Netflow Version 5 is the most popular and one of the simplest versions of netflow to enable. Its popular due to its almost ubiquitous support on Cisco routers as well as the fact that it is also the most efficient in terms of bandwidth usage.
To enable netflow you must first enable the global set of commands:
- ip flow-export destination ip_address port
- ip flow-export source interface
- ip flow-export version 5 [peer-as | origin-as]
- ip flow-cache timeout active 1
- ip flow-cache timeout inactive 15
- snmp-server ifindex persist
Then enable netflow on all layer 3 interfaces you wish to monitor: On older devices use:
- ip route-cache flow
Newer devices would use
- ip flow ingress
There is also the "ip flow egress" command. This would be used under special circumstances where the above commands can't be applied or you want to capture the Netflow after traffic has been marked.