• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 24 subscribers
  • Views 322 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Netflow 6513 Hybrid IOS only 8kbps traffic on Vlan's?

d-moore

Guys what am I missing here. have a 6513 setup in hybrid mode with a Sup2 running CatOS 8.3(2) and IOS 12.2(14)ZA7. 


 Pulling up my Netflow sources, I am only seeing 479 Kbps traffic across my MFC monitored Layer3  VLANS. One VLAN  I know is pushing at least 10-20megs of traffic.  Is this normal with a hybrid mode setup and Sup2? 


My 6509 with Sup720 and native mode is showing the correct aggerate traffic moving across the Layer3 Vlans.


Are the almost non-existant traffic flows on my 6513 from my L3 Vlans due to the fact this switch is running in Hybrid mode and/or Sup2 hardware? 


Or is my Cisco CEF switching the root of the problem? Everything is being switched on the L2 side and the MFC (L3) is only being referenced one time before it is switched.


thanks


 


 


  • 0

    Looking threw the Thwack for an issue like mine, and your it.


     I have Cisco 6506's in Native with SUP2, monitored interface shows steady 100Mbit for over 2hours but the charts show a fraction of that.  Top 25 endpoints show that 25% of traffic was one system that transfered 1.49Meg total.. something is wrong here...  did you find any answers since your post?


    Ryan

  • 0 in reply to Solorwindshopper

    De-installed Solarwinds Netflow and am using the free "scrutinizer" product till SW gets their sutff together.  Google "scrutinizer netflow".


    Scrutinizer product is great. I don't need to keep netflow data more than 24hrs, so the limitations of the freeware product don't affect me.

  • 0 in reply to Solorwindshopper

    We have seen this issue when a SUP 2 is used as it will see only layer 3 traffic. So non-routed VLAN traffic will show up in SNMP (Orion) but not in any NetFlow collector. SUP 4 or 5 with a NetFlow daughter card will work.

  • 0 in reply to mcbridea

    I think there is some confusion here about the Cisco HW/SW being used...  The Cat65xx Supervisors are currently either the Sup2, Sup32 or the Sup720.  All are capable of both L2 and L3 support.  There is no Sup4 or Sup5.  AFAIK there is also no NetFlow daughter card either as this is all handled by the PFC/MSFC team in the Supervisor. 


     I think you are referring to the Cat4500 family which does have those options including Sup4/Sup5/Sup6 and Netflow daughter cards...


     I think d-moore is probably right about the Hybrid mode being the root cause of the problem.  I think looking at the Cisco docs below or calling TAC should resolve the issue.  Hybrid mode is really running two mostly separate devices, a router and a switch.  They would need to both be configured separately in order for NetFlow to work properly.  The PFC2 in the Supervisor would pick up the L2 flows and is configured using the "set" commands to point L2 NetFlow traffic at the NTA collector and the MSFC2 for the L3 flows would be configured more like the IOS router it really is.


    You might look starting around page 13-27 here for a more complete description...  I could never explain it as completely as they do here...


    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/catos/8.x/configuration/guide/6000_cfg.pdf 


    Anyway, unless there is a limitation in the particular code on the Cat6500 being used now, I would think it should all work once configured...  Native IOS on the Catalyst 6500 is much simpler to configure in this particular case to be sure and NetFLow V5 format is supported normally in the scenario being discussed.  It has been a little while since I had any hybrid-mode Sup2/MSFC2s running but I would be glad to help if I can.


    -Corey

  • 0 in reply to CoreyMac

    Good catch Corey - my info was for the CAT 4500 set up.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.