[c-nsp] 6500 not exporting layer 2 netflow data (RESOLVED)
Jeff Fitzwater
jfitz at Princeton.EDU
Wed Apr 30 15:16:50 EDT 2008
Now that was fun... wasn't it!
You are now an official NDE club member. ;~}
Jeff
On Apr 30, 2008, at 2:52 PM, Andy Ellsworth wrote:
> Aaron Fabiani wrote:
>> Try adding:
>>
>> mls flow ip interface-full
>>
> Aaron just sent me the above suggestion privately (thanks Aaron!), and
> it's looking like that did the trick. Previously I was just using "mls
> flow ip full". Here's a sample netflow PDU containing a bridged flow,
> fresh off the wire from tshark:
>
> pdu 19/29
> SrcAddr: 10.103.253.92 (10.103.253.92)
> DstAddr: 10.100.253.210 (10.100.253.210)
> NextHop: 10.100.253.210 (10.100.253.210)
> InputInt: 79
> OutputInt: 79
> Packets: 5
> Octets: 285
> [Duration: 0.320000000 seconds]
> StartTime: 1905523.192000000 seconds
> EndTime: 1905523.512000000 seconds
> SrcPort: 21
> DstPort: 40508
> padding
> TCP Flags: 0x00
> Protocol: 6
> IP ToS: 0x00
> SrcAS: 0
> DstAS: 0
> SrcMask: 0 (prefix: 10.103.253.92/32)
> DstMask: 24 (prefix: 10.100.253.0/24)
> padding
>
> My relevant config bits currently look like this:
>
> ip flow ingress layer2-switched vlan <vlan list>
> mls ip multicast flow-stat-timer 9
> mls aging long 300
> mls aging normal 60
> mls netflow usage notify 80 300
> mls flow ip interface-full
> no mls flow ipv6
> mls nde sender version 5
> no mls acl tcam share-global
> ip flow-export source <source interface>
> ip flow-export version 5
> ip flow-export destination <netflow collector IP> <UDP port>
>
> ! sample SVI config to capture bridged flows from vlan XYZ
> interface vlanXYZ
> ip address x.x.x.x y.y.y.y
> ip route-cache flow
> end
>
> Thanks again for everyone's assistance.
>
> -Andy
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list