Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
4
Helpful
4
Replies

Netflow from several sources

inria-futurs
Level 1
Level 1

‎05-24-2007 06:46 AM - edited ‎03-05-2019 04:16 PM

Hello,

I wish to know if it can be possible to make a netflow from several interfaces.

For eg, we've a switch Cisco 6509 and several vlan (in this one). And we would like to monitor some vlan.

So, is this possible?

And bonus, we would be to dissociate the netflow's flows to various ports, so that our analyser (ntop) can provide specifics stats for each vlan.

Any suggestion will be the welcome. Thank you.

Labels:
0 Helpful
4 Replies 4

mohammedmahmoud
Level 11
Level 11

‎05-24-2007 08:33 AM

Hi,

The "ip route-cache flow" can be used under the main interfaces, while the "ip flow ingress" was an enhancement to be used under subinterfaces.

More over "ip flow-export " - Configures the router/switch to export NetFlow cache entries to a network management applications.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

0 Helpful

peter.nowack
Level 1
Level 1

‎05-24-2007 10:33 AM

Hello,

it is necessary enable netlow on all VLAN interfaces via ip route-cache flow | cef

and don't forgot set mls nde ...

To see VLAN interface in the export it is neccessary configure mls flow-mask interface-full! We are using Caligare to monitor and there is possible filter out unwanted netflow traffic. E.g. drop any traffic from management VLAN...

See the URL: http://support.caligare.com/kb/entry/47/

to view what is flowmask ...

Bye,

Peter

Please, rate me if it helps...

tim.weid
Level 1
Level 1

‎05-30-2007 05:00 PM

Hey I have some questions for you. I am doing the same thing you are with 6509. Are you using sampling for your netflows at all or using full and what speed NIC do you have in your NTOP box? Also do you know the default upd port NTOP is looking for?

0 Helpful

avmabe
Level 3
Level 3
In response to tim.weid

‎05-31-2007 12:41 PM

Tim,

Sampling offers you no advantages on a 6509 unless you are concerned with your netflow collector being overwhelmed (not likely). I use NTOP as one of my collection methods and use full mask and my TNOP box is listening at 1GB, but it takes in around 8mbit/sec (from 4 GSR's)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card