[c-nsp] 6500 not exporting layer 2 netflow data (RESOLVED)
Andy Ellsworth
andy at dar.net
Wed Apr 30 14:52:04 EDT 2008
Aaron Fabiani wrote:
> Try adding:
>
> mls flow ip interface-full
>
Aaron just sent me the above suggestion privately (thanks Aaron!), and
it's looking like that did the trick. Previously I was just using "mls
flow ip full". Here's a sample netflow PDU containing a bridged flow,
fresh off the wire from tshark:
pdu 19/29
SrcAddr: 10.103.253.92 (10.103.253.92)
DstAddr: 10.100.253.210 (10.100.253.210)
NextHop: 10.100.253.210 (10.100.253.210)
InputInt: 79
OutputInt: 79
Packets: 5
Octets: 285
[Duration: 0.320000000 seconds]
StartTime: 1905523.192000000 seconds
EndTime: 1905523.512000000 seconds
SrcPort: 21
DstPort: 40508
padding
TCP Flags: 0x00
Protocol: 6
IP ToS: 0x00
SrcAS: 0
DstAS: 0
SrcMask: 0 (prefix: 10.103.253.92/32)
DstMask: 24 (prefix: 10.100.253.0/24)
padding
My relevant config bits currently look like this:
ip flow ingress layer2-switched vlan <vlan list>
mls ip multicast flow-stat-timer 9
mls aging long 300
mls aging normal 60
mls netflow usage notify 80 300
mls flow ip interface-full
no mls flow ipv6
mls nde sender version 5
no mls acl tcam share-global
ip flow-export source <source interface>
ip flow-export version 5
ip flow-export destination <netflow collector IP> <UDP port>
! sample SVI config to capture bridged flows from vlan XYZ
interface vlanXYZ
ip address x.x.x.x y.y.y.y
ip route-cache flow
end
Thanks again for everyone's assistance.
-Andy
More information about the cisco-nsp
mailing list