[c-nsp] netflow with source-mac address?
Phil Mayers
p.mayers at imperial.ac.uk
Sat Mar 30 07:52:59 EDT 2013
On 03/29/2013 06:41 PM, Nick Hilliard wrote:
> On 29/03/2013 17:38, Gert Doering wrote:
>> So that would also exclude Sup2T-based systems, using LAN cards (67/68/69xx)?
>
> Honestly, I don't know. The DFC4 on the lan cards may fix this. Maybe
> someone from Cisco can clarify?
This:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps8802/ps11821/ps11846/product_bulletin_c25-717747_ps708_Products_Bulletin.html
...talks about 15.1(SY) on the sup2T and says:
"""NetFlow (TNF) Export L2 MAC and Port Information for IPv4
This feature gives you a way to find out the NetFlow information for
destination and source MAC address along with the port LTL. This is
useful when a bot on the network is spoofing the IP address. We will be
able to track this down with the MAC address using NetFlow."""
I had a feeling I'd seen mention of that feature.
More information about the cisco-nsp
mailing list