Enabling NetFlow* on Cisco IOS and Foundry Switches

Enabling flow-export on a CISCO Router:

The operating system of a CISCO router has to be at least IOS Version 12.0.

The flow records have to be send at least once per minute with the following statment:

ip flow-cache timeout active 1

For each interface section sending of flow records must be enabled:

interface ...
..
ip route-cache flow
..
At the end of the router configuration process you have to select Flowformat Version 5:
ip flow-export version 5
and determine destination Ip address and IP-port for the netflow records:
ip flow-export destination <ip-addr> <port>

The Foundry BigIron is one of the switches, which can also produce netflow records. To turn on this feature the following statements are used (example):

(config)# interface vlan 10
(config-vlan 10)# ip route-cache flow
(config-vlan 10)# exit
(config)# ip flow-export enable
(config)# ip flow-export destination 10.0.0.1 9001

Now netflow records are send to IP address 10.0.0.1 to port 9001. RzKFlow should be configured to listen to the same UDP port.

If you want to have a better evaluation and interpretation of netflow records, buy NetControl and use RzKFlow as one of its various types of probes. NetControl can display hitlists, it stores accounting information for each station on the network, it draws diagrams, gives alarms and ...


NetFlow is a Trademark of Cisco Systems, Inc.

RzK Flow