Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NetFlow

Hey Everyone,

I have two 6513's running IOS v.12.2(18)SXF8. I am having issues sending Netflow data to an NFSEN workstation. Basically, when i do "sh ip route cache flow" on switch 1 I see all source ip, source port , dest ip and dest port info. However, when i do the same command on switch two i only see src ip and dest ip info. I need to see all src port and dst port info. I am using nfdump/nfsen to capture all data (which by the way is the best netflow capture tool i have ever used). HEre is the config from each switch. Any ideas would be great! thanks. by the way, i am using a PFC3 card in each device.

Switch 1:

ip flow-cache timeout active 5

ip flow ingress layer2-switched vlan 2,5,65,161,197-198,200

ip flow-export version 5

ip flow-export destination 10.23.20.60 10106

mls ip multicast flow-stat-timer 9

mls flow ip interface-destination-source

no mls flow ipv6

mls nde sender version 5

no mls acl tcam share-global

mls cef error action freeze

switch1#sh mls netflow flowmask

current ip flowmask for unicast: if-dst-src

current ipv6 flowmask for unicast: null

Switch2:

ip flow-cache timeout active 5

ip flow ingress layer2-switched vlan 2,5,65,161,197-198,200

ip flow-export version 5

ip flow-export destination 10.23.20.60 10107

mls ip multicast flow-stat-timer 9

mls flow ip interface-destination-source

no mls flow ipv6

mls nde sender version 5

no mls acl tcam share-global

mls cef error action freeze

switch2#sh mls netflow flowmask

current ip flowmask for unicast: if-dst-src

current ipv6 flowmask for unicast: null

1 REPLY

Re: NetFlow

hi,

it should be used full or interface-full in oder to get the port information from the Netflow data.

But if there is some netflow-mask conflict (e.g. in case one uses NAT it's not possible to use full-mask for Netflow) then the IOS could take the smaller mask.

111
Views
0
Helpful
1
Replies