I just wanted to know a few basic things about MARS:
1. Regarding Netflow on 6509 switches, where do i put the ip route-cache flow statement? Do i put it on all user vlan's or server vlan's or management vlan's? Also, is it ok if i apply it on trunk ports?
2. Regarding routers, do i put ip route-cache flow on trunk ports or on Layer 3 interfaces only?
Thanks a lot
1. Put the command on any interface where you want to monitor traffic flows (ingress and egress).
2. AFAIK- layer 3 interfaces only.
HTH and please rate.
I would only add to Collin's answer the following guidelines which I employ:
"Ideally, NetFlow information should be collected from the distribution switches and routers. These devices, together with NetFlow from Internet-facing routers or syslog from firewalls, represent the entire network.
Just a word of caution on Netflow. You do not want nor need to turn it on for every networking device. Otherwise you will get multiple copies of the same info. Where you want to turn it on is at logical aggregation points, like your distribution layer, or WAN aggregation router."
Hope this helps.
Thanks a lot for your help and effort in sorting out my confusion.
There is one more thing that i noticed about the Resource Utilization report (Memory and CPU) of MARS. When i click on View report, it only shows me the TOP N values of some Layer 3 devices.
Is there a way for this report to also show Layer 2 and all other devices (ASA, FWSM) etc also?
I would like to gather NetFlow stats from the fiber interface to my PIX. What is the non-route command for a layer 2 interface? I am picturing the command on the 6513 side.
i want to do ccsp but i can't have books because i don't have money. can you help me.I'm from Cameroun in Africa.
PO BOX 5213 ASAFE DOUALA-CAMEROUN
please i want to do ccsp but i don't have course. cant you help me to have books free? i'm from cameroun in africa.