Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
1
Replies

netflow on Cat6 and netflow collector

shibindong
Level 1
Level 1

‎10-29-2008 09:24 PM

I have configured the netflow on our switches according to the configuration guide from cisco wensite, and this is my config:

mls netflow

mls flow ip interface-full

ip flow ingress layer2-switched vlan 25,48

mls nde sender version 5

interface Vlan25

ip address 10.122.25.15 255.255.255.0

ip flow ingress

ip route-cache flow

!

interface Vlan48

ip address 10.122.48.201 255.255.255.0

ip flow ingress

ip route-cache flow

ip flow-export source Vlan25

ip flow-export version 9

ip flow-export destination x.x.x.x 9991

I can find the data been collected by the server on which cisco Netflow Collector has been installed, and I can generate report, but only show us the simple result such as: source

Ip and destination IP.

If we change to generate report based on protocol, it always gave us error message: no protocol data from result file.

Labels:
0 Helpful
1 Reply 1

shibindong
Level 1
Level 1

‎10-29-2008 09:28 PM

i post my to result as well:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XXXXXXXX#sh mls netflow ip

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Displaying Netflow entries in Supervisor Earl

DstIP SrcIP Prot:SrcPort:DstPort Src i/f :AdjPtr

-----------------------------------------------------------------------------

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

1 60 95 12:20:39 L2 - Dynamic

10.122.48.39 10.122.25.15 icmp:0 :0 Vl48 :0x0

28 3360 1867 12:21:07 L2 - Dynamic

0.0.0.0 0.0.0.0 0 :0 :0 -- :0x0

23 1058 61 12:22:01 L3 - Dynamic

10.122.48.39 10.122.25.15 udp :161 :33311 Vl48 :0x0

573 188526 646 12:21:32 L2 - Dynamic

10.122.48.39 10.122.25.15 udp :49849 :9996 Vl48 :0x0

18 13052 206 12:22:02 L2 - Dynamic

10.122.48.39 10.122.25.15 udp :49852 :9996 Vl48 :0x0

0 0 331 12:20:42 L2 - Dynamic

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

XXXXXX#sh ip cache flow

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MSFC:

IP packet size distribution (19036 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .011 .478 .168 .011 .071 .033 .010 .012 .002 .015 .000 .000 .002 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .150 .020 .009 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes

6 active, 65530 inactive, 1381 added

36853 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 270664 bytes

6 active, 16378 inactive, 1713 added, 1381 added to flow

0 alloc failures, 0 force free

1 chunk, 2 chunks added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-other 22 0.0 4 45 0.0 0.3 1.4

UDP-other 1200 0.0 15 189 0.0 12.6 15.4

ICMP 153 0.0 1 97 0.0 0.0 15.4

Total: 1375 0.0 13 187 0.0 11.0 15.1

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Vl48 169.254.150.182 Null 169.254.255.255 11 0089 0089 6

Vl48 10.122.48.52 Null 10.122.48.255 11 0089 0089 6

Vl48 10.122.48.13 Null 10.122.48.255 11 0089 0089 3

Vl48 10.122.48.14 Null 10.122.48.255 11 0089 0089 3

Vl48 10.122.48.15 Null 10.122.48.255 11 0089 0089 6

Vl48 169.254.213.60 Null 169.254.255.255 11 0089 0089 6

PFC:

Displaying Hardware entries in Module 1

SrcIf SrcIPaddress DstIPaddress Pr SrcP DstP Pkts

Vl25 10.122.25.37 10.122.48.42 udp 161 34381 1

Vl25 10.122.25.39

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents