To implement NetFlow on a router:

Step 1. Configure NetFlow data capture - NetFlow captures data from ingress (incoming) and egress (outgoing) packets.

Step 2. Configure NetFlow data export - The IP address or hostname of the NetFlow collector must be specified and the UDP port to which the NetFlow collector listens.

Step 3. Verify NetFlow, its operation and statistics - After configuring NetFlow, the exported data can be analyzed on a workstation running an application, such as SolarWinds NetFlow Traffic Analyzer, Plixer Scrutinizer, or Cisco NetFlow Collector (NFC). Minimally, one can rely on the output from a number of show commands on the router itself.

Some NetFlow configuration considerations include:

Note: The focus here is on Cisco router configuration of the original NetFlow (referred to simply as NetFlow in the Cisco documentation). The configuration of Flexible Netflow is beyond the scope of this course.

A NetFlow flow is unidirectional. This means that one user connection to an application exists as two NetFlow flows, one for each direction. To define the data to be captured for NetFlow in interface configuration mode:

To enable the NetFlow data to be sent to the NetFlow collector, there are several items to configure on the router in global configuration mode:

The figure shows a basic NetFlow configuration. Router R1 has IP address 192.168.1.1 on the G0/1 interface. The NetFlow collector has the IP address of 192.168.1.3 and is configured to capture the data on UDP port 2055. Ingress and egress traffic through G0/1 is monitored. NetFlow data is sent in Version 5 format.