|
*Disclaimer: Make the changes to your routers at your own risk. I recommend that you establish a baseline for processor and memory utilization before making changes to your routers and reexamine the baseline after making the changes. If you have a support contract with Cisco, I suggest opening a case with TAC to have them look at your configuration and determine if these are the best commands for your routers.
The following commands are the commands that I used to configure my routers running 12.2 and 12.3.
- These are the global configuration mode commands:
- ip flow-export version 5 peer-as
- ip flow-export source xxx
- xxx is the source interface. Choose the interface closest to your collector. This simply ensures that there is no confusion as to the source address that will be listed in the flows.
- This command may be "ip flow-export source-interface xxx" in older versions of IOS.
- ip flow-export destination x.x.x.x y
- x.x.x.x is the collector's ip address, y is the port you will specify in the flow-capture command line. You may choose any port, just remember what it is and avoid the obvious registered ports like 80. (The flow packets are UDP.)
- ip flow-cache timeout active 1
- This syntax is for IOS 12.2 and later. If you are running an 11.x or 12.0/12.1 code, the syntax would be: "ip flow-cache active-timeout 1". This command ensures the timely delivery of flows to the collector.
- In the interface configuration mode of each major interface: (major as opposed to sub-interface)
I have found that if you do not run NetFlow on every major interface, it does strange things to the flow reports. Again, consult with Cisco before changing the configuration on a production router.
A good note from Dave Plonka:
"NetFlow isn't really a switching mode any more; it's just a means of reporting traffic. CEF is used when NetFlow is configured. NetFlow is just configured in this way for historical reasons as it was once proposed and implemented to be a forwarding enhancement."
|
