Netflow is a useful tool for extracting packet level information for traffic flows on a Cisco router.
Whilst it is Cisco propitiatory there are other licenced versions including J-Flow (Juniper), S-Flow (unix) and IPFIX (IETF version of Netflow v10).
Enabling on a Cisco router is very easy.
Firstly, Choose the interfaces you wish to export the flows on, the enter that interface in Configure adding the commands below :
ip flow ingress - input flow monitoring
ip flow egress - output flow monitoring
ip route-cache flow - Legacy command superceded by the above, however may be only option on older IOS's
Once you have one or more interface enabled, you need to setup the export version :
ip flow-export destination (IP) (Port)
You can specify the source interface for packets (in case of rules or restrictions within the network) by using
ip flow export source (interface)
Depending on the router IOS you can also specify the version of export using :
ip flow-export version (number)
Version 5 tends to be the current standard, with version 9 offering more information but a greater resource usage (certainly on bandwidth) and version 10 for IPFix compliant devices.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment