Configure Netflow For Cisco Router Switch IOS - Example

What we will get benefit when we enable netflow feature are real-time monitoring of host behaviors and traffic analysis to identify threats, extensive network performance reports including top talkers, interface utilization, exporter tracking, etc. I have screenshot for your carification.

Below is how to set up step by step on Cisco router or Cisco switch;

• Enabling NetFlow
  Enter global configuration mode on Cisco router or Cisco switch, and issue the following commands for each interface on which you want to enable NetFlow:
       #interface {interface} {interface_number}
       #ip route-cache flow
• Enabling the exports of these flows
  Enter global configuration mode on Cisco router or Cisco switch, and issue the following commands by use the IP address of your NetFlow Collector and configured listening port. UDP port 9995 is used for example.
       # ip flow-export version 5
       # ip flow-export destination <ip_address> 9995
       # ip flow-export source Loopback0
• Turning off NetFlow
  Issue the following commands in global configuration mode to stop exporting NetFlow data:
       #interface {interface} {interface_number}
       #no ip route-cache flow
  This will disable NetFlow export on the specified interface. Repeat the commands for each interface on which you need to disable NetFlow.
• Diagnosis
  In enable mode you can see current NetFlow configuration and state by looking at the output from
       #sh ip flow export Shows the current NetFlow configuration
       #show ip cache flow and sh ip cache verbose flow These commands summarize the active flows and give an indication of how much NetFlow data the device is exporting
  
  Note: When access lists are used, all cisco routers or cisco switch must log failed network access attempts.

A Sample Device Configuration
The following is a set of commands issued on a router to enable NetFlow version 5
!
interface Loopback0
 ip address 172.30.203.253 255.255.255.255
 no ip redirects
 no ip proxy-arp
 ip route-cache flow
 no ip mroute-cache
!
!
interface FastEthernet0/1/0
 description LINE:USHQ-VzBPIP,SPEED:8000000,GOLDCAR:256k,DEST:VzB_PERouter
 bandwidth 8000
 ip address 172.30.0.86 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache cef
 ip route-cache flow
 no ip mroute-cache
 load-interval 30
 duplex full
 speed 100
 no mop enabled
!
interface FastEthernet0/1/1
 description Local Network segment for THHQ
 ip address 172.30.0.86 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache cef
 no ip route-cache flow
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
!
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 172.30.46.195 9995
ip flow-export destination 172.30.46.71 2055
!
!
access-list 30 permit 172.30.46.195
access-list 30 permit 172.30.46.71
access-list 30 deny   any log
!