4 Replies Latest reply on Jul 20, 2011 12:54 PM by joe.laspisa

    newbie to netflow

    joe.laspisa

      Hello all,

      I have a 6509 switch with 720 sup.  running Version 12.2(18)SXF12a, RELEASE SOFTWARE (fc1), trying to setup Real-Time NetFlow Analyzer to see who is taking up all of our internet bandwidth, I understand you have to put in the following commands:

      ip flow-export source fastethernet0/0
      ip flow-export version 5
      ip flow-export destination 192.168.1.1 2055
      interface fastethernet0/0
      ip flow egress
      ip flow ingress
      ip route-cache flow
      exit
      exit
      wr mem

      I believe these are the default, problem is my switch doesn't have any IP addresses assigned to actual ports - just to the VLANs. 

      Should I just use an empty port - assign an ip address to it?

      is my version compatible with NetFlow?  It won't take either the ip flow egress or ip flow ingress commands.

      Thanks!

        • Re: newbie to netflow
          pyro13g

          Do you have a login at CISCO.  There is some more global config.

           

          http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

          or this has it too..

          http://www.mcabee.org/lists/nanog/Mar-09/msg00196.html

           

          I grab netflow from my VLANs assigned IPs on 6500's

          • Re: newbie to netflow
            smittyman

            Joe,

            For netflow to work on a 6509 with a Sup720, you'd want the following global configuration:

            ip flow-export source (interface)
            ip flow-export version 9
            ip flow-export destination (collector IP) (collector listener port)

            You'll also want the following at global configuration:

            mls aging long 300
            mls aging normal 60
            mls flow ip interface-full
            mls nde sender version 5

            Under the interfaces that you want to collect netflow data for put the following:

            ip route-cache flow

            With the version of IOS you're running, this should get your netflow going properly.  If you have a PFC3B or higher in your Sup720, you can also add the following at the global configuration level:

            ip flow ingress layer2-switched vlan (vlan numbers)

            This will cause layer-2 netflow data to be sent to the collector, but again it's only available as a valid command if you have a PFC3B or higher.  You won't even see this command if you have a PFC3A in your Sup720.

            I have about 12 6509s in my environment running with these commands and it all works well.

            Mike

              • Re: newbie to netflow
                joe.laspisa

                I am now able to get some netflow data, that helped with getting the VLANs setup.  Now trying to tweak it so I only see what goes to my firewall from my core switch - getting lots of data - actually too much data.  Would like to see who the offender is when our internet connection gets bogged down. 

                 

                Thanks for all the replies - they have all been very helpful getting me started.

                 

                Joe