NetFlow Data Export on an IOS device

In the configuration mode on the router or MSFC, issue the following commands to start NetFlow export.

Enable Cisco express forwarding

router(config)# ip cef
router(config)# ip cef distributed

Turn on flow accounting for each input interface

interface
ip route-cache flow

Example

interface FastEthernet0
ip route-cache flow
interface Serial2/1
ip route-cache flow

It is necessary to enable NetFlow on all interfaces you want to monitor through which traffic will flow. Next, verify that the router or switch is generating flow stats. Enter the command show ip cache flow. Note that for routers with distributed switching, such as the GSR and 75XX series, the RP command line interface only shows flows that made it to the RP. To see flows on the individual linecards, use the attach or if-con command and issue the sh ip ca fl on each LC.

Enable the exports of these flows with global commands

router(config)# ip flow-export version 5
router(config)# ip flow-export destination <ip_address> 2000
router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port. UDP port 2000 is used above.

SolarWinds recommends using NetFlow version 5, which is the most recent export version supported by Cisco routers. The ip flow-export source command is used to set up the source IP address of the exports sent by the router or switch. NetFlow collector can filter incoming traffic on this address. If your router uses the BGP protocol, you can configure AS to be included in exports with this command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments:

router(config)# ip flow-cache timeout active 5
router(config)# ip flow-cache timeout inactive 30

In enable mode you can see current NetFlow configuration and state.