Skip to main content

Configuring netflow data export on an IOS device

By
In the configuration mode on the router or MSFC, issue the following to start NetFlow Export.
First enable Cisco Express Forwarding: 
router(config)# ip cef
router(config)# ip cef distributed
And turn on flow accounting for each input interface with the interface command: 
interface 
ip flow ingress
or use old (depricated) command: 
interface 
ip route-cache flow
For example: 
interface FastEthernet0
  ip flow ingress

interface Serial2/1
  ip flow ingress
It is necessary to enable NetFlow on all interfaces through which traffic (you are interested in) will flow. Now, verify that the router (or switch) is generating flow stats - try command 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'sh ip ca fl' on each LC.
Enable the exports of these flows with the global commands: 
router(config)# ip flow-export version 9
router(config)# ip flow-export destination <ip_address> 2000
router(config)# ip flow-export source FastEthernet0
Use the IP address of your NetFlow Collector and configured listening port. UDP port 2000 is used for example.
We recommend using NetFlow version 5, which is the most recent export version supported by Cisco routers. The ‘ip flow-export source’ command is used to set up the source IP address of the exports sent by the router or switch. NetFlow Collector can filter incoming traffic on this address. If your router uses BGP protocol, you can configure AS to be included in exports with command: 
router(config)# ip flow-export version 9 [peer-as | origin-as]
The following commands break up flows into shorter segments. 
router(config)# ip flow-cache timeout active 5
router(config)# ip flow-cache timeout inactive 30
In enable mode you can see current NetFlow configuration and state. 
router# show ip flow export
router# show ip cache flow
router# show ip cache verbose flow
Labels:

Comments

Post a Comment

Popular posts from this blog

Duplicate IP Address has been Detected Rule

By
A duplicate IP address has been detected on the network Rule Knowledgebase Summary This rule generates an alert when Windows® detects that he local machine’s IP address is in conflict with one or more identical IP addresses on the network. Until the IP address conflict is resolved, remote clients and applications may have difficulty accessing resources on any of the effected computers. Additionally, the local computer may not be able to access network resources. Related Events This rule generates an alert whenever the following events occur and are recorded in the System Event Log: The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCPIP; Event ID: 4198; The system detected an address conflict for IP address %2 with the system having network hardware address %3. The local interface has been disabled. Source: TCP...
1 comment
Read more

Schedule Automatic backup config in Cisco Nexus

By
Schedule Automatic backup config in Cisco Nexus Nexus-Sw1(config)#feature scheduler   //Enable scheduler service in Nexus Nexus-Sw1(config)#scheduler job name backup-daily      // Job Name Nexus-Sw1(config)#scheduler aaa-authentication username abcd password abcd@123     // AAA - Authentication for Job created above (If AAA configured) Nexus-Sw1(config)#scheduler job name backup-daily copy running-config tftp://192.168.1.23/$(SWITCHNAME)-cfg.$(TIMESTAMP)         //IP of TFTP SERVER , file will saved with switch name and timestamp exit Nexus-Sw1(config)#scheduler schedule name backup-daily   // Setup Schedule to run for the JOB Nexus-Sw1(config-schedule)# time ?   daily    Specify a daily schedule   monthly  Specify a monthly schedule   start    Specify a future time schedule   weekly   Specify a weekly schedule...
Post a Comment
Read more

How to enable SSH login access to a Cisco router

By
This guide walks you through how to setup SSH on a Cisco Router. SSH is by far more secure then telnet. Telnet allows your passwords to be sent in plain text that anyone can see and gain access to your network. SSH is all encrypted traffic. NOTE: This should work with any Cisco router provided the Cisco IOS on the router supports ssh. Firstly is ssh enabled? router#sh ip ssh SSH Disabled - version 2.0 %Please create RSA keys to enable SSH. Authentication timeout: 60 secs; Authentication retries: 5 In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform. How to enable SSH on a Cisco 800 series router# config term router(config)#crypto key generate rsa usage-keys label router-key The name for the keys will be: router-key Choose the size of the key modulus in the range of 360 to 2048 for your ...
1 comment
Read more