Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MARS basic questions

Hi friends,

I just wanted to know a few basic things about MARS:

1. Regarding Netflow on 6509 switches, where do i put the ip route-cache flow statement? Do i put it on all user vlan's or server vlan's or management vlan's? Also, is it ok if i apply it on trunk ports?

2. Regarding routers, do i put ip route-cache flow on trunk ports or on Layer 3 interfaces only?

Thanks a lot

Gautam

11 REPLIES

Re: MARS basic questions

Gautam,

1. Put the command on any interface where you want to monitor traffic flows (ingress and egress).

2. AFAIK- layer 3 interfaces only.

HTH and please rate.

Silver

Re: MARS basic questions

Hi Gautam

I would only add to Collin's answer the following guidelines which I employ:

"Ideally, NetFlow information should be collected from the distribution switches and routers. These devices, together with NetFlow from Internet-facing routers or syslog from firewalls, represent the entire network.

Just a word of caution on Netflow. You do not want nor need to turn it on for every networking device. Otherwise you will get multiple copies of the same info. Where you want to turn it on is at logical aggregation points, like your distribution layer, or WAN aggregation router."

Hope this helps.

Best,

Paul

Re: MARS basic questions

Excellent points Paul, worth some points.

New Member

Re: MARS basic questions

Thanks a lot for your help and effort in sorting out my confusion.

There is one more thing that i noticed about the Resource Utilization report (Memory and CPU) of MARS. When i click on View report, it only shows me the TOP N values of some Layer 3 devices.

Is there a way for this report to also show Layer 2 and all other devices (ASA, FWSM) etc also?

Thanks

Gautam

New Member

Re: MARS basic questions

I would like to gather NetFlow stats from the fiber interface to my PIX. What is the non-route command for a layer 2 interface? I am picturing the command on the 6513 side.

Re: MARS basic questions

non-route command? I don't understand.

New Member

Re: MARS basic questions

I was told that there is a different command that I need to put on a layer 2 switch interface since the ip route-cache does not work.

Re: MARS basic questions

AFAIK you can't monitor Netflow traffic via a layer 2 interface.

Bronze

Re: MARS basic questions

nProbe should be able to do it via a span port. Its related to NTOP and can be found at http://www.ntop.org/nProbe.html

New Member

Re: MARS basic questions

Hello Paul

i want to do ccsp but i can't have books because i don't have money. can you help me.I'm from Cameroun in Africa.

Djomabou Germain

germaindjomabou@yahoo.fr

(237)75451805

PO BOX 5213 ASAFE DOUALA-CAMEROUN

New Member

Re: MARS basic questions

hello Gautam,

please i want to do ccsp but i don't have course. cant you help me to have books free? i'm from cameroun in africa.

germaindjomabou@yahoo.fr

160
Views
15
Helpful
11
Replies