Configure Flow Export

Network devices must be configured to generate and send NetFlow data to Network Traffic Analysis. Use the device's command line interface (CLI) to do this manually or do it automatically through the source configuration dialog (SETTINGS > Network Traffic Analysis > NTA Device Configuration). For automatic configuration, devices must be NetFlow enabled and have the Cisco NetFlow MIB (OID: 1.3.6.1.4.1.9.9.387).

To manually configure NetFlow enabled devices to send flow data to the Network Traffic Analysis collector:

Caution: This procedure applies to a Cisco 1812 router. Do not use it for other devices. Configuring a device to export NetFlow data varies widely from device to device and depends on your network configuration. Please see your router's documentation to determine the best process for your device.

Step 1. Open the configuration interface for the router and enter the commands detailed in the following table to configure global options for all interfaces on the router.

Command	Purpose
`enable`	Enters privileged EXEC mode. Enter your password if prompted.
`configure terminal`	Enters configuration mode.
`ip flow-export version <version_number>` Example: `ip flow-export version 5`	Sets the version of the NetFlow protocol that should be used to export data. Network Traffic Analysis supports versions 1, 5, 7, and 9 only.
`ip flow-export destination <IP> <port>` Example: `ip flow-export destination 192.0.2.22 9999`	Enables the router to export Flow data. —where <IP> is the Network Traffic Analysis server's IP address. —and, where <port> is the listener port specified in the NTA Settings dialog. By default Network Traffic Analysis uses port 9999.

Step 2. Enter the commands detailed in the following table to enable the router to export flow data about the traffic on an interface. You must repeat these commands for each interface.

Command

Purpose

interface <interface>

Enters the configuration mode for the interface you specify. Substitute <interface> with the interface's name on the router.

ip flow ingress

( and / or )

ip flow egress

Enables Flow data export. Select the command that best fits your needs.

ip flow ingress exports flow summaries of all inbound traffic that uses the interface.
ip flow egress exports flow summaries of all outbound traffic that uses the interface.

Tip: If the device exporting flow data is also performing network address translation (NAT), we recommend exporting egress data from the internal interface so that private network addresses are communicated. Any other configuration results in all private addresses reporting as the public addresses of the device performing the network address translation.

Note: Other options exist for configuring NetFlow. For a complete list of available options, see Configuring NetFlow on the Cisco Web site.

Important: In cases where NetFlow Monitor is monitoring data flow between devices that have a long-lived connection, such as router linked between two office sites, you may get spikes in the flow data. Cisco routers by default break and send NetFlow stats every 35 for long-lived connections. To reduce the data spikes, change the router configuration with the following command:
ip flow-cache timeout active <n>
—where n is the number of minutes. The minutes should be configured to less than or equal to the NefFlow Data collection interval setting, which equals two minutes by default.