5.5 Configuring NetFlow on the Router

Before you can use the Flow-Tools programs to view flow data, you must configure the router to use NetFlow on at least one interface, and you must also configure the router to export flows to a host that will be running the Flow-Tools software. On a Cisco router, you can enable NetFlow on an interface with the interface configuration command ip route-cache flow . For example:

 router#config term Enter configuration commands, one per line. End with CNTL/Z.   router(config)#int Ethernet1/2   router(config-if)#ip route-cache flow   router(config-if)#end 

Remember that NetFlow will report on packets that enter an interface and not on packets that leave an interface. You can enable NetFlow on as many interfaces as you like, though be aware that if you export flow data, more interfaces means more reporting traffic that will be sent to the collector.

To instruct the router to export flows, use the ip flow-export destination configure command:

 router(config)#ip flow-export destination 192.0.2.5 9995   router(config)#ip flow-export source Loopback0 

This will send all flow data to the IP address 192.0.2.5 on UDP port 9995. In this case, we also specified an interface to be used as the source of the packets. This is optional; it is configured here to use a Loopback interface so that the source address of the flows will be consistent even if the other interface addresses on the router change.

Finally, you can specify which version of NetFlow the router should export. If you do not explicitly specify a version, it will default to version 1. To export version 5 instead, type:

 router(config)#ip flow-export version 5 

Remember to issue a write mem to save configuration changes. Now the router should be sending NetFlow packets to the address specified in the ip flow-export destination command, and you can use the Flow-Tools programs to receive them.