11-13-2007 06:50 AM - edited 03-09-2019 07:22 PM
Hi friends,
I just wanted to know a few basic things about MARS:
1. Regarding Netflow on 6509 switches, where do i put the ip route-cache flow statement? Do i put it on all user vlan's or server vlan's or management vlan's? Also, is it ok if i apply it on trunk ports?
2. Regarding routers, do i put ip route-cache flow on trunk ports or on Layer 3 interfaces only?
Thanks a lot
Gautam
11-13-2007 01:04 PM
Gautam,
1. Put the command on any interface where you want to monitor traffic flows (ingress and egress).
2. AFAIK- layer 3 interfaces only.
HTH and please rate.
11-13-2007 02:11 PM
Hi Gautam
I would only add to Collin's answer the following guidelines which I employ:
"Ideally, NetFlow information should be collected from the distribution switches and routers. These devices, together with NetFlow from Internet-facing routers or syslog from firewalls, represent the entire network.
Just a word of caution on Netflow. You do not want nor need to turn it on for every networking device. Otherwise you will get multiple copies of the same info. Where you want to turn it on is at logical aggregation points, like your distribution layer, or WAN aggregation router."
Hope this helps.
Best,
Paul
11-13-2007 02:17 PM
Excellent points Paul, worth some points.
11-17-2007 02:42 AM
Thanks a lot for your help and effort in sorting out my confusion.
There is one more thing that i noticed about the Resource Utilization report (Memory and CPU) of MARS. When i click on View report, it only shows me the TOP N values of some Layer 3 devices.
Is there a way for this report to also show Layer 2 and all other devices (ASA, FWSM) etc also?
Thanks
Gautam
11-20-2007 04:35 AM
I would like to gather NetFlow stats from the fiber interface to my PIX. What is the non-route command for a layer 2 interface? I am picturing the command on the 6513 side.
11-20-2007 06:12 AM
non-route command? I don't understand.
11-20-2007 08:50 AM
I was told that there is a different command that I need to put on a layer 2 switch interface since the ip route-cache does not work.
11-20-2007 09:15 AM
AFAIK you can't monitor Netflow traffic via a layer 2 interface.
11-21-2007 06:12 AM
nProbe should be able to do it via a span port. Its related to NTOP and can be found at http://www.ntop.org/nProbe.html
11-17-2007 07:36 AM
Hello Paul
i want to do ccsp but i can't have books because i don't have money. can you help me.I'm from Cameroun in Africa.
Djomabou Germain
(237)75451805
PO BOX 5213 ASAFE DOUALA-CAMEROUN
11-20-2007 09:07 AM
hello Gautam,
please i want to do ccsp but i don't have course. cant you help me to have books free? i'm from cameroun in africa.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: