Flexible Netflow
Cisco IOS® Flexible NetFlow is the next-generation in flow technology. It optimizes the network infrastructure, which reduces operation costs and improves capacity planning and security incident detection with increased flexibility and scalability. The ability to characterize IP traffic and identify its source, traffic destination, timing, and application information is critical for network availability, performance, and troubleshooting. When IP traffic flows are monitored, this increases the accuracy of capacity planning and ensures that resource allocation supports organizational goals. Flexible NetFlow helps you determine how to optimize resource usage, plan network capacity, and identify the optimal application layer for QoS. It plays a vital role in network security by the detection of Denial of Service (DoS) attacks and network-propagated worms.
Here are the commands in order to configure Flexible Netflow:
!
flow record IPv4flow
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match flow direction
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter IPv4export-1
destination 10.1.1.6 (IP address of your Netflow Collector. It should be v9 netflow.)
transport udp 2055
!
!
flow monitor IPv4flow (you can view the flows on the switch using CLI if netflow Collector is not available)
description Monitor all IPv4 traffic
exporter IPv4export-1
cache timeout active 30
record IPv4flow
!
Here are the Show Commands:
show flow monitor name monitor-name cache
show flow record
show flow-sampler
show flow monitor
For additional information on Netflow Configuration, please refer to Cisco Flexible NetFlow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches).