Netflow configuration assistance required !!! please assist

suhailpuri · ‎01-23-2013

Hi all,

Below is the show ver of 6509 switch , please i need some assistance how to enable netflow

also i cannot enable ip route-cache flow on ten gig interfaces

sw-cta1-c6-bc(config)# int te1/1

sw-cta1-c6-bc(config-if)#ip rou

sw-cta1-c6-bc(config-if)#ip route

sw-cta1-c6-bc(config-if)#ip route-ca

sw-cta1-c6-bc(config-if)#ip r?

rsvp rtp

i configured as per below but i cannot retrieve statistics for traffic netflow shows 97 kbps traffic on vlan 219 but its a ten gig interface

mls netflow

mls flow ip interface-full

int vlan 219

ip route-cache flow

ex

ip flow ingress layer2-switched vlan 219 , 31

mls nde sender version 5

ip flow-export source vlan 219

ip flow-export destination 10.65.18.156 9996

ip flow export layer2-switched vlan 219 ,31

sh ver

Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI7, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Compiled Mon 18-Jul-11 05:50 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)

sw-cta1-c6-bc uptime is 1 year, 20 weeks, 6 days, 22 hours, 24 minutes

Uptime for this control processor is 1 year, 20 weeks, 6 days, 21 hours, 50 minutes

Time since sw-cta1-c6-bc switched to active is 1 year, 20 weeks, 6 days, 21 hours, 49 minutes

System returned to ROM by power cycle at 00:55:44 UTC Fri Aug 12 2011 (SP by power on)

System restarted at 13:56:59 CEST Mon Aug 29 2011

System image file is "sup-bootdisk:s72033-ipservicesk9_wan-mz.122-33.SXI7.bin"

Last reload reason: reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.5) with 983008K/65536K bytes of memory.

Processor board ID SMC152900JG

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from s/w reset

3 Virtual Ethernet interfaces

194 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

sw-cta1-c6-bc#

patoberli · ‎01-23-2013

Hi

On the first view looks your configuration fine. Do you get any data on the collector server?

Could you check with wireshark (or similar) what kind of data you get?

Please note that netflow doesn't contain the payload, so all the packets are way smaller.

One command that I don't see in your output, but which I once needed on 12.2.33SXH5 is:

mls nde sender

That actually turns on netflow export.

Patrick

suhailpuri · ‎01-23-2013

i added mls nde sender now i can see graph but traffic its polling is very less like 50 k avergae its a broadcast switch so it must show type of application and traffic but it only shows ssh traffic statistics

patoberli · ‎01-23-2013

I am not sure what you try to tell me.

Can you make a show int vlan 219 and also a show int vlan 31?

Do those two interfaces actually show more than those 50k traffic?

Mohit Chauhan · ‎02-12-2013

I am not an expert on this, but I think you cannot enable netflow on trunk interfaces so if the int t1/1 is a trunk port that may be the reason it is not giving you an option to enable netflow there.