Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
800
Views
0
Helpful
2
Replies

Does my 2821 router support netflow V9?

pjrivers01
Level 1
Level 1

‎09-04-2015 03:02 PM - edited ‎03-05-2019 02:14 AM

I am trying to set up a NetFlow analyzer, and wanted to enable NBAR.  My routers were configured with NetFlow V5, but I learned that I needed NetFlow V9.  I removed V5 and configured V9 and all of my links went down in the NFA. I was wondering if my 2821 routers were able to use NetFlow V9. 

Labels:
0 Helpful
2 Replies 2

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎09-04-2015 05:33 PM

Yes it does support.

{

!This defines the usage of Netflow v9
2821(config)# ip flow-export version 9 

!This command tells the router to send the flow to destination IP address on specified UDP port

2821(config)# ip flow-export destination 192.168.1.254 9991
 
!Configure flow on a particular interface
2821(config)# int gig0/0
2821(config-if)# ip flow ingress
2821(config-if)# exit
 
!Finally configure flow timeout in minutes
2821(config)# ip flow-cache timeout active 5
}
 
HTH
regards
Inayath
0 Helpful

pjrivers01
Level 1
Level 1
In response to InayathUlla Sharieff

‎09-08-2015 05:18 PM

Thank you for your quick response. I really do appreciate it.

This is the first config that allowed the analyzer to detect my routers:

ip flow-export version 5
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
ip flow-export destination A.B.C.D 9996 - Address changed
ip flow-export source g0/0

int g0/0
 ip route-cache flow

 

I then found this config for V9 to enable NBAR with my routers:

flow exporter NBAREXP                        
destination A.B.C.D  
source GigabitEthernet 0/0        
transport udp 9996              
export-protocol netflow-v9

flow record NBARREC
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match ipv4 protocol
match ipv4 tos
match ipv4 dscp
match application name        

collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect interface output
collect flow direction
collect ipv4 id
collect ipv4 source mask
collect ipv4 destination mask

flow monitor NBARMON

exporter NBAREXP
record NBARREC
cache timeout active 1
cache timeout inactive 15

int GigabitEthernet 0/0
 ip flow monitor NBARMON input

I removed the previous V5 config and entered this one. As soon as I did this, I lost all connectivity with my routers.  I tried to tweek it, but had to remove this and re-install the V5 config.

I am just tyring to get my NetFlow Analyzer to collect NBAR info.

I have 2821 routers with adventerprisek9-mz.151-4.M10 for the image.  Now I am not sure how to get my NFA to read NBAR data.

Thanks again for your help

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card