Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCIE (Expert)
flow exporter vs. ip flow-export
Mrock4
Recently had a task that called for configuring multiple netflow destinations. I configured multiple flow exporters (EXPORTER1, EXPORTER2, tied together with a flow monitor, etc). The solution utilized "ip flow-export..."
That being said, does anyone know any reasons to use one over the other? Netflow is a weaker area for me, but I'd like to know what situations might be more appropriate for one or the other, or are they completely interchangeable? I haven't seen any real differences in the documentation after a good faith search, but I really haven't dug in too much.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
powmia
The modular method of tying flow monitors to interfaces, which calls a configurable monitor, which calls a configurable flow record and a configurable flow exporter... is Cisco's "Flexible NetFlow" configuration. The ip flow-export is the legacy method. Both can use NetFlow version 9, so as long as your task was basic... either solution would work. If the task had required that you get more specific, and only collect flow records for specific subsets of traffic, you would have wanted to use flexible netflow (your method)... in reality, I would have used your method... and you would have got full points for that task on your lab... unless of course you were explicitly told to do it old school
powmia
However.... I should add, you're going to be pressed for time during your lab (understatement). So when you see something like that, you need to know that there are multiple ways to approach the task, both are sufficient... but one is faster for you to knock out.
Mrock4
Definitely! Thanks for the information. The only way I've ever known has been the Flexible NetFlow way (I've seen the other, but not used it), so it's great to know both are sufficient. Truth be told, I do think the solution guide had it better with regards to "least" configuration as the flexible method is quite lengthy. I actually like the syntax of the legacy method better, oddly enough.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
