This document is locked

Enable and view Netflow

Document

Mon, 09/28/2009 - 07:30
Sep 28th, 2009
User Badges:
  • Purple, 4500 points or more


Enable Netflow to a destination


ip flow-export destination 10.10.1.2 9996
ip flow-export source loopback0
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15


The 9996 is the port that the Netflow application at 10.10.1.2 is listening  on.

Under each interface you must also add:


ip route-cache flow


Enable Netflow locally


ip flow-top-talkers
  top 10
  sort-by bytes


You still need to add ip route-cache flow under the interfaces

Viewing Netflow Information


show ip flow top-talkers


RTR-7206VXR#show ip flow top-talkers
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes
Se1/0 169.51.51.6 Local 169.51.51.5 2F 0000 0000 2448M
Gi0/2 10.1.240.78 Tu0 10.125.1.5 06 05DC 26D9 708M
Se1/0 169.51.51.6 Local 169.51.51.5 32 E556 29EA 431M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FD 05DC 362M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FC 05DC 343M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26ED 05DC 332M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 2701 05DC 329M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FB 05DC 300M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26F9 05DC 294M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26D9 05DC 163M
10 of 10 top talkers shown. 2598 flows processed.


You can see the source and destination IP's, Ports, and the volume. Note that  the ports are in hexadecimal.You can find hex to decimal conversion at http://easycalculation.com/hex-converter.php

Overall Rating: 3 (1 ratings)
Loading.

Actions

This Document