Catalyst 3560 does not have netflow
As confirmed with Cisco feature navigator, there’s no netflow for 3560 not even version 1…
Cisco 871
Although this router is EoL, it has netflow version 1, 5 and 9. Default is version 1 when I first turned netflow on. I changed it to version 5 as PRTG support only version 5 and 9 format. To change version:
ip flow-export version 5
Netflow statistics from PRTG
Netflow timeout active timer must match between flow source and destination
From this screenshot, I set the active timeout to be 5 minutes. My Cisco router needs to configure the same timeout as well:
ip flow-cache timeout active 5
From the screenshot I have set my Netflow receiver (PRTG) to be 192.168.100.254 source udp port 65000, in Cisco router I need to configure netflow export destination:
ip flow-export destination 192.168.100.254 65000
Netflow top-talkers
Top talkers are devices that generate the most traffic. To configure top talkers:
ip flow-top-talkers
top 2
sort-by packets
match destination address 239.100.100.1 255.255.255.255
match protocol udp
These command mean to take note on devices that are sending to MC group 239.100.100.1 (MC is UDP) as top 2 talkers, their traffic is sorted by packets.
Netflow configuration example
interface FastEthernet4
ip address 10.0.0.1 255.255.255.0
ip flow ingress
ip pim sparse-mode
duplex auto
speed auto
end
Enable netflow on fa4 and capture receiving traffic (inbound).
interface Vlan100
ip address 192.168.100.2 255.255.255.0
ip flow ingress
ip pim sparse-mode
end
Enable netflow on Vlan100 and capture receiving traffic (inbound).
ip flow-cache timeout inactive 300
ip flow-cache timeout active 5
ip flow-capture vlan-id
ip flow-export source Vlan100
ip flow-export version 5
ip flow-export destination 192.168.100.254 65000
ip flow-top-talkers
top 2
sort-by packets
match destination address 239.100.100.1 255.255.255.255
match protocol udp
cyruslab 