NetFlow

Unanswered Question

Hey Everyone,

I have two 6513's running IOS v.12.2(18)SXF8. I am having issues sending Netflow data to an NFSEN workstation. Basically, when i do "sh ip route cache flow" on switch 1 I see all source ip, source port , dest ip and dest port info. However, when i do the same command on switch two i only see src ip and dest ip info. I need to see all src port and dst port info. I am using nfdump/nfsen to capture all data (which by the way is the best netflow capture tool i have ever used). HEre is the config from each switch. Any ideas would be great! thanks. by the way, i am using a PFC3 card in each device.

Switch 1:

ip flow-cache timeout active 5

ip flow ingress layer2-switched vlan 2,5,65,161,197-198,200

ip flow-export version 5

ip flow-export destination 10.23.20.60 10106

mls ip multicast flow-stat-timer 9

mls flow ip interface-destination-source

no mls flow ipv6

mls nde sender version 5

no mls acl tcam share-global

mls cef error action freeze

switch1#sh mls netflow flowmask

current ip flowmask for unicast: if-dst-src

current ipv6 flowmask for unicast: null

Switch2:

ip flow-cache timeout active 5

ip flow ingress layer2-switched vlan 2,5,65,161,197-198,200

ip flow-export version 5

ip flow-export destination 10.23.20.60 10107

mls ip multicast flow-stat-timer 9

mls flow ip interface-destination-source

no mls flow ipv6

mls nde sender version 5

no mls acl tcam share-global

mls cef error action freeze

switch2#sh mls netflow flowmask

current ip flowmask for unicast: if-dst-src

current ipv6 flowmask for unicast: null

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Konstantin Dunaev Thu, 10/04/2007 - 00:54

hi,

it should be used full or interface-full in oder to get the port information from the Netflow data.

But if there is some netflow-mask conflict (e.g. in case one uses NAT it's not possible to use full-mask for Netflow) then the IOS could take the smaller mask.

Actions

This Discussion