cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
525
Views
15
Helpful
11
Replies

MARS basic questions

gautamzone
Level 1
Level 1

Hi friends,

I just wanted to know a few basic things about MARS:

1. Regarding Netflow on 6509 switches, where do i put the ip route-cache flow statement? Do i put it on all user vlan's or server vlan's or management vlan's? Also, is it ok if i apply it on trunk ports?

2. Regarding routers, do i put ip route-cache flow on trunk ports or on Layer 3 interfaces only?

Thanks a lot

Gautam

11 Replies 11

Collin Clark
VIP Alumni
VIP Alumni

Gautam,

1. Put the command on any interface where you want to monitor traffic flows (ingress and egress).

2. AFAIK- layer 3 interfaces only.

HTH and please rate.

Hi Gautam

I would only add to Collin's answer the following guidelines which I employ:

"Ideally, NetFlow information should be collected from the distribution switches and routers. These devices, together with NetFlow from Internet-facing routers or syslog from firewalls, represent the entire network.

Just a word of caution on Netflow. You do not want nor need to turn it on for every networking device. Otherwise you will get multiple copies of the same info. Where you want to turn it on is at logical aggregation points, like your distribution layer, or WAN aggregation router."

Hope this helps.

Best,

Paul

Excellent points Paul, worth some points.

Thanks a lot for your help and effort in sorting out my confusion.

There is one more thing that i noticed about the Resource Utilization report (Memory and CPU) of MARS. When i click on View report, it only shows me the TOP N values of some Layer 3 devices.

Is there a way for this report to also show Layer 2 and all other devices (ASA, FWSM) etc also?

Thanks

Gautam

I would like to gather NetFlow stats from the fiber interface to my PIX. What is the non-route command for a layer 2 interface? I am picturing the command on the 6513 side.

non-route command? I don't understand.

I was told that there is a different command that I need to put on a layer 2 switch interface since the ip route-cache does not work.

AFAIK you can't monitor Netflow traffic via a layer 2 interface.

nProbe should be able to do it via a span port. Its related to NTOP and can be found at http://www.ntop.org/nProbe.html

Hello Paul

i want to do ccsp but i can't have books because i don't have money. can you help me.I'm from Cameroun in Africa.

Djomabou Germain

germaindjomabou@yahoo.fr

(237)75451805

PO BOX 5213 ASAFE DOUALA-CAMEROUN

germain85
Level 1
Level 1

hello Gautam,

please i want to do ccsp but i don't have course. cant you help me to have books free? i'm from cameroun in africa.

germaindjomabou@yahoo.fr

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: