What Configuration Options Should I Include in a Cisco ISR Configuration?

May 14, 2020
F
What Configuration Options Should I Include in a Cisco ISR Configuration?

The following are the lines relevant to enabling Netflow in a Cisco ISR:

What to Collect

flow record MyNetflow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute last
collect flow end-reason
collect timestamp absolute first
!

Where to Send the Data

flow exporter MyNetflow
destination destination.ip.goes.here
source GigabitEthernet0/0/0
transport udp 2055
template data timeout 60
!

Tie Them Together

flow monitor MyNetflow
exporter MyNetflow
cache timeout active 60
record MyNetflow
!

The “ip flow monitor” lines associate this interface with sending Netflow records:

interface GigabitEthernet0/0/1
ip flow monitor MyNetflow input
ip flow monitor MyNetflow output
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip nat inside
!

For more information about configuring Cisco routers, see:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-16/fnf-xe-16-book/fnf-ipv4-uni.html

 

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=2726

Category: Using Active-Flow
Tags: