Netflow with in Vlan on 6513

cbulleri · ‎09-23-2008

Hi;

We have a 6513 equiped with a WS-X6K-SUP2-2GE a WS-F6K-PFC2 and a WS-F6K-MSFC2.

The switch is running IOS Version 12.2(18)SXF1.

I'm able to obtain netflow readings of traffing going across the different Vlans but nothing with in a Vlan.

Here is the configuration so far.

ip flow-cache timeout active 5

ip flow ingress layer2-switched vlan 2-5

mls aging normal 32

mls flow ip full

mls flow ipx destination

mls nde sender

ip flow-export source Vlan3

ip flow-export version 5

ip flow-export destination 172.17.XX.XXX 2055

on each Vlan Interface;

ip route-cache flow

Can anyone point me in the right direccion? I'm not sure if I am missign a command or if this is not supported. Bu so far in the Cisco documentation i've read Bridge Flow Statistics is supported by this particular IOS and Hardware convination.

Thanks in advance.

yjdabear · ‎09-24-2008

ip flow export layer2-switched vlan

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

"In order to enable the collection of switched, bridged, and IP flows in Layer 2, issue the ip flow ingress layer2-switched vlan {num | vlanlist} command. In order to enable the export of switched, bridged, and IP flows in Layer 2, issue the ip flow export layer2-switched vlan {num | vlanlist} command.

The command is supported on Supervisor Engine 720 in PFC3B and PFC3BXL mode only and on Supervisor Engine 2 with a PFC2."

mohsin.khan · ‎09-24-2008

default export version for "mls nde sender" is version 7 for 6500/7600. Change it to "mls nde sender version 5" and you 'll get some usefull information ;)

Mohsin

cbulleri · ‎09-24-2008

Thanks for the tip.

I've actually been able to apply the IP flow ingress/export layer2 command to the appropiate vlans. But the one I can't seem to apply is the ip route-cache flow. according tot he document this is the one generating the netflow information.

I know that I comply with hardware specs (Sup2 PCF2) so I wonder if i need to be in a particular Global mode to apply the command.

Thanks for your Help.

mohsin.khan · ‎09-24-2008

I remember there was some difference between "ip route-cache" and "ip flow ingress", but i forgot what Try using "ip flow ingress" (there is another command "ip flow egress" for traffic going out, but that is not required if you have configured the far end (in your case the gateway interface).. do let me know the results

yjdabear · ‎09-24-2008

"ip route-cache flow" is applied per interface, so it'd be configured in interface config mode.

"ip route-cache flow" has been deprecated in 12.2(18)SXD, while the replacement "ip flow ingress" is supported in that release and higher. However, "ip route-cache flow" still works for us in >12.2(18)SXD IOS just fine.

cbulleri · ‎09-24-2008

you are right route-cache is apply on the Vlan interface directlly, but the documentation indicates that in order to obtain Layer 2 flow with in a single Vlan we need to apply the IP flow layer 2 command and I can't do it. In the Global Config mode the "Layer2" portion requires he "ingress" portion before it and I think that while I'm programming the router to capture the information it's failing to actually generate it, at least al Layer 2. I'm still getting info on packets going across the Vlans.

Again thanks for everyones input.

i'll post the solution if I found it.