Configure and verify Cisco NetFlow

Exam: Cisco 200-301 - Cisco Certified Network Associate (CCNA)

Netflow allows you to collect, monitor and analyze network traffic. It was initially developed as a switching technology by Cisco but later evolved into a full-fledged network traffic collection and analysis standard. Netflow allows you to monitor an interface of a net flow enabled device, collect traffic statistics that pass through it, and store it in cache.

The data collected in cache is then exported to a flow analyzer tool to analyze bandwidth usage patterns of applications, troubleshooting traffic bottlenecks, and then finding out the best way to use the available bandwidth.

Neflow is simple to use because it does not require any connection setup protocols on devices that use it. It need not be enabled on all the devices. You can simply enable it on the interface of a device that you want to monitor.

Netflow version 5

Netflow version 5 is the most commonly used version of Netflow that allows the use of Autonomous System reporting. It is the traditional version of Netflow and has a fixed packet format or data structure that does not allow any additional information to be added to by Cisco or any other vendor. This feature also makes it easily understandable and usable.

If you try to change Netflow v5 you will get obscure flow formats that will not work with v5 collector. The v5 allows all flows to be calculated when they come to the inbound interface. It is therefore advised to enable netflow version 5 on all the interfaces to allow monitoring of both inbound and outbound traffic on those interfaces.

The code sample given below enables NetFlow version 5 on the FastEthernet 0/1 interface data and then export the data to the NetFlow Analyzer server having IP address 10.192.11.103 on port 2055, which is a UDP port to export NetFlow packets.

RouterR1#enable

RouterR1#configure terminal

RouterR1#enable Password:*****

Specify interface and enter interface configuration mode

RouterR1 (config)#interface FastEthernet 0/1

Enable netflow for ip routing

RouterR1 (config-if)#ip route-cache flow

Exit interface configuration mode

RouterR1 (config-if)#exit

Provide the IP address of the NetFlow Collector server and the port number used to send NetFlow packets.

RouterR1(config)#ip flow-export destination 10.192.11.103 2055

Specify the interface that would be used to export NetFlow packets

RouterR1 (config)#ip flow-export source GigabitEthernet0/1

Specify the netflow version used

RouterR1 (config)#ip flow-export version 5

Break up long-lived flows into 5-minute fragments

RouterR1 (config)#ip flow-cache timeout active 5

Configure that finished flows are periodically exported after 15 seconds

RouterR1 (config)#ip flow-cache timeout inactive 15

Ensure that the ifIndex values persist during router reboots

RouterR1 (config)#snmp-server ifindex persist

RouterR1 (config)#^Z

Netflow ver 9

The netflow version 9 is the most recent version of netflow flow-record format. It is template based and provides a flexible flow export. It allows you to monitor a wide range of IP packets information that includes new fields and record types, which is not available in version 5 of netflow. It also allows use of custom fields such as Multicast IP traffic, VLAN ID, IPv6 traffic, and MPLS labels.

Netflow version 9 or flexible netflow is comprised of three components. These three components are:

Flow record: The flow record provides a description of a template, which is sent periodically to netflow collector so that the collector can interpret datagrams and describe network sessions. The record specifies which data goes to which field, the length of the field, and how to interpret these fields.

A flow record is created using two main commands, Match and Collect.

The match command denotes a mandatory field or a key field. If the match fails, the record is not filled. For example, if the match field is IPv4 address, and the match need to be made to the IPv6 address that does not contain an IPv4 address, the match fails and no record is generated.

The collect command denotes an optional non key value such as VLAN. A space is reserved for collect fields but if they do not exist then a ‘0’ is put on their place.

Flow exporter: The flow exporter provides the description of the destination of the flow record, which is a collector. It contains the network and transport layer information for the export packet and has nothing to do with data being sent, it only concerns about building envelop for the data. It determines how often the templates need to be sent and what will be the delay. You can configure export destination IP address, source interface, UDP port number, and export format while configuring exporters.

Flow monitor: This is the final stage and in this stage you need to setup a monitor. For each different type of record a separate monitor is created. For example, both IPv4 and IPv6 create different records so a separate monitor for each IPv4 and IPv6 is created. You need to attach an interface to the monitor.

Configure netflow version 9

RouterR1#enable

RouterR1#configure terminal

RouterR1#enable Password:*****

Creating a flow record

Create a name to define the netflow record

RouterR1(config)# flow record ipv4record

Enter into netflow configuration mode and define match commands

RouterR1(config-flow-record)# match ipv4 source address

RouterR1(config-flow-record)# match ipv4 destination address

RouterR1(config-flow-record)# match ipv4 protocol

RouterR1(config-flow-record)# match transport source-port

RouterR1(config-flow-record)# match transport destination-port

RouterR1(config-flow-record)# match interface input

Define collect commands

RouterR1(config-flow-record)# collect interface output

RouterR1(config-flow-record)# collect counter bytes

RouterR1(config-flow-record)# collect counter packets

Creating Flow Exporter

Create a netflow exporter

RouterR1(config)# flow exporter my-netflow-exporter

Specify the IP address of the NetFlow Collector server

RouterR1 (config-flow-exporter)#destination 10.192.10.103

Specify the source or the return address that will be used to identify this device tothe collector

RouterR1 (config-flow-exporter)# source GigabitEthernet0/1

Define the port number and the protocol used to send packets. The default netflow port is 2055 /UDP

RouterR1 (config-flow-exporter)# transport udp 2055 NetFlow packets are exported.

Send a template every 1 minute

RouterR1 (config-flow-exporter)# template data timeout 60

Creating a Flow Monitor

RouterR1 (config)# flow monitor mainmonitor

RouterR1 (config-flow-monitor)# record ipv4record

RouterR1 (config-flow-monitor)# exporter ipv4export

RouterR1 (config-flow-monitor)# cache timeout active 60

RouterR1 (config-flow-monitor)# cache timeout inactive 15

Associate the Monitor to an Interface

RouterR1 (config)# int FastEthernet0/1

RouterR1 (config-if)# ip flow monitor mainmonitor input

Save configuration

RouterR1#write

Verify Netflow Configuration

Use following commands to verify netflow configurations:

  • show flow exporter [name]: Use this command to display information about NetFlow flow exporters and statistics.
  • show flow interface [interface-type number] : Use this command to display information about NetFlow interfaces.
  • show flow monitor [name] [cache [detailed]] : Use this command to display information about NetFlow flow monitors and statistics.
  • show flow record [name] : Use this command to display information about NetFlow flow records.

Example Question

The Flow exporter component of Netflow ver 9 is contains which of the following type of information?

  1. Flow exporter component contains the keys that NetFlow uses to identify packets
  2. Flow exporter component contains the network layer and transport layer details for the NetFlow export packet
  3. Flow exporter component contains the monitor references.
  4. None of the above

Correct Answer: 2

The flow exporter component contains the network layer and transport layer details for the NetFlow export packet

Related IT Guides

  1. 200-301 exam questions
  2. Configure and verify ACLs in a network environment
  3. Configure and verify an ACLs to limit telnet and SSH access to the router
  4. Configure and verify DHCP (IOS Router)
  5. Configure and verify EtherChannels
  6. Configure and verify initial switch configuration including remote access management
  7. Configure and verify interVLAN routing (Router on a stick)
  8. Configure and Verify IP SLA
  9. Configure and verify IPv4 Network Address Translation (NAT)
  10. Configure And Verify Manual and Autosummarization With Any Routing Protocol
  11. Configure and Verify Network Time Protocol (NTP)
  12. Configure and verify PPP
  13. Configure and verify static routing
  14. Configure and verify VLANs
  15. Configure And Verify VRF Lite
  16. Describe IP operations
  17. Describe the types, features, and applications of ACLs
  18. Identify and correct common network problems
  19. Recognize proposed changes to the network
  20. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  21. Select the Components Required to Meet a Network Specification
  22. Troubleshoot Layer 2 protocols
  23. Troubleshoot passive interfaces
  24. Verify network status and switch operation using basic utilities
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.


Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at support@braindumps.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.


The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as www.braindumps.com provides only the practice questions for these.
  11. Outdated Exam Products.
Close
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Close
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:

SignUp10OFF

Start Shopping