This document is locked

Enable and view Netflow

Document

Mon, 09/28/2009 - 07:30
Sep 28th, 2009

Enable Netflow to a destination

ip flow-export destination 10.10.1.2 9996
ip flow-export source loopback0
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15

The 9996 is the port that the Netflow application at 10.10.1.2 is listening  on.

Under each interface you must also add:

ip route-cache flow

Enable Netflow locally

ip flow-top-talkers
  top 10
  sort-by bytes

You still need to add ip route-cache flow under the interfaces

Viewing Netflow Information

show ip flow top-talkers

RTR-7206VXR#show ip flow top-talkers
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes
Se1/0 169.51.51.6 Local 169.51.51.5 2F 0000 0000 2448M
Gi0/2 10.1.240.78 Tu0 10.125.1.5 06 05DC 26D9 708M
Se1/0 169.51.51.6 Local 169.51.51.5 32 E556 29EA 431M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FD 05DC 362M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FC 05DC 343M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26ED 05DC 332M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 2701 05DC 329M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26FB 05DC 300M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26F9 05DC 294M
Tu0 10.125.1.5 Gi0/1 10.1.240.78 06 26D9 05DC 163M
10 of 10 top talkers shown. 2598 flows processed.

You can see the source and destination IP's, Ports, and the volume. Note that  the ports are in hexadecimal.You can find hex to decimal conversion at http://easycalculation.com/hex-converter.php

Overall Rating: 3 (1 ratings)

Actions

This Document

Related Content