we have a challange in our Network Setup. We would like to configure Net flow on Cisco ASR routers as well as Cisco 6500/4500 switch. Please share the configuration.
Google it. Check the Cisco Support Community site for many examples to help you
Does this help?
You can download nqcommander.zip and unzip the file.
This tool help you to setup NetFlow. However, this tool has not been updated and little old. But, still you can have idea how to setup.
Please note that the NQCommander file is old and not being currently updated. The Netflow doc here on CA Communities should take the place of the old nqcommander file:
How To Enable NetFlow
here is my example for a device running with version 15.1:
ip flow-cache timeout active 1
ip flow ingress
ip flow egress
ip flow-export source Loopback3
ip flow-export destination <ip of server1> <port, e.g.9995>
ip flow-export destination <ip of server2> <port, e.g.9995>
You have to decide, whether you want export ingress or egress traffic or both.
We have configured the Export for every subinterface, we wanted to see, e.g. GigabitEthernet0/0/0 and Gi0/0/0.1 and Gi0/0/0.2 and...
Defining the source interface was necessary to ensure that we see always the correct device address on the NetFlow server.
Hope, this helps!
Thanks for you prompt assistance, we had already applied those commands but its not support those commands.
Our code version is 15.3(1r)S.
I have no device with 15.3 configured for NetFlow export.
But I think, you have to configure
flow record ...
flow exporter ...
flow monitor ...
and then on the interface
ip flow monitor ....
This is like the configuration for new IOS XE devices.
We started tests with XE devices yesterday but there is no final result yet.
Thanks for the update, have tried with XE devices. if you have full configuration please share it.
no problem, but maybe you have to wait a few weeks.
we have successfully implemented net flow on ASR routers, i could see some traffic on some routers not others. so my doubt is how to check it in routers or switches net flow configured or not. is there any cli commands?
NetFlow configuration is often only "Try and Error".
I guess, you have the same netflow configuration at the "good" and the "bad" routers.
Could you trace e.g. with WireShark directly on your server the communication with the (bad) routers for a longer time?
If yes, do you see any netflow trafic?
If not: - Perhaps you have to configure a source Interface (e.g. "Loopback3") for the flow exporter or a "VRF".
- Is there no "evil" Firewall in the communication patch?
- Try it with other interfaces.
If yes, but NFA says "No" or sees only a few uninteresting packets, then check your flow record definitions and try something.
(If you are not very familiar with WireShark: To make your netflow trace readable, you to decode it as "CLFOW".)
As promised: Here is our configuration example from a IOS XE device:
flow record COMM_Input
match datalink dot1q vlan input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
flow record COMM_Output
match datalink dot1q vlan output
match interface output
flow exporter SERVER1
destination 22.214.171.124 vrf abcd
transport udp 9995
flow monitor COMM_Input
cache timeout active 60
flow monitor COMM_Output