Enabling Export of Flow Records

The network flow analysis feature in Traverse relies on collecting network flow data exported by a router or switch, so you need to enable your network equipment to export flow records.

Network flow records are typically exported from the routers to the default TCP port of 2055.

Enabling NetFlow on a Cisco router (or switch running IOS)

1. Telnet or SSH into the router and enter enable mode.
2. Enable Cisco Express Forwarding:

   router(config)# ip cef

3. Enable NetFlow on all physical interfaces that will take part in routing traffic between devices of interest:

   router(config)# interface <interface>

   router(config-if)# ip route-cache flow

   Note: Routers may by default export flow data only for traffic entering the router, so make sure you enable NetFlow on all interfaces for accurate analysis of traffic both into and out of the router.

4. Enable export of NetFlow records:

   router(config)# ip flow-export version 5

   router(config)# ip flow-export destination <dge_address> 2055

   router(config)# ip flow-export source FastEthernet0

   router(config)# ip flow-cache timeout active 1

   router(config)# ip flow-cache timeout inactive 15

   Note: The ip flow-export source can be any interface that stays active; a stable or Loopback interface is preferred.

5. Save the configuration:

   router(config)# end

   router# write mem

   Go to http://www.cisco.com/en/US/tech/tk812/tsd_technology_support_configure_guide.html for more information about configuring NetFlow on Cisco devices.