Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

6509 gigabit interface won't do NetFlow

Posted on 2010-11-16
6
1,442 Views
Last Modified: 2012-05-10
Trying to enable NetFlow on a Cisco 6509 layer 2 switch with a 720 sup.  IOS (tm) s72033_rp Software (s72033_rp-PK9S-M), Version 12.2(18)SXD6, RELEASE SOFTWARE (fc1)

Ive enabled these global commands:

mls netflow
!
mls aging long 64
!
mls aging normal 32
!
mls flow ip interface-full
!
mls nde sender version 5
!
ip flow-export source GigabitEthernet1/46
!
ip flow-export destination 10.1.13.253 9995

I want to monitor interface GigabitEthernet1/46, but it wont except these commands on the interface.

ip route-cache flow
!
ip flow ingress

I'm i doing this correctly?  

Thanks,
Bob
0
Comment
Question by:gonzo117
  • 3
  • 2
6 Comments
 
LVL 10

Expert Comment

by:cstosgale
ID: 34150141
Is Gig1/46 configured as a layer 3 interface? If it is a layer 2 interface it definitely won't work. You can configure netflow on layer 3 interfaces and SVIs only.

I would check any documentation related to the line card, and see if you can enable it on a different model of line card.
0
 

Expert Comment

by:pdube
ID: 34159327
Hello gonzo117,

It looks like there are a few global commands that are missing in your NetFlow configuration.  Add the following:

ip flow-export version 5
ip flow ingress layer2-switched vlan (insert vlans X,Y,X)
ip flow-cache timeout active 1
mls nde interface

After you've added these try adding 'ip route-cache flow' to your interfaces.
0
 

Author Comment

by:gonzo117
ID: 34159657
Hi tried to enter the global commands, it took all but this;

AMDFCS1(config)#ip flow ingress layer2-switched vlan 1
                        ^
% Invalid input detected at '^' marker.

This is available globally under ip flow
AMDFCS1(config)#ip flow?
flow-aggregation  flow-cache  flow-export


Interface would not take, ip route-cache flow


This is available on the interface under ip
AMDFCS1(config-if)#ip route-cache flow
                       ^
% Invalid input detected at '^' marker.

AMDFCS1(config-if)#ip ?
Interface IP configuration subcommands:
  access-group  Specify access control for packets
  address       Set the IP address of an interface
  arp           Configure ARP features
  dhcp          DHCP
  rsvp          RSVP interface commands
  rtp           RTP parameters
  vrf           VPN Routing/Forwarding parameters on the interface

Is there anything else to try?
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 10

Expert Comment

by:cstosgale
ID: 34160008
Ip route-cache flow is a legacy command. You should now use ip flow ingress, but as far as I am aware this must be done on layer 3 interfaces.

You don't need any additional commandsnto enable netflow with a local cache on the switch. Can you post the config of the interface you are trying to enable netflow on?
0
 

Author Comment

by:gonzo117
ID: 34160238
!
interface GigabitEthernet1/46
 description WAN to SUREWEST COLO - PRODUCTION TRUNK
 no ip address
 speed 100
 duplex full
 mls qos trust dscp
 switchport
 switchport mode trunk
!
0
 
LVL 10

Accepted Solution

by:
cstosgale earned 500 total points
ID: 34163374
Ok so this port is a layer 2 port. therefore you cannot enable netflow on it. You can enable netflow on layer 3 interfaces that go over this port, e.g. :-

int vlan 10
ip flow ingress

If you are on a very old IOS version, you may have to use ip route-cache flow instead.

By definition, netflow works at a layer 3 level, therefore you can only enable it on interfaces that have IP addresses, i.e. they are layer 3 interfaces.

The ip flow-export source command you used in your original post will only set the source address for the export packets. This will not enable netflow for that interface.

You can also enable the collection of layer 2 switched flows using:-

ip flow ingress layer2-switched vlan 1

if this command is not working for you, you are probably on an old IOS release, or do not have hardware that supports this command. Below is the relevant command reference that describes the restrictions:-

http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1012951
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port 808 is being blocked 9 120
Routing between two networks? 10 71
How to make my old USB printer wireless? 71 216
WAN Site Edge Routers 15 62
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

766 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question