Netflow on vlan interface on catalyst 6500

Unanswered Question
Aug 17th, 2008

Hi,

I am having 2 vlans. Say vlan 10 and vlan 50. I have multiple ports in vlan 10. I want to do netflow capture of packets that moves from vlan 10 to vlan 50. I know that catalyst 6500, doesn't support egress neflow. So now I am doing ingress netflow on all the ports in vlan 10. But that will capture all packects in vlan 10 also. So if I enable "ip flow ingress" on interface vlan 50, will it capture the packets during intervaln routing from vlan 10 to vlan 50 ?

Also will "ip route-cache flow" will capture outgoing traffic ?

Thanks,

Peter

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 08/18/2008 - 01:31

Hello Peter,

netflow does not provide packet capture.

It provides detailed flow-based statistics on ingress packets.

By configuring netflow under SVI Vlan 50 you will get traffic stats about traffic entering SVI Vlan 50 and has to be routed including traffic for vlan 10.

For doing a capture you could use a VACL with the capture action instead of using netflow.

See

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vacl.html#wp1089072

Hope to help

Giuseppe

cisco_query Mon, 08/18/2008 - 20:43

Hi Giuseppe,

Thanks for the reply.

Actually I want to get the flow-based statistics of the packet itself.

I have given "ip route-cache flow" in interface vlan 50. But I am getting the statistics of only traffic passing from vlan 50 to vlan 10. Actually I want to get the statistics of traffic passing from vlan 10 to valn 50. In vlan prespective the traffic from vlan 10 to vlan 50, is ingress or egress for vlan 50 ?

Also since only the first packect will be routed through msfc and since remain will be switched , I have given ,layer-2 switched vlan 50 .Still not able to get the vlan 10 to vlan 50 statistics.

I cannot enable netflow on vlan 10, since it will do analyse of other traffic also. I want to do analysis of only traffic that passes from vlan 10 to vlan 50. Please help.

Thanks,

Peter

Actions

This Discussion