1.1). The 2055 is the UDP port the NetFlow Server will use to receive the UDP export from the Cisco device. 2055 is a default value, but you can change this later.

Router(config)# ip flow-export version 9 
Router(config)# ip flow-export destination 1.1.1.1 2055
Router(config)# ip flow-export source FastEthernet 1/0
Router(config)# ip flow-cache timeout active 1
Router(config)# ip flow-cache timeout inactive 15

(tick) More Information on NetFlow Configuration is available at Cisco website.

Cisco Catalyst 6500 Series Switch Platform NetFlow Configuration

The following is an example of NetFlow on a Cisco Catalyst 6500 Series Switch. The Cisco Catalyst 6500 Series Switch has two aspects of NetFlow configuration, configuration of hardware based NetFlow and software NetFlow. Almost all flows on the Cisco Catalyst 6500 Series Switch are hardware switched and the MLS commands are used to characterize NetFlow in hardware. The MSFC (software based NetFlow) will characterize software based flows for packets that are punted up to the MSFC.

NetFlow Cisco Characterization

Figure above shows the concept of two paths for NetFlow packets, the hardware (red) and software (blue) paths and the configuration for each path. Normally on Cisco Catalyst 6500 Series Switch both hardware and software based NetFlow is configured.

The hardware switched flows use the MLS commands to configure NetFlow. Remember that for the hardware based flows NetFlow is enabled on all interfaces when configured.

mls aging normal 32 (Set aging of inactive flows to 32 seconds)
mls flow ip interface-full (Optionally configure a flow mask)
mls nde sender version 5 (Specify the version for export from the PFC) 
mls nde interface (send interface information with the export, command available by default with Supervisor720/Supervisor 32)

The following is the configuration for NetFlow on the MSFC for software based flows. This configuration is equivalent to what is shown in Cisco Catalyst 6500 Series Switch Platform NetFlow Configuration. The user configures NetFlow per interface to activate the flow characterization and also configures an export destination for the hardware and software switched flows.

interface POS9/14 
     ip address 42.50.31.1 255.255.255.252 
     ip route-cache flow (also ip flow ingress can be used) 
     ip flow-export version 5 (The export version is setup for the software flows exported from the MSFC) 
     ip flow-export destination 10.1.1.209 2055 (The destination for hardware and software flows is specified)

More Information on the Cisco Catalyst 6500 Series Switch NetFlow Configuration can be viewed at Cisco website.


  • No labels