05-24-2007 06:46 AM - edited 03-05-2019 04:16 PM
Hello,
I wish to know if it can be possible to make a netflow from several interfaces.
For eg, we've a switch Cisco 6509 and several vlan (in this one). And we would like to monitor some vlan.
So, is this possible?
And bonus, we would be to dissociate the netflow's flows to various ports, so that our analyser (ntop) can provide specifics stats for each vlan.
Any suggestion will be the welcome. Thank you.
05-24-2007 08:33 AM
Hi,
The "ip route-cache flow" can be used under the main interfaces, while the "ip flow ingress" was an enhancement to be used under subinterfaces.
More over "ip flow-export
HTH, please do rate all helpful replies,
Mohammed Mahmoud.
05-24-2007 10:33 AM
Hello,
it is necessary enable netlow on all VLAN interfaces via ip route-cache flow | cef
and don't forgot set mls nde ...
To see VLAN interface in the export it is neccessary configure mls flow-mask interface-full! We are using Caligare to monitor and there is possible filter out unwanted netflow traffic. E.g. drop any traffic from management VLAN...
See the URL: http://support.caligare.com/kb/entry/47/
to view what is flowmask ...
Bye,
Peter
Please, rate me if it helps...
05-30-2007 05:00 PM
Hey I have some questions for you. I am doing the same thing you are with 6509. Are you using sampling for your netflows at all or using full and what speed NIC do you have in your NTOP box? Also do you know the default upd port NTOP is looking for?
05-31-2007 12:41 PM
Tim,
Sampling offers you no advantages on a 6509 unless you are concerned with your netflow collector being overwhelmed (not likely). I use NTOP as one of my collection methods and use full mask and my TNOP box is listening at 1GB, but it takes in around 8mbit/sec (from 4 GSR's)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide