jp replied on Fri, Jan 16 2009 5:35 PM

rated by 0 users

Thanks, Jeff!

This looks just like what I use as well, just wanted to verify this for others on the forum.

'mls netflow sampling' also helps on some of our SVIs if we're missing some statistics - this often happens.

-JP

step1014 replied on Tue, Mar 24 2009 9:20 PM

rated by 0 users

Yes,

on the other hand, please take care of command on 6500, which are native mode and hybrid OS.

Native mode is mostly using IOS and Hybrid mode is mostly using CATOS.

Below is a link for your reference to configure your 6509 switch.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

dan-uk replied on Mon, Jun 1 2009 5:50 AM

rated by 0 users

Good Morning

I'm new to solarwinds Netflow and was wondering where my schoolboy error might be.  I have a 6509 running the following IOS image :

sup-bootflash:s72033-ipservicesk9-mz.122-18.SXF12a.bin

I am monitoring only 1 routed interface in NPM at the moment for the purposes of getting netflow working/displaying correctly.

I have entered the following commands in global conf mode on the 6509:

mls flow ip full
mls nde sender version 5
ip flow-export source xxx.xxx.xxx.xxx
ip flow-export destination xxx.xxx.xxx.xxx xxxx

This should send data for all routed interfaces without the need to configure the interface with :

ip flow ingress
ip route-cache flow

In NTA, I have added this one interface.  The problem I'm having is that on the summary page, the Top 5 Applications shows virtually no traffic, just some SNMP, NTP and Netbios.

However, if I click on the specific interface, the Top 5 Applications returns the real data, I.E several gigs of traffic replicating between our SANS, email, http etc..

If i only have one interface monitored in NTA, why does the summary page not display the same top 5 as in the interface view ?

As a test I added one more interface but this time from a 3600 series router and this time the summary page accurately reflects the stats in the interface page.....

Any help greatly appreciated.

Cheers

Dam

r0berth1 replied on Tue, Jul 7 2009 2:54 PM

rated by 0 users

this command "ip flow ingress layer2-switched vlan X" does not work on a 6509 with "Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB11a, RELEASE SOFTWARE (fc1)".

wazzup replied on Mon, Sep 14 2009 3:40 AM

rated by 0 users

Hi all, anybody have experience with implementing NTA 3.5 on a 7609 running c6sup22-pk2sv-mz.121-27b.E4 ?

I'm using:

mls flow ip full
mls nde sender version 5

ip route-cache flow
ip flow-export source Loopback*
ip flow-export version 5

ip flow-export destination 1*.*.*.* 2055

my problem looks a bit like yours , i can't seem to display all data ...any idea's?

Bunookana replied on Mon, Sep 14 2009 10:14 AM

rated by 0 users

You probably need to update the applications or ports that the Netflow module will report to you.   After completing the steps below, I found that I was able to see all the traffic I was expecting to see.

Go to the Netflow settings page > Click Edit under "Application and Service Ports" >  Select "Enable All Monitoring"

wazzup replied on Tue, Sep 15 2009 3:30 AM

rated by 0 users

done that (was enabled on all ports though) and waiting for collectors to collect something :-)

AlbanyNY Mike replied on Wed, Sep 30 2009 9:36 AM

rated by 0 users

Hello all,

This has been quite confusing.  We have implemented Netflow on all our 2821 routers.  It was pretty easy. 

Now the 6513 we have is a whole other story.  none of the suggested answers posted here work.
ip flow ingress layer2-switched vlan X is not even an option.  Once I hit "layer2" when typing the command, it is not recognized.

I have had success for about 20 minutes using this method:

Conf t - Int vlanXX

Ip flow ingress

ip route-cache flow

Conf t

ip flow-export version 5

ip flow-export source vlanXX

ip flow-export destination x.x.x.x 2055

This sends the vlan traffic to Orion, and displays properly for about 20 minutes, then it just stops.  Also, when using this method, 99% of the stats are regarding the broadcast IP of the vlan.

Can anyone out there come up with a solid method for implementing netflow on a 6513?

Ciscos docs dont seem to help me out.

SLXer replied on Wed, Sep 30 2009 9:52 AM

rated by 0 users

If this is not a layer 3 interface your not going to flow from it. If supported you would need to configure netflow on the layer 3 vlan interface.

If your access side is layer 2 your layer 3 vlans are likely on your core.

I hope this helps

AlbanyNY Mike replied on Wed, Sep 30 2009 10:02 AM

rated by 0 users

Thanks for the tip SLXer,

I believe it is a layer 3 interface.  It is a user VLAN (10.66.130.0) and connects to our core switch on blade one.  on blade 2 is where we have all our servers (10.66.128.0)

Blade 3 is our DMZ stuff, etc.

When I used the config I had previously posted, the flows came to Orion for about 20 minutes, then abrublty stopped.  Also, it was all hosts talking to the broadcast IP 10.66.133.255.

Perhaps its not a layer 3 interface and I am in over my head.  We basically want to see the flows from this user VLAN, but I am not having any luck searching Cisco or Thwack.

Thanks again for the tip!

SLXer replied on Wed, Sep 30 2009 11:41 AM

rated by 0 users

Mike,

I can promise you your never going to see more than what your seeing right now with that configuration.

Its rather annoying that cisco lets you apply the netflow configuration to a layer 2 interface. No doubt its because the interface has the capacity to be configured as a layer 3 interface.

Netflow however is a layer 3 technology and will only work properly when applied to a layer 3 interface.

(For it to be a layer 3 interface the interface would need its own IP address)

AlbanyNY Mike replied on Wed, Sep 30 2009 11:53 AM

rated by 0 users

Thanks SLXer,

Without getting to technical, off the top of your head, do you know of a way to configure this to get flows from users who connect to the core switch through fiber trunks?
We are a New York State Agency, and we have several offices through out the state.  It was pretty easy to set up Netflow on these Far Site 2821 routers.  Life was great.

Then MGMT wanted to see the flow traffic of users here in our 10 Floor Central Office.  Each floors user switch (3550) connects back to the core using a fiber trunk.  Blade 1 of our core are all the fiber connections to switch closets.

Anyway we can config the 6513 to see the flows of this traffic? 
If we cant, then it really impacts our use of Netflow.  Seeing the top talkers, apps, convos of these far sites is great, but we are missing a GIANT chunk if we cant see any of the 500 users here at the Central Office.

Any assistance would be GREATLY appreciated.

Thanks again!