4 Replies Latest reply on Jul 20, 2011 12:54 PM by joe.laspisa

    newbie to netflow


      Hello all,

      I have a 6509 switch with 720 sup.  running Version 12.2(18)SXF12a, RELEASE SOFTWARE (fc1), trying to setup Real-Time NetFlow Analyzer to see who is taking up all of our internet bandwidth, I understand you have to put in the following commands:

      ip flow-export source fastethernet0/0
      ip flow-export version 5
      ip flow-export destination 2055
      interface fastethernet0/0
      ip flow egress
      ip flow ingress
      ip route-cache flow
      wr mem

      I believe these are the default, problem is my switch doesn't have any IP addresses assigned to actual ports - just to the VLANs. 

      Should I just use an empty port - assign an ip address to it?

      is my version compatible with NetFlow?  It won't take either the ip flow egress or ip flow ingress commands.


        • Re: newbie to netflow

          Do you have a login at CISCO.  There is some more global config.



          or this has it too..



          I grab netflow from my VLANs assigned IPs on 6500's

          • Re: newbie to netflow


            For netflow to work on a 6509 with a Sup720, you'd want the following global configuration:

            ip flow-export source (interface)
            ip flow-export version 9
            ip flow-export destination (collector IP) (collector listener port)

            You'll also want the following at global configuration:

            mls aging long 300
            mls aging normal 60
            mls flow ip interface-full
            mls nde sender version 5

            Under the interfaces that you want to collect netflow data for put the following:

            ip route-cache flow

            With the version of IOS you're running, this should get your netflow going properly.  If you have a PFC3B or higher in your Sup720, you can also add the following at the global configuration level:

            ip flow ingress layer2-switched vlan (vlan numbers)

            This will cause layer-2 netflow data to be sent to the collector, but again it's only available as a valid command if you have a PFC3B or higher.  You won't even see this command if you have a PFC3A in your Sup720.

            I have about 12 6509s in my environment running with these commands and it all works well.


              • Re: newbie to netflow

                I am now able to get some netflow data, that helped with getting the VLANs setup.  Now trying to tweak it so I only see what goes to my firewall from my core switch - getting lots of data - actually too much data.  Would like to see who the offender is when our internet connection gets bogged down. 


                Thanks for all the replies - they have all been very helpful getting me started.