Netflow/Cisco/Version 5

From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 11:10, 30 September 2016 by Kevin Wilkie (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Netflow Version 5 is the most popular and one of the simplest versions of netflow to enable. Its popular due to its almost ubiquitous support on Cisco routers as well as the fact that it is also the most efficient in terms of bandwidth usage.

To enable netflow you must first enable the global set of commands:

ip flow-export destination ip_address port
ip flow-export source interface
ip flow-export version 5 [peer-as | origin-as]
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
snmp-server ifindex persist

Then enable netflow on all layer 3 interfaces you wish to monitor: On older devices use:

ip route-cache flow

Newer devices would use

ip flow ingress

There is also the "ip flow egress" command. This would be used under special circumstances where the above commands can't be applied or you want to capture the Netflow after traffic has been marked.