Using Netflow on Cat 6500's with the NAM-2 as the collector

skwood · ‎02-18-2004

I am having a hard time getting this to work. The documentation is horrible. Anyone doing this?

rmushtaq · ‎02-18-2004

Is this Ca6K running CatOS or IOS?. And what 'excatly' is not working?. Are you trying to use NetFlow on the local switch or from another router?. If local switch, how have you setup the NetFlow on it?. Have you ponited to the correct NAM port for NetFlow?. Have you turned on Listening Mode in NAM GUI to see if NAM is receiving any NetFlow packets?

skwood · ‎02-18-2004

It is IOS. I don't see the flows on the NAM. I'm sending flows from two switches. Neither is local.

This is the global config:

ip flow-export source Vlan110

ip flow-export version 5

ip flow-export destination 10.20.200.25 3000

This is the configuration on the interface:

interface Vlan110

no ip address

ip route-cache flow

I don't see anything when I turn on listening Mode.

rmushtaq · ‎02-18-2004

The config looks ok, as there isnt' many commnads that need to setup to enable NetFlow on the device. Try moving the 'ip flow-export destination 10.20.200.25 3000' command to under the vlan110 itself.

If you do a 'show ip flow export' on the above device, do you see any flows being shown as exported?

skwood · ‎02-18-2004

Server1-6500#sho ip flow export

Flow export is enabled

Exporting flows to 10.20.200.25 (3000)

Exporting using source interface Vlan110

Version 5 flow records

20190380 flows exported in 1116439 udp datagrams

0 flows failed due to lack of export packet

138350 export packets were sent up to process level

0 export packets were dropped due to no fib

3197 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

0 export packets were dropped enqueuing for the RP

0 export packets were dropped due to IPC rate limiting

You can't do the ip flow-export destination 10.20.200.25 3000 in the config t interface mode.

rmushtaq · ‎02-18-2004

In the NAM Web GUI, under Setup->Data Source->NetFlow->Devices->Create to add this NetFlow Source device. Then after that, goto Listening Mode->Start. If the Auto Refresh box is checked, then the page will refresh by itself. See if this shows you any packets under the Number Received NDE Packets column. This will tell you whether the NAM is seeing any NetFlow packets or not. If after a few mins, you see packets listed, this means that NAM is seeing the packets. in that case, you then need to turn on Collections for this NetFlow Source via Setup->Monitor->Data Source

minie · ‎02-18-2004

Your configs look all good except one thing, you don't have ip address on vlan 110. NDE can only monitor routed or layer 3 switched packets.

In addition, you can also refer to following guide for switch configuration.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/nam_3_1/swcg/config.htm#1041922

On NAM web interface, you need to go to "setup > monitor" and select NETFLOW from data source, and select all appropriate checkboxes.

imanassypov · ‎09-10-2011

guys, is there any concise info / sample setup of a NAM with netflow config collecting from local / remote devices? Cisco's documentation is horrible.

thanks