Are you wishing you had a ‘NetFlow for Dummies’ book to help you figure out how to configure NetFlow on your corporate network? If the answer is “yes” I have some great news… you can save your money.

(Before we get started, you might be asking yourself, “what is NetFlow?” If so, check out Joanne’s NetFlow overview blog for a great overview.)

Need A NetFlow Analyzer?
Do you need NetFlow analysis?

Enabling NetFlow on any Cisco device is as easy as “One, Two, Three”

For time’s sake, I will pick a random device to configure. Looking at my server stack I see a Cisco 6509 Catalyst that is just dying for attention. Cisco has done such a great job with this particular model, we never have to touch it. It just works and we love things that do what they promise.

Getting Started With NetFlow

1. To enable NetFlow on the router, you need the following:

ip flow-export source (insert interface name here)
ip flow-export version 5
ip flow-export destination (netflow collector ip address) (port to export flows to)
ip flow ingress layer2-switched vlan (insert vlans X,Y,X)

ip flow-cache timeout active 1

2. Once those are in place, we now need to configure NetFlow for the switched traffic:

mls nde sender version 5
mls flow ip interface-full
mls nde interface
mls aging long 64
mls aging normal 64

3. After you have configured these globals, you now can configure each of the interfaces themselves for NetFlow:

ip route-cache flow
ip flow ingress

Once you are done configuring NetFlow on your hardware, combine it with a network traffic analyzer and you have the most granular network insight in the universe. Monitoring for Facebook, iPhones, VoIP and online games are just the beginning. After all, this isn’t your grandma’s ip-route-cache flow.

That was easy, wasn’t it? We thought so too! Go ahead, take that money you saved on that heavy yellow book and buy yourself something nice … you deserve it!  If you have any questions or need our help, don’t hesitate to give us a call at 207-324-8805.

If you have experience with large scale NetFlow deployments comment below – we would love to hear from you.

Jake Bergeron author pic

Jake

Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.

Related

Leave a Reply