This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Netflow on Cisco 2620

Hello,

I am new to cisco and solar winds but i am trying to configure netflow on my cisco 2620 with IOS 12.1(5)T10.

i've view the video by josh stephen and followed all the steps he outlined

but when i go to configure ip flow ingress and ip flow egress on my fa 0/0, i don't get these options

i do see traffic when i do a sh ip cache flow but is this on the out going traffic? how do i capture incoming traffic as well?

Any help would be appreciated.

Thanks
  • I don't think that version of IOS supports the ip flow ingress and egress commands.  You'll have to use the "ip route-cache flow" command.  That command only captures data on the inbound traffic, so to see both inbound and outbound traffic, you'll need to put the command on both the ethernet and serial interface of the router.  Hope this helps.

  • how would i add multiple source for both fa 0/0 and serial 0/0
  • I'm not sure I understand your question, but if you mean how will you see traffic coming into both sides of the router, you'll have to add the ip route-cache flow statement to each interface's config.  If this isn't what you mean, just let me know.


    config t


    (config)#int ser0/0


    (config-if)#ip route-cache flow


     (config-if)#int fa0/0


    (config-if)#ip route-cache flow


  • i have that already


    but i need to add "ip flow-export source" to both fa 0/0 and serial 0/0
  • I'm not sure you can export from multiple sources.  For the NTA, your export source IP address needs to match the IP address Orion is using to monitor the node.  Why do you need to export from both interfaces?

  • maybe i'm miss understanding something. sorry.



    let me know if what i am about to state is right.



    when i put in "ip flow-export soure serial 0/0" all i need to do is enable "ip route-cache flow" on all interfaces then.



    ie. fa0/0 and s0/0



    any traffic that these interfaces see will export the data via interface s0/0 to the destination of my orion server.



    correct?
  • Yes, that is correct, as long as 1) you have a version statement and a destination statement in your config and 2) the IP address of your source interface matches the IP address Orion is using to monitor that node.  I haven't tried configuring version 9 NetFlow yet, so I'm still using version 5.  My statements look like this:


    ip flow-export source [interface] 


    ip flow-export version 5


    ip flow-export destination [IP address of Orion server] 2055 (default port that Orion listens on for NetFlow data)


    int x


    ip route-cache flow (or ip flow ingress on current versions of IOS)


     


    Hope this helps.