Configuring netflow data export on an IOS device

In the configuration mode on the router or MSFC, issue the following to start NetFlow Export.

First enable Cisco Express Forwarding:

router(config)# ip cef
router(config)# ip cef distributed

And turn on flow accounting for each input interface with the interface command:

interface 
ip flow ingress

interface 
ip route-cache flow

For example:

interface FastEthernet0
  ip flow ingress

interface Serial2/1
  ip flow ingress

It is necessary to enable NetFlow on all interfaces through which traffic (you are interested in) will flow. Now, verify that the router (or switch) is generating flow stats - try command 'show ip cache flow'. Note that for routers with distributed switching (GSR's, 75XX's) the RP cli will only show flows that made it up to the RP. To see flows on the individual linecards use the 'attach' or 'if-con' command and issue the 'sh ip ca fl' on each LC.

Enable the exports of these flows with the global commands:

router(config)# ip flow-export version 9
router(config)# ip flow-export destination <ip_address> 2000
router(config)# ip flow-export source FastEthernet0

Use the IP address of your NetFlow Collector and configured listening port. UDP port 2000 is used for example.

We recommend using NetFlow version 5, which is the most recent export version supported by Cisco routers. The ‘ip flow-export source’ command is used to set up the source IP address of the exports sent by the router or switch. NetFlow Collector can filter incoming traffic on this address. If your router uses BGP protocol, you can configure AS to be included in exports with command:

router(config)# ip flow-export version 9 [peer-as | origin-as]

The following commands break up flows into shorter segments.

router(config)# ip flow-cache timeout active 5
router(config)# ip flow-cache timeout inactive 30

In enable mode you can see current NetFlow configuration and state.

router# show ip flow export
router# show ip cache flow
router# show ip cache verbose flow