Configuring NetFlow on network devices allows for the collection of flow information to monitor and analyze network traffic. Below is a detailed explanation of how to configure NetFlow on Cisco routers and switches, along with examples for clarity.
1. Basic Components of NetFlow Configuration
- Flow Record: Specifies which fields will be included in the flow data.
- Flow Exporter: Specifies where the flow data will be sent.
- Flow Monitor: Defines how to collect the flow data.
- Interface Configuration: Enables NetFlow on specific interfaces.
2. Example Scenario
Let’s assume we have a Cisco router with an IP address of 192.168.1.1, and we want to configure NetFlow to monitor traffic on the interface GigabitEthernet0/1. The flow data will be exported to a collector with the IP address 192.168.1.100 on UDP port 2055.
3. Step-by-Step Configuration
Let’s walk through the process of configuring NetFlow on a Cisco router, including the flow exporter configuration.
1. Define the Flow Record
This step creates a flow record that specifies which information to capture in the flow data.
router#configure terminal
router(config)#flow record NetFlow-Recordrouter(config-flow-record)#match ipv4 source address
router(config-flow-record)#match ipv4 destination address
router(config-flow-record)#match transport destination-port
router(config-flow-record)#match ipv4 protocol
router(config-flow-record)#collect counter packets
router(config-flow-record)#collect counter bytes
router(config-flow-record)#exit
2. Define the Flow Exporter
Here, we define the flow exporter that will send the flow data to the collector.
router(config)#flow exporter NetFlow-Exporter
router(config-flow-exporter)#destination 192.168.1.100
router(config-flow-exporter)#transport udp 2055
router(config-flow-exporter)#source GigabitEthernet0/1
router(config-flow-exporter)#exit
3. Define the Flow Monitor
Next, create a flow monitor that uses the flow record and exporter defined earlier.
router(config)#flow monitor NetFlow-Monitor
router(config-flow-monitor)#record NetFlow-Record
router(config-flow-monitor)#exporter NetFlow-Exporter
router(config-flow-monitor)#exit
4. Apply the Flow Monitor to an Interface
Now, apply the flow monitor to the desired interface, where traffic will be monitored.
router(config)#interface GigabitEthernet0/1
router(config-if)#ip flow monitor NetFlow-Monitor input
router(config-if)#ip flow monitor NetFlow-Monitor output
router(config-if)#exit
5. Verification
To verify the configuration and ensure that NetFlow is working correctly, use the following commands:
router#show ip flow export
This command will display statistics about flow export operations.
router#show flow monitor NetFlow-Monitor cache
This command shows the contents of the flow cache, displaying the active flows that have been collected.
6. Additional Configuration Options
- Enabling NetFlow on Multiple Interfaces
If you want to enable NetFlow on multiple interfaces, you can repeat the configuration steps for each interface.
router(config)#interface GigabitEthernet0/2
router(config-if)#ip flow monitor NetFlow-Monitor input
router(config-if)#ip flow monitor NetFlow-Monitor output
router(config-if)#exit
- Configuring Flow Sampling
To reduce the amount of flow data collected, you can configure sampling.
router(config)#interface GigabitEthernet0/1
router(config-if)#ip flow sampling 1 out of 10
4. Conclusion
This configuration ensures that you have a complete setup for NetFlow, including the flow record, flow exporter, and flow monitor. This allows for effective traffic monitoring and analysis on your Cisco router. Always verify the configuration to ensure that flow data is being collected and exported correctly to your collector.