NetFlow Cat 6506-E

Unanswered Question
Mar 22nd, 2007
User Badges:

I read lots of articles and manuals, but I can't make netflow work correctly.

I read conversation about NetFlow

and I asked some things but I didn't received questions, because I created this Conversation.

I confused.

I have got a Cat 6506-E SUP 32.

It contains a lot of Vlan interfaces on Layer 3. Every vlan interface has got an ip address.

Netflow collector - NFA 5.5, which works correctly with routers 28,38 series.

I need in information L3 traffic.

Netflow configuration:

ip flow-cache timeout active 1

mls ip multicast flow-stat-timer 9

mls aging long 300

mls aging normal 120

mls flow ip interface-destination-source

no mls flow ipv6

mls nde sender

mls sampling time-based 64

no mls acl tcam share-global

mls cef error action freeze



ip flow-export source Vlan10 (vlan 10 - core vlan of my network, it contains servers and network devices)

ip flow-export version 9

ip flow-export destination x.x.x.x 9996

and every Vlan interface has following lines:

ip flow ingress

mls netflow sampling

And when I try to enter

#mls flow ip full


#mls flow ip interface-full

I receive:

% Unable to configure flow mask for ip protocol: interface-full. Reset to the default flow mask type: none

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
kurenyshev Sun, 03/25/2007 - 17:52
User Badges:

I don't believe that nobody knows the answer.

Please, help me, save my soul !

peter.nowack Tue, 04/03/2007 - 01:07
User Badges:

It is Cisco technical support center... My recommendation is contact Crannog and require what is wrong on your configuration. I'm curious what they answer ;o) We are using similar cisco configuration, but we haven't any problem with it. (Only one problem: on the Sup720 are not exported TCP flags in the netflow ;o( ), but we are using another analyzing software...

avmabe Tue, 04/03/2007 - 13:04
User Badges:
  • Bronze, 100 points or more

Ok... Here are some things I notice...

Change this:

mls flow ip interface-destination-source

to this:

mls flow ip interface-full

Also, get rid of the mls sampling... it only samples out of the table and not the actual traffic going into the table.

Also... you have a sup 32 and not a sup720? If so, that is going to be something that may be a problem for you getting accurate traffic from netflow.

Try all that and see what you get.

kurenyshev Tue, 04/03/2007 - 17:25
User Badges:

My Cat doesn't accept following:

mls flow ip interface-full

It replies^

% Unable to configure flow mask for ip protocol: full. Reset to the default flow mask type: none

But I remember that once time I managed to enter this string.

Yeah. I have Sup 32. My current config I got from colleage, who uses Sup 720.

Sapmling means that One of set packets will be switch to NetFlow collector?

Jan Nejman Tue, 04/03/2007 - 23:59
User Badges:
  • Bronze, 100 points or more

You will not be able to change the flowmask after you configure NAT. You might be hitting the bug CSCsb41562.

PS.: I don't think that netflow statement is required on all interfaces. It is required on L3 interfaces. You can use 'show ip interface brief' to see all interfaces with assigned IP address. Put netflow statement on these interfaces only. I agree that mls sampling may cause some problems with your collector...



kurenyshev Wed, 04/04/2007 - 18:21
User Badges:

I have netflow statement only on all VLAN interfaces L3. I'll try to remove "mls sampling" from some interfaces and compare results with current ones.

kurenyshev Thu, 04/05/2007 - 00:07
User Badges:

I found out that I already have got a patched IOS. It's version is Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1). But the bug presents.

I remove all nat from configuartion and I managed to enter:

mls ip flow interface-full


This Discussion