Home > NetFlow Tutorial

NetFlow Tutorial

May 13th, 2016 Go to comments

Configure NetFlow

NetFlow version 5 and version 9 are commonly used nowadays so this part will show how to configure NetFlow in version 5 and 9. We only show the minimum configuration to help NetFlow work well.

Configure NetFlow version 5

The following configuration enables NetFlow version 5 on Fa0/1 interface and export to a NetFlow collector at 10.1.1.1 on UDP port 2055.

NetFlow_Configs.jpg

Router(config)#interface fa0/1
Router(config-if)#ip route-cache flow
Router(config-if)#exit
Router(config)#ip flow-export destination 10.1.1.1 2055
Router(config)#ip flow-export source fa0/2 //NetFlow will use Fa0/2 as the source IP address for the UDP datagrams sent to the NetFlow Collector
Router(config)#ip flow-export version 5
Router(config)#ip flow-cache timeout active 1 //export flow records every minute.

Note:

+ NetFlow version 5 can inspect inbound traffic only.
+ We can use either the command “ip route-cache flow” or “ip flow ingress” in this case. The former will enable flows on the physical interface and all sub-interfaces associated with it while the latter can be used on sub-interfaces and will enable flows on sub-interfaces only.
+ The last command “ip flow-cache timeout active 1” is necessary for NetFlow to work well. If you leave it at the default of 30 minutes your traffic reports will have spikes.

Configure NetFlow version 9

To configure NetFlow version 9 (Flexible NetFlow), we need to configure three components:
1. Flow Record
2. Flow Exporter
3. Flow Monitor

The following configuration enables NetFlow version 9 on Fa0/1 interface and export to a NetFlow collector at 10.1.1.1 on UDP port 2055.

1. Configure the Flow Record:
Router(config)# flow record TUT_Record
Router(config-flow-record)# match ipv4 destination address
Router(config-flow-record)# match ipv4 source address

2. Configure the Exporter:
Router(config)# flow exporter TUT_Exporter
Router(config-flow-exporter)# destination 10.1.1.1

3. Configure the Flow Monitor
Router(config)# flow monitor TUT_Monitor
Router(config-flow-monitor)# record TUT_Record //Must match the above Flow Record name
Router(config-flow-monitor)# exporter TUT_Exporter //Must match the above Exporter name

4. Apply to an interface
Router(config)#interface fa0/1
Router(config-if)#ip flow monitor TUT_Monitor input //Monitor the receiving traffic on this interface

Small note: CEF should be enabled on the NetFlow Exporter router when running NetFlow. CEF decides through which interface traffic is exiting the router. Any NetFlow Collector will calculate the OUT traffic for an interface based on the Destination Interface value present in the NetFlow packets exported from the NetFlow Exporter. If the CEF is disabled on this router, the exported NetFlow packets will have “Destination interface” as “null” and this leads NetFlow Collector to show no OUT traffic for the interfaces.

Verification

After finishing configuration, we may need some commands to verify and troubleshoot our NetFlow configuration. Some popular commands used to check the NetFlow operation are listed below:

+ show ip cache flow: display a summary of the NetFlow accounting statistics. The output of this command has been showed above
+ show ip flow export: display the status and the statistics for NetFlow accounting data export, including the main cache and all other enabled caches

Router# show ip flow export
Flow export v5 is enabled for main cache
  Exporting flows to 10.1.1.1 (2055)
  Exporting using source interface FastEthernet0/2
  Version 5 flow records
  39676332 flows exported in 1440719 udp datagrams
  0 flows failed due to lack of export packet
  153 export packets were sent up to process level
  0 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures

+ “show ip flow interface”: displays NetFlow accounting configuration on interfaces

R2# show ip flow interface
FastEthernet0/0
  ip route-cache flow

+ show ip flow top-talkers: show which end devices on your network are taking up the most bandwidth

Router# show ip flow top-talkers

SrcIf	SrcIPaddress	DstIf	DstIPaddress	Pr  SrcP  DstP  Bytes
Et0/1	191.168.1.1	Local	192.168.1.254	01  0000  0000  4800
Et0/2	191.168.1.2	Local	192.168.1.254	01  0000  0000  4800
Et0/3	191.168.1.3	Local	192.168.1.254	01  0000  0000  3400

 

Comments (23) Comments
Comment pages
1 2 3 2795
  1. Sabrina
    December 22nd, 2016

    Passed today, 200-125 exam thanks to http://pdfdumps.us/exam/200-125.html

  2. CCIE Expert
    February 21st, 2017

    My student passed today 200-125 exam today. 171Qs File is 100% striking in exam.
    Get instant Download at below page”

    https://anon.click/juqoc78

  3. Good CCNA tips
    March 12th, 2017
  4. Vince
    April 30th, 2017

    The command : Show IP flow export verifies NetFlow configuration and overall status of the NetFlow operation.
    You did not mention that and just as you know for people just getting into Routers and switches field one little word will put them out in the middle of nowhere.

  5. chocy
    June 18th, 2017

    PLEASE SEND ME LATEST DUMPs ON MERRYLORD at yah.co.uk

  6. Jerry
    June 20th, 2017

    Amazing page for CCNA learners

  7. Anonymous
    June 21st, 2017

    am really interested in passing the certification thats why am here for help
    am sitting my certification in two weeks time from now, so cud some one please help me with the latest dumps for ccna certification please?
    my email {email not allowed}

  8. Anonymous
    June 21st, 2017

    ok my email ivanismail90(at) gmail dot com

  9. blessed ccna
    June 30th, 2017

    is netflow examinable in ICDN ?

  10. John D. Ngowi
    July 26th, 2017

    Can any one let Me know which one is the right and valid dump pleasee (The name and number of qns)

  11. Casas Modulares Modernas Portugal
    November 8th, 2017

    E também é mais precário ainda nas escolas técnicas. http://daweihan19620408.com/comment/html/?58077.html

  12. Vishwa
    November 28th, 2017

    Please send me latest dump link on my mail {email not allowed} if anyone have

  13. OLR4C
    February 6th, 2018

    Can anyone send me the latest dump on my email carlobundalian @ gmail .com to help out to pass my ccna Thanks

  14. Anonymous
    March 1st, 2018

    Can anyone please send me the latest CCNA dumps?

    Email: {email not allowed}

    Thank you!

  15. Dekker
    March 7th, 2018

    pls send the latest dump
    mail: suhanasafaraur576 at g mail dot com

  16. JGray
    March 7th, 2018

    Check out https://www.prepaway.com/ it is a free site with a test engine

  17. simeon
    September 19th, 2018

    Can someone help me with latest dumb. email is tola@ gmail

  18. Ciscology
    December 19th, 2018

    Thank you 9tut. very useful.

  19. nickojam
    June 23rd, 2019

    please.. i failed in my first ccna 200-125 exam. Exam fee is difficult in my situation.. I will retake exam soon.. please to whom kind hearted, help me with the latest dumps.. nickojamkoh2914 (at) gmail.com

  20. Anonymous
    July 22nd, 2019

    hi everyone pls am in dear need of recent dumps for CCNA 200-125 exams is in less than 2 weeks osuntobs (at) gmail , would be extremely happy and gratefull to have this.

  21. dmitry
    October 24th, 2019

    Pls send me dumps 200-125, my mail dimon965316(dog)yandex(dot)ru

  22. Anonymous
    November 19th, 2019

    pls am in dear need of recent dumps for CCNA 200-125 exams is in less than 1 week osuntobs (at) gmail

Comment pages
1 2 3 2795
Add a Comment