Enabling NetFlow* on Cisco IOS and Foundry Switches

Enabling flow-export on a CISCO Router:

The operating system of a CISCO router has to be at least IOS Version 12.0.

The flow records have to be send at least once per minute with the following statment:

ip flow-cache timeout active 1

For each interface section sending of flow records must be enabled:

interface ...
ip route-cache flow
At the end of the router configuration process you have to select Flowformat Version 5:
ip flow-export version 5
and determine destination Ip address and IP-port for the netflow records:
ip flow-export destination <ip-addr> <port>

The Foundry BigIron is one of the switches, which can also produce netflow records. To turn on this feature the following statements are used (example):

(config)# interface vlan 10
(config-vlan 10)# ip route-cache flow
(config-vlan 10)# exit
(config)# ip flow-export enable
(config)# ip flow-export destination 9001

Now netflow records are send to IP address to port 9001. RzKFlow should be configured to listen to the same UDP port.

If you want to have a better evaluation and interpretation of netflow records, buy NetControl and use RzKFlow as one of its various types of probes.

NetFlow is a Trademark of Cisco Systems, Inc.

