newbie to netflow

Hello all,

I have a 6509 switch with 720 sup.  running Version 12.2(18)SXF12a, RELEASE SOFTWARE (fc1), trying to setup Real-Time NetFlow Analyzer to see who is taking up all of our internet bandwidth, I understand you have to put in the following commands:

ip flow-export source fastethernet0/0
ip flow-export version 5
ip flow-export destination 192.168.1.1 2055
interface fastethernet0/0
ip flow egress
ip flow ingress
ip route-cache flow
exit
exit
wr mem

I believe these are the default, problem is my switch doesn't have any IP addresses assigned to actual ports - just to the VLANs. 

Should I just use an empty port - assign an ip address to it?

is my version compatible with NetFlow?  It won't take either the ip flow egress or ip flow ingress commands.

Thanks!

Parents
  • Joe,

    For netflow to work on a 6509 with a Sup720, you'd want the following global configuration:

    ip flow-export source (interface)
    ip flow-export version 9
    ip flow-export destination (collector IP) (collector listener port)

    You'll also want the following at global configuration:

    mls aging long 300
    mls aging normal 60
    mls flow ip interface-full
    mls nde sender version 5

    Under the interfaces that you want to collect netflow data for put the following:

    ip route-cache flow

    With the version of IOS you're running, this should get your netflow going properly.  If you have a PFC3B or higher in your Sup720, you can also add the following at the global configuration level:

    ip flow ingress layer2-switched vlan (vlan numbers)

    This will cause layer-2 netflow data to be sent to the collector, but again it's only available as a valid command if you have a PFC3B or higher.  You won't even see this command if you have a PFC3A in your Sup720.

    I have about 12 6509s in my environment running with these commands and it all works well.

    Mike

  • I am now able to get some netflow data, that helped with getting the VLANs setup.  Now trying to tweak it so I only see what goes to my firewall from my core switch - getting lots of data - actually too much data.  Would like to see who the offender is when our internet connection gets bogged down. 

     

    Thanks for all the replies - they have all been very helpful getting me started.

     

    Joe

Reply
  • I am now able to get some netflow data, that helped with getting the VLANs setup.  Now trying to tweak it so I only see what goes to my firewall from my core switch - getting lots of data - actually too much data.  Would like to see who the offender is when our internet connection gets bogged down. 

     

    Thanks for all the replies - they have all been very helpful getting me started.

     

    Joe

Children
No Data