7 Replies Latest reply on Nov 26, 2008 11:02 AM by kweise

    Netflow on Cisco 2620

      Hello,

      I am new to cisco and solar winds but i am trying to configure netflow on my cisco 2620 with IOS 12.1(5)T10.

      i've view the video by josh stephen and followed all the steps he outlined

      but when i go to configure ip flow ingress and ip flow egress on my fa 0/0, i don't get these options

      i do see traffic when i do a sh ip cache flow but is this on the out going traffic?  how do i capture incoming traffic as well?

      Any help would be appreciated.

      Thanks
        • Re: Netflow on Cisco 2620
          kweise

          I don't think that version of IOS supports the ip flow ingress and egress commands.  You'll have to use the "ip route-cache flow" command.  That command only captures data on the inbound traffic, so to see both inbound and outbound traffic, you'll need to put the command on both the ethernet and serial interface of the router.  Hope this helps.

            • Re: Netflow on Cisco 2620
              how would i add multiple source for both fa 0/0 and serial 0/0
                • Re: Netflow on Cisco 2620
                  kweise

                  I'm not sure I understand your question, but if you mean how will you see traffic coming into both sides of the router, you'll have to add the ip route-cache flow statement to each interface's config.  If this isn't what you mean, just let me know.


                  config t


                  (config)#int ser0/0


                  (config-if)#ip route-cache flow


                   (config-if)#int fa0/0


                  (config-if)#ip route-cache flow


                    • Re: Netflow on Cisco 2620
                      i have that already


                      but i need to add "ip flow-export source" to both fa 0/0 and serial 0/0
                        • Re: Netflow on Cisco 2620
                          kweise

                          I'm not sure you can export from multiple sources.  For the NTA, your export source IP address needs to match the IP address Orion is using to monitor the node.  Why do you need to export from both interfaces?

                            • Re: Netflow on Cisco 2620
                              maybe i'm miss understanding something. sorry.



                              let me know if what i am about to state is right.



                              when i put in "ip flow-export soure serial 0/0" all i need to do is enable "ip route-cache flow" on all interfaces then.



                              ie. fa0/0 and s0/0



                              any traffic that these interfaces see will export the data via interface s0/0 to the destination of my orion server.



                              correct?
                                • Re: Netflow on Cisco 2620
                                  kweise

                                  Yes, that is correct, as long as 1) you have a version statement and a destination statement in your config and 2) the IP address of your source interface matches the IP address Orion is using to monitor that node.  I haven't tried configuring version 9 NetFlow yet, so I'm still using version 5.  My statements look like this:


                                  ip flow-export source [interface] 


                                  ip flow-export version 5


                                  ip flow-export destination [IP address of Orion server] 2055 (default port that Orion listens on for NetFlow data)


                                  int x


                                  ip route-cache flow (or ip flow ingress on current versions of IOS)


                                   


                                  Hope this helps.