Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

netflow per vlan

Good day everyone!

device: MSFC2(C6MSFC2-BOOT-M), Version 2.1(8a)EX.

A_Root(config)#interface Vlan 15

A_Root(config-if)#ip route-cache flow

Q: When I do 'show ip cache flow', only 1 packet per IP is printed(see attached file).

thank you very much.

9 REPLIES
Bronze

Re: netflow per vlan

Hello,

you need to enable mls netflow...

Try the following commands:

switch(config)# mls nde sender version 7

switch(config)# mls aging long 128

switch(config)# mls aging normal 16

switch(config)# mls netflow

On the Supervisor Engine 1 issue the following to put full flows into the netfow exports:

switch(config)# mls flow ip full

If you have a Supervisor Engine 2 or 720 running IOS version 12.1.13(E) or higher, issue the following commands instead:

switch(config)# mls flow ip interface-full

Thats, all.

Kind regards,

Jan Nejman

Caligare, Co.

http://www.caligare.com/

Community Member

Re: netflow per vlan

MLS is already enabled, because only the first packet is routed through the MSFC, the remaining packets are switched on the Supervisor.

on switch:

#mls

set mls flow full

set mls nde enable

MLS commands supported on MSFC:

A_Root(config)#mls ?

ip ip keyword

rp rp

A_Root(config)#mls ip ?

acl Enable ACLs particular features

multicast multicast keyword

A_Root(config)#mls rp ?

ip Enable IP shortcuts

ipx Enable IPX shortcuts

nde-address nde-address

A_Root(config)#mls rp ip ?

input-acl Enable IP input access list

route-map Enable IP route map

A_Root(config)#mls rp nde-address ?

A.B.C.D IP address

Bronze

Re: netflow per vlan

Hello,

ohh, you are using CatOs on the switch and IOS on the MSFC.

The first packet goes to the MSFC where is "routed", the switch learn it and other packets go directly via switching part (on the supervisor). So I think that it is correct, if you see only one packet per flow. Did you configure correctly netflow export on the supervisor? See our webpages: http://netflow.caligare.com (section configuration).

Could you send me configuration of your CatOS?

Your MSFC configuration is OK.

Kind regards,

Jan

Community Member

Re: netflow per vlan

On MSFC:

interface Vlan15

ip address x.x.x.x

ip route-cache flow

ip flow-export source Vlan15

ip flow-export version 5

ip flow-export destination 10.248.6.70 9994

On Catalyst:

#mls

set mls flow full

set mls agingtime 128

set mls nde enable

### I suppose this version of IOS does not allow to enable Netflow on the MSFC.

Bronze

Re: netflow per vlan

I think, that your msfc configuration is really OK. But you haven't specified an export destination from your switching part.

switch> (enable) set mls nde 10.248.6.70 9994

switch> (enable) set mls nde version 7

switch> (enable) set mls agingtime long 128

switch> (enable) set mls agingtime 16

If you are using CatOS on the supervisor, and IOS on the MSFC, it is neccessary to configure netflow export destinations for both parts!

In the MSFC you will see only the first packet and on the supervisor (CatOS) the rest of communication (99% flows). I recommend to use the same IP address and port number for both parts (if your analyzer supports it).

Jan

Community Member

Re: netflow per vlan

When I do configure netflow export destinations for both parts, it works., the problem is that all traffic is exported, not only traffic from Vlan 15., but it's OK, thank you very much for the support.

Bronze

Re: netflow per vlan

Welcome.

On the supervisor there is not any mechanism, how to specify from which VLANs or ports do you want to collect a netflow. If you want to see a separate traffic flow, it is neccessary to use some filtering method on the analyzer side. I'm coding Caligare Flow Inspector software, and there are two ways how to filter flow a) you can drop unwanted flows when you receive it or b) when you specify query it is possible to set filtering conditions based on (IP addresses, interfaces, ports, ...), but in the database there are all flows.

Kind regards,

Jan

PS.: One interesting command is: set mls bridged-flow-statistics enable ... (it will account intra-vlan flows, e.g. flows that goes from vlan 15 to vlan 15), but it generates many many flows....

Community Member

Re: netflow per vlan

ok, I will use filtering conditions(set mls nde flow include source...).

thanks again.

Community Member

Re: netflow per vlan

Hi there guys.  Can anyone please tell me where i can go to get help on a problem i have with a 2801 router and using ip flow-export?  I entered the following commands into my router and then the router dropped all outgoing TCP traffic.  I disabled all the commands and my path out reopened.

snmp-server ifindex persist
ip flow-export destination 172.16.10.64 9996 
ip flow-export source FastEthernet 0/1  
ip flow-export version 5
ip flow-cache timeout active 1
int fa0/0
no ip route-cache flow
ip flow egress
int fa0/1
no ip route-cache flow
ip flow egress

once this is entered then all TCP traffic heading outside is blocked...

Thanks for any help..

666
Views
6
Helpful
9
Replies
CreatePlease to create content