Configuring Motadata NetFlow Export on an IOS Device
This document outlines the steps to configure Motadata NetFlow export on a Cisco IOS device. It includes enabling Motadata NetFlow, exporting data to a server, verifying the configuration, and turning off Motadata NetFlow.
Enabling MOTADATA_NETFLOW Export
Enter global configuration mode on the router or MSFC first and then for each interface on which you want to enable MOTADATA_NETFLOW, issue the following commands:
interface {interface} {interface_number}
ip flow ingress
bandwidth
exit
In recent IOS releases, enable Cisco Express Forwarding with the following command:
ip cef
Note that on Cisco IOS devices, MOTADATA_NETFLOW must be enabled on a per-interface basis. The bandwidth command is optional and sets the interface speed in kilobits per second.
Exporting MOTADATA_NETFLOW Data
To export MOTADATA_NETFLOW data to the server running Flow Explorer, issue the following commands:
To export the MOTADATA_NETFLOW cache entries to the specified IP address. Use the IP address of the ObserveOps (formerly known as AIOps) Flow Explorer server and the configured MOTADATA_NETFLOW listener port (default is 2055).
ip flow-export destination {hostname|ip_address} 2055
To set the source IP address of the MOTADATA_NETFLOW exports sent by the device.
ip flow-export source {interface} {interface_number}
To set the MOTADATA_NETFLOW export version to version 5. Note that ObserveOps Flow Explorer supports versions 5, 7, and 9.
ip flow-export version 5 [peer-as | origin-as]
To break up long-lived flows into 1-minute fragments to aid in troubleshooting.
ip flow-cache timeout active 1
To ensure that finished flows are periodically exported.
ip flow-cache timeout inactive 15
To enable ifIndex persistence globally.
snmp-server ifindex persist
Verifying Device Configuration
To verify whether MOTADATA_NETFLOW export has been configured correctly, issue the following commands in normal (not configuration) mode:
To show the current MOTADATA_NETFLOW configuration.
show ip flow export
To summarize the active flows and indicates how much MOTADATA_NETFLOW data the device is exporting.
show ip cache flow
and then,
show ip cache verbose flow
A Sample Device Configuration
The following is a set of commands issued on a router to enable MOTADATA_NETFLOW version 5 on the FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 2055.
router#enable
Password:*****
router#configure terminal
router-2621(config)#interface FastEthernet 0/1
router-2621(config-if)#ip flow ingress
router-2621(config-if)#exit
router-2621(config)#ip flow-export destination 192.168.9.101 2055
router-2621(config)#ip flow-export source FastEthernet 0/1
router-2621(config)#ip flow-export version 5
router-2621(config)#ip flow-cache timeout active 1
router-2621(config)#ip flow-cache timeout inactive 15
router-2621(config)#snmp-server ifindex persist
router-2621(config)#^Z
router#write
router#show ip flow export
router#show ip cache flow
Repeat these commands to enable MOTADATA_NETFLOW for each interface.
Please note that MOTADATA_NETFLOW data export has to be enabled on all interfaces of a router to see accurate IN and OUT traffic.
Turning off MOTADATA_NETFLOW
To stop exporting MOTADATA_NETFLOW data, issue the following commands in global configuration mode:
To stop exporting MOTADATA_NETFLOW cache entries to the specified destination IP address.
no ip flow-export destination {port_number}
To disable MOTADATA_NETFLOW export on the specified interface. Repeat for each interface.
interface {interface_number}
no ip flow ingress
exit
For further information on configuring your IOS device for MOTADATA_NETFLOW data export, refer to Cisco's MOTADATA_NETFLOW commands documentation.
After completing the configuration, navigate to Menu > Flow Explorer and select Explorer to view the active flow data.