How to configure NetFlow on the Switch

The following steps are for a Nexus 9000 switch. The configurations may slightly differ for other Cisco platforms. In any case, refer to the official Cisco configuration guide for the Cisco platform you're configuring.

Procedure

switch# configure terminal
switch(config)# feature netflow

    switch(config)# flow record ipv4-records
    switch(config-flow-record)# description IPv4Flow
    switch(config-flow-record)# match ipv4 source address
    switch(config-flow-record)# match ipv4 destination address
    switch(config-flow-record)# match ip protocol
    switch(config-flow-record)# match transport source-port
    switch(config-flow-record)# match transport destination-port
    switch(config-flow-record)# collect transport tcp flags
    switch(config-flow-record)# collect counter bytes
    switch(config-flow-record)# collect counter packets

    switch(config)# flow exporter flow-exporter-one
    switch(config-flow-exporter)# description NetFlowv9ToNetFlowConnector
    switch(config-flow-exporter)# destination 172.26.230.173 use-vrf management
    switch(config-flow-exporter)# transport udp 4729
    switch(config-flow-exporter)# source mgmt0
    switch(config-flow-exporter)# version 9
    switch(config-flow-exporter-version-9)# template data timeout 20

    switch(config)# flow monitor ipv4-monitor
    switch(config-flow-monitor)# description IPv4FlowMonitor
    switch(config-flow-monitor)# record ipv4-records
    switch(config-flow-monitor)# exporter flow-exporter-one

    switch(config)# interface Ethernet 1/1
    switch(config-if)# ip flow monitor ipv4-monitor input

Previous topic Supported Information Elements Next topic How to Configure the Connector

1	Enter global configuration mode. `switch# configure terminal`
2	Enable NetFlow feature. `switch(config)# feature netflow`
3	Configure a flow record. The following example configuration shows how to generate five tuple information of a flow in a NetFlow record. switch(config)# flow record ipv4-records switch(config-flow-record)# description IPv4Flow switch(config-flow-record)# match ipv4 source address switch(config-flow-record)# match ipv4 destination address switch(config-flow-record)# match ip protocol switch(config-flow-record)# match transport source-port switch(config-flow-record)# match transport destination-port switch(config-flow-record)# collect transport tcp flags switch(config-flow-record)# collect counter bytes switch(config-flow-record)# collect counter packets
4	Configure a flow exporter. The following example configuration specifies the NetFlow protocol version, NetFlow template exchange interval, and NetFlow collector endpoint details. Specify the IP and port on which you enable the NetFlow connector on a Secure Workload Ingest appliance. `switch(config)# flow exporter flow-exporter-one switch(config-flow-exporter)# description NetFlowv9ToNetFlowConnector switch(config-flow-exporter)# destination 172.26.230.173 use-vrf management switch(config-flow-exporter)# transport udp 4729 switch(config-flow-exporter)# source mgmt0 switch(config-flow-exporter)# version 9 switch(config-flow-exporter-version-9)# template data timeout 20`
5	Configure a flow monitor. Create a flow monitor and associate it with a flow record and flow exporter. `switch(config)# flow monitor ipv4-monitor switch(config-flow-monitor)# description IPv4FlowMonitor switch(config-flow-monitor)# record ipv4-records switch(config-flow-monitor)# exporter flow-exporter-one`
6	Apply the flow monitor to an interface. `switch(config)# interface Ethernet 1/1 switch(config-if)# ip flow monitor ipv4-monitor input` The above steps configure NetFlow on the Nexus 9000 to export NetFlow v9 protocol packets for ingress traffic going through interface 1/1. It sends the flow records to 172.26.230.173:4729 over a UDP protocol. Each flow record includes five tuple information of the traffic and the byte/packet count of the flow. *Figure 1: Running configuration of NetFlow on Cisco Nexus 9000 Switch*