Netflow/Sflow Configuration on Cisco/HP/VMware Switches

Cisco Netflow Config Notes:

Enable Cisco Express Forwarding:

router(config)# ip cef

In the configuration terminal on the router, issue the following to start NetFlow Export.

It is necessary to enable NetFlow on all interfaces through which traffic you are interested in will flow. Now, verify that the router is generating flow stats - try 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the Rendezvous Point CLI will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'show ip cache flow' on each LC.

Enable export of these flows with the global commands. 'ip flow-export source' can be set to any interface, but one which is the least likely to enter a 'down' state is preferable. Netflow will not be exported if the specified source is down. For this reason, we suggest the Loopback interface, or a stable Ethernet interface:

router(config)# ip flow-export version 5
router(config)# ip flow-export destination <ip-address> <port>
router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port.

If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 5 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 1
router(config)# ip flow-cache timeout inactive 15

Use the commands below to enable NetFlow on each physical interface (i.e. not VLANs and Tunnels, as they are auto included) you are interested in collecting a flow from. This will normally be an Ethernet or WAN interface. You may also need to set the speed of the interface in kilobits per second. It is especially important to set the speed for frame relay or ATM virtual circuits.

interface <interface>
ip route-cache flow
bandwidth

Now write your configuration with the 'write' or 'copy run start' commands. When in enabled mode, you can see current NetFlow configuration and state with the following commands:

router# show ip flow export
router# show ip cache flow
router# show ip cache verbose flow