How to Enable NetFlow on Cisco Switch: Step-by-Step Configuration Guide (Flexible NetFlow)

Follow Us:

NetFlow is a critical tool for modern network monitoring, offering visibility into traffic patterns, bandwidth consumption, and security threats. For network engineers, IT administrators, and system integrators, knowing how to enable NetFlow on Cisco switch devices is essential for effective network management.

This guide covers Flexible NetFlow (FNF, NetFlow v9), the recommended template-based configuration method for modern Cisco Catalyst and IOS XE switches.

How to Enable NetFlow on Cisco Switch

Part 1: What is NetFlow and Why Is It Essential?

NetFlow is a Cisco technology that collects IP traffic statistics from switches. It helps analyze traffic, detect anomalies, and optimize network performance.

Understanding a Network Flow

A "flow" is a unidirectional stream of packets between a source and destination, uniquely identified by a combination of key fields (7-tuple):

  • Source IP address
  • Destination IP address
  • Source port number
  • Destination port number
  • Layer 3 protocol type (TCP/UDP)
  • Type of Service (ToS) byte
  • Input logical interface

Different combinations create separate flows in the NetFlow cache.

Benefits of NetFlow

  • Security & Threat Detection: Detect suspicious traffic patterns and TCP flags.
  • Capacity Planning: Analyze application and bandwidth usage for optimization.
  • Troubleshooting: Identify traffic spikes and bottlenecks.
  • Policy Verification: Check effectiveness of QoS and network policies.

Flexible NetFlow allows exporting Layer 2–7 data, IPv6 traffic, and application-specific metrics, making it ideal for detailed network monitoring.


Part 2: Prerequisites, Compatibility, and Performance Notes

Before enabling NetFlow, ensure your switch environment supports it:

  • Hardware & Software: Confirm Cisco switch model and IOS version support Flexible NetFlow.
  • CEF Requirement: Cisco Express Forwarding or distributed CEF must be enabled.
  • Cache Timeout Settings:
Setting Default Timeout (IOS) Recommended Purpose
Active Timeout 30 min 60 sec Export long-lived flows timely for security monitoring
Inactive Timeout 15 sec 15 sec Expire inactive flows from cache
Template Timeout 30 min 60 sec Refresh flow templates to prevent collector mismatch

Need help confirming which Cisco switch models fully support NetFlow? Router-switch provides rapid model verification, global stock availability, and expert technical guidance, helping you complete network deployments efficiently while minimizing procurement risks.


Part 3: Step-by-Step Guide: Cisco NetFlow Configuration

NetFlow configuration involves Flow Record, Flow Exporter, Flow Monitor, and applying the monitor to interfaces.

Step 1: Define the Flow Record

GenericSwitch# configure terminal
GenericSwitch(config)# flow record XDR_FLOW_RECORD
GenericSwitch(config-flow-record)# description NetFlow record for Collector
GenericSwitch(config-flow-record)# match ipv4 source address
GenericSwitch(config-flow-record)# match ipv4 destination address
GenericSwitch(config-flow-record)# match ipv4 protocol
GenericSwitch(config-flow-record)# match transport source-port
GenericSwitch(config-flow-record)# match transport destination-port
GenericSwitch(config-flow-record)# match ipv4 tos
GenericSwitch(config-flow-record)# match interface input
GenericSwitch(config-flow-record)# collect interface output
GenericSwitch(config-flow-record)# collect counter bytes long
GenericSwitch(config-flow-record)# collect counter packets long
GenericSwitch(config-flow-record)# collect timestamp sys-uptime first
GenericSwitch(config-flow-record)# collect timestamp sys-uptime last
GenericSwitch(config-flow-record)# collect transport tcp flags
GenericSwitch(config-flow-record)# exit

Step 2: Configure the NetFlow Exporter

GenericSwitch(config)# flow exporter XDR_EXPORTER
GenericSwitch(config-flow-exporter)# destination 192.168.52.250
GenericSwitch(config-flow-exporter)# source VLAN 5
GenericSwitch(config-flow-exporter)# transport udp 9995
GenericSwitch(config-flow-exporter)# export-protocol netflow-v9
GenericSwitch(config-flow-exporter)# template data timeout 30
GenericSwitch(config-flow-exporter)# exit

Step 3: Create the Flow Monitor

GenericSwitch(config)# flow monitor XDR_FLOW_MONITOR
GenericSwitch(config-flow-monitor)# description Monitor combining record and exporter
GenericSwitch(config-flow-monitor)# record XDR_FLOW_RECORD
GenericSwitch(config-flow-monitor)# exporter XDR_EXPORTER
GenericSwitch(config-flow-monitor)# cache timeout active 60
GenericSwitch(config-flow-monitor)# cache timeout inactive 15
GenericSwitch(config-flow-monitor)# exit

Step 4: Apply the Flow Monitor to Interfaces

GenericSwitch(config)# interface range GigabitEthernet 1/0/1 - 48
GenericSwitch(config-if-range)# ip flow monitor XDR_FLOW_MONITOR input
GenericSwitch(config-if-range)# exit
GenericSwitch(config)# write memory

Interface Placement Notes:

  • Apply on L2 access interfaces for full visibility.
  • L3 SVIs or trunk interfaces are acceptable if L2 application is limited.
  • Using input is generally sufficient; output can be added if bidirectional collection is needed.


Part 4: Verification, Troubleshooting, and FAQ

Verification Commands

show flow monitor XDR_FLOW_MONITOR statistics
show flow exporter XDR_EXPORTER
show ip cache verbose flow
clear ip flow stats

Common Issues

Issue Cause Solution
Collector not receiving flows Wrong destination IP/port, source interface issues Verify show flow exporter and network path
Missing traffic data Not enabled on necessary interfaces, long active timeout Apply monitor to critical interfaces, adjust active timeout
Command rejected Unsupported model/IOS, CEF disabled Check compatibility, enable CEF globally


FAQ

Q1: How to enable NetFlow on Cisco switch 3850?
Follow the Flexible NetFlow steps above; ensure the IOS XE version supports FNF v9.

Q2: How to enable NetFlow on Cisco switch 2960?
Use traditional NetFlow commands (ip flow ingress/egress) and export with ip flow-export settings.

Q3: How to enable flow control on Cisco switch?
Configure flowcontrol send on / flowcontrol receive on under the interface to manage congestion.

Q4: What is NetFlow in switch?
Cisco NetFlow collects and exports IP traffic statistics for monitoring, security analysis, and network optimization.


Conclusion

Enabling Flexible NetFlow on Cisco switches ensures robust network traffic monitoring, troubleshooting, and capacity planning. Following the standard steps for flow record, exporter, monitor, and interface application guarantees accurate flow collection.

Router-switch provides rapid model verification, global stock availability, competitive pricing, and expert technical guidance, helping you complete network deployments efficiently while minimizing procurement risks.

Disclaimer: Configuration may vary slightly per hardware model and IOS version. Always verify with Cisco documentation.

Expert

Expertise Builds Trust

20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert