Configuring Netflow on 6500 Switch

michael ezenogha · ‎07-07-2013

Hello All,

I have never worked on a 6500 prior to now and i was tasked to configure netflow and export data to Orion Solarwinds.

The config i entered on the switch is show below

All vlan and lo 0 have ip addresses

Switch(config)mls netflow

Switch(config)mls netflow ip interface-full

Switch(config)int vlan 2

Switch(config-if) ip route-cache flow

Switch(config-if) exit

Switch(config)int vlan 6

Switch(config-if) ip route-cache flow

Switch(config-if) exit

Switch(config)int vlan 7

Switch(config-if) ip route-cache flow

Switch(config-if) exit

Switch(config) ip netflow ingress layer2-switched vlan 2,6,7

Switch(config) mls nde sender version 5

Switch(config) ip flow-export source lo 0

Switch(config) ip flow-export destination 10.20.86.137 2055

Switch(config) ip flow-export layer2-switched vlan 2,6,7

Still, the data is not being exported to Orion NPM.

I have checked other documentations and configs differ slighty but no concrete solution.

Please any suggestions

milan.kulik · ‎07-09-2013

Hi,

which IOS version are you running?

What do show mls netflow ip and show mls nde commands display?

See http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml#veri_

Best regards,

Milan

michael ezenogha · ‎07-09-2013

ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)

Displaying Netflow entries in Active Supervisor EARL in module 5

DstIP SrcIP Prot:SrcPort:DstPort Src i/f :AdjPtr

-----------------------------------------------------------------------------

Pkts Bytes Age LastSeen Attributes

---------------------------------------------------

10.20.69.47 10.208.33.140 tcp :23168 :1529 Gi5/2 :0x0

1 52 12 16:23:40 L3 - Dynamic

10.20.71.84 176.32.98.230 tcp :www :1545 Gi5/1 :0x0

13 14037 13 16:23:39 L3 - Dynamic

10.20.68.242 10.208.33.142 tcp :7833 :1373 Gi5/1 :0x0

1 52 13 16:23:39 L3 - Dynamic

10.64.4.158 10.20.6.16 tcp :5557 :1631 Vl6 :0x0

591 65306 24 16:23:52 L3 - Dynamic

10.48.132.87 140.207.54.36 tcp :8080 :34975 Gi5/1 :0x0

9 1836 61 16:23:23 L3 - Dynamic

10.32.9.11 10.20.31.70 udp :5000 :5100 Vl28 :0x0

12 552 28 16:23:49 L3 – Dynamic

hh-core-2#sh mls nde

Netflow Data Export enabled

Exporting flows to 10.18.69.137 (2055)

Version: 5

Layer2 flow creation is enabled on vlan 2,4,6-7,10,12,14,20,28

Layer2 flow export is enabled on vlan 2,4,6-7,10,12,14,20,28

Include Filter not configured

Exclude Filter not configured

Total Netflow Data Export Packets are:

542551 packets, 0 no packets, 15733692 records

Total Netflow Data Export Send Errors:

IPWRITE_NO_FIB = 0

IPWRITE_ADJ_FAILED = 0

IPWRITE_PROCESS = 0

IPWRITE_ENQUEUE_FAILED = 0

IPWRITE_IPC_FAILED = 0

IPWRITE_OUTPUT_FAILED = 0

IPWRITE_MTU_FAILED = 0

IPWRITE_ENCAPFIX_FAILED = 0

IPWRITE_CARD_FAILED = 0

Netflow Aggregation Disabled

milan.kulik · ‎07-09-2013

Hi,

I can see

hh-core-2#sh mls nde

Netflow Data Export enabled

Exporting flows to 10.18.69.137 (2055)

but

Switch(config) ip flow-export destination 10.20.86.137 2055

in your config.

Are you exporting to the correct collector on the correct port?

If yes, isn't there any FW or an ACL blocking the NetFlow traffic on the path?

Bets regards,

Milan

michael ezenogha · ‎07-10-2013

Hello Milan,

Thanks for your reply.

The correct endpoint is 10.18.69.137 2055.

There is no ACL on the switch denying traffic.

I added an ACL to allow netflow traffic aswell.

Still traffic is not being exported.

Thanks for you help

Mike