[c-nsp] 6500 Netflow

Jeff Fitzwater jfitz at Princeton.EDU
Thu Apr 17 11:57:51 EDT 2008 

The command "ip flow-ingress supersedes "ip route-cache flow".  These  
commands are very version dependent.   We are now at 12.2(33)SXH and  
it is even different yet.   Supports per interface IP-FLOW-INGRESS.    
This becomes an issue when you TRY to have both MICRO_FLOW _POLICING  
and NDE at same time.

What works in one version may not work in another.   We have had many  
headaches with NDE configs.



Jeff Fitzwater
OIT Network Systems
Princeton University
On Apr 17, 2008, at 11:49 AM, virendra rode // wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paul Stewart wrote:
>> That's it!  Thanks very much... "ip flow ingress" solved my  
>> problem...
>>
>> Paul
> - -----------------------
> Unless I'm missing something won't "ip route-cache flow" on the main
> interface will overwrite "ip flow ingress" data collection selected
> sub-interface(s)?
>
>
> regards,
> /virendra
>
>>
>>
>> -----Original Message-----
>> From: Jeff Fitzwater [mailto:jfitz at Princeton.EDU]
>> Sent: Wednesday, April 16, 2008 1:16 PM
>> To: Paul Stewart
>> Cc: 'cisco-nsp'
>> Subject: Re: [c-nsp] 6500 Netflow
>>
>> Not sure what IOS you are running, which can make a difference, but
>> you are probably only seeing route-processor flows and not mls
>> switched flows.
>> There should be an interface command like "ip flow-cache" or "ip flow
>> ingress".     There are other commands that enable BRIDGED flows to  
>> be
>> included,  (port to port within switch) but don't remember what they
>> are.
>>
>> Jeff  Fitzwater
>> OIT Network Systems
>> Princeton University
>>
>>
>> On Apr 16, 2008, at 12:20 PM, Paul Stewart wrote:
>>
>>> Hi there...
>>>
>>> I am trying to turn up netflow reporting on a 6500 - ran into this
>>> before
>>> and can't remember the solution....;)
>>>
>>> On the reporting server I'm not getting the correct levels of data -
>>> almost
>>> like it's sampling the data by default...
>>>
>>> Can someone tell me the missing piece here?  I've searched the 6500
>>> docs and
>>> don't see anything wrong....
>>>
>>> Config looks like this:
>>>
>>> ip flow-cache timeout active 1
>>> mls flow ip interface-full
>>> ip flow-export version 5 origin-as
>>> ip flow-export destination xxx.xxx.xxx.xxx xxxx
>>> mls rp ip
>>> mls aging long 64
>>> mls aging normal 32
>>> mls flow ip interface-full
>>> mls nde sender version 5
>>> no mls acl tcam share-global
>>>
>>> Thanks ... the netflow reporting system works great against the
>>> GSR's, only
>>> having this problem with the 6500's
>>>
>>> Paul
>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFIB3F3pbZvCIJx1bcRAvUiAKDMfUPnBBVrIO1af1r+vcFysr8i5gCg7imL
> 5ArP8VUXsyDs9cJzPAHoLC4=
> =49TK
> -----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list