Basic NetFlow 1

Chris
By Chris September 14, 2015 09:05

NetFlow serves a great purpose in Cisco devices, first analyzing and keeping statistics of packets passing through the device, and then forwarding those statistics on to a NetFlow Collector for later analysis. However, from a #CCNA exam prep perspective, NetFlow fits sits as one of those smaller topics a bit outside the core functions in a network. But as long as you don’t forget about it, learning it can be a breeze, with the roughly 5-line configuration being relatively intuitive.

Today’s post sets up the requirements for both the capture and export of NetFlow data.

Requirements

Configure a router (R2) to enable NetFlow so that it both captures statistics about packet flow, as well as reporting those statistics to a NetFlow Collector. In particular:

  • Use NetFlow version 9
  • Monitor using R2’s Gi0/1 interface
  • Monitor packets that both enter and exit that interface
  • Use R2’s Gi0/2 as the source interface for reporting to the NetFlow collector
  • The NetFlow collector (server) uses port number 1025

Figure 1: Two Routers with IP Addresses

Initial Configuration

Example 1 and 2 show the beginning configuration state of R1 and R2.

 

Example 1: R1 Config

Example 2: R2 Config

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

Testing NetFlow capture is somewhat easy, but testing NetFlow data export is not, because you would need to install a NetFlow collector. But to test NetFlow capture, issue the show ip flow interface command. In fact, try this command before configuring NetFlow: the command should return no lines of output. Once NetFlow capture is configured, this command should list the interfaces on which NetFlow is capturing statistics.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

 

Differences between the Lab Exercise and the VIRL Environment

For this lab the .VIRL file does not have an actual Netflow Collector. However, the .VIRL file includes a Linux Server instance with the same location and IP address as the NetFlow Collector described in the lab.

Network Device Info

The .VIRL topology matches this lab topology exactly. The host info does as well.

Host Device Info

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
Netflow 192.168.45.120 02:00:11:11:11:11 cisco/cisco

 

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

Answers: CLI Passwords 1
Answers: Basic NetFlow 1
Chris
By Chris September 14, 2015 09:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories