Netflow from several sources

Unanswered Question
May 24th, 2007


I wish to know if it can be possible to make a netflow from several interfaces.

For eg, we've a switch Cisco 6509 and several vlan (in this one). And we would like to monitor some vlan.

So, is this possible?

And bonus, we would be to dissociate the netflow's flows to various ports, so that our analyser (ntop) can provide specifics stats for each vlan.

Any suggestion will be the welcome. Thank you.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
mohammedmahmoud Thu, 05/24/2007 - 08:33


The "ip route-cache flow" can be used under the main interfaces, while the "ip flow ingress" was an enhancement to be used under subinterfaces.

More over "ip flow-export " - Configures the router/switch to export NetFlow cache entries to a network management applications.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

peter.nowack Thu, 05/24/2007 - 10:33


it is necessary enable netlow on all VLAN interfaces via ip route-cache flow | cef

and don't forgot set mls nde ...

To see VLAN interface in the export it is neccessary configure mls flow-mask interface-full! We are using Caligare to monitor and there is possible filter out unwanted netflow traffic. E.g. drop any traffic from management VLAN...

See the URL:

to view what is flowmask ...



Please, rate me if it helps...

tim.weid Wed, 05/30/2007 - 17:00

Hey I have some questions for you. I am doing the same thing you are with 6509. Are you using sampling for your netflows at all or using full and what speed NIC do you have in your NTOP box? Also do you know the default upd port NTOP is looking for?

avmabe Thu, 05/31/2007 - 12:41


Sampling offers you no advantages on a 6509 unless you are concerned with your netflow collector being overwhelmed (not likely). I use NTOP as one of my collection methods and use full mask and my TNOP box is listening at 1GB, but it takes in around 8mbit/sec (from 4 GSR's)


This Discussion