Manually configuring devices to export flow data to Flow Monitor

Network devices must be configured to generate and send NetFlow data to Flow Monitor. This is accomplished manually using the device's command line interface (CLI), or automatically through the Source configuration dialog (Flow Monitor > Configuration) for devices that are NetFlow enabled and have the Cisco NetFlow MIB (OID: 1.3.6.1.4.1.9.9.387).

To manually configure NetFlow enabled devices to send Flow data to Flow Monitor:

Caution: This procedure is an example that applies to a Cisco 1812 router and should not be used for other devices. The process for configuring a device to export Flow data varies widely from device to device and dependent upon your network configuration. Please see your router's documentation to determine the correct process for your device.

  • Step 1. Open the configuration interface for the router and enter the commands detailed in the following table to configure global options for all interfaces on the router.

 

Command

Purpose

 

enable

Enters privileged EXEC mode. Enter your password if prompted.

 

configure terminal

Enters configuration mode.

 

ip flow-export version <version_number>
ex) ip flow-export version <version_5>

Sets the version of the NetFlow protocol that should be used to export data. Flow Monitor supports versions 1, 5, 7, and 9 only.

 

ip flow-export destination <IP> <port>
ex) ip flow-export destination <192.168.2.100> <9999>

Enables the router to export Flow data. Substitute the Flow Monitor server's IP address for <IP> and the listener port specified in the Flow Monitor Flow Settings dialog for <port>. By default Flow Monitor uses port 9999.

 

  • Step 2. Enter the commands detailed in the following table to enable the router to export Flow data about the traffic on an interface. You must repeat these commands for each interface.

 

Command

Purpose

 

interface <interface>

Enters the configuration mode for the interface you specify. Substitute <interface> with the interface's name on the router.

 

ip flow ingress

- and / or -

ip flow egress

Enables Flow data export. Select the command that best fits your needs.

  • ip flow ingress exports flows of all inbound traffic that uses the interface.
  • ip flow egress exports flows of all outbound traffic that uses the interface.

Tip: If the device exporting Flow data is also performing network address translation (NAT), we recommend exporting egress data from the internal interface so that private network addresses are communicated. Any other configuration results in all private addresses reporting as the public addresses of the device performing the network address translation.

Note: Other options exist for configuring NetFlow. For a complete list of available options, see Configuring NetFlow on the Cisco Web site.

Important: In cases where NetFlow Monitor is monitoring data flow between devices that have a long-lived connection, such as router linked between two office sites, you may get spikes in the flow data. Cisco routers by default break and send NetFlow stats every thirty-minutes for long-lived connections. To reduce the data spikes, change the router configuration with the following command:

ip flow-cache timeout active <n>

Where n is the number of minutes. The minutes should be configured to less than or equal to the NefFlow Data collection interval setting which is 2 minutes by default.

See Also

Preparing network devices

Determining which network devices to monitor

Configuring sFlow enabled devices to export flow data to Flow Monitor

About Flexible NetFlow

About Network Based Application Recognition (NBAR)

About CBQoS

Viewing potential Flow Monitor sources

Using Flow Monitor to Configure Cisco NetFlow Devices