03-22-2007 09:48 PM
I read lots of articles and manuals, but I can't make netflow work correctly.
I read conversation about NetFlow http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddd9eb4
and I asked some things but I didn't received questions, because I created this Conversation.
I confused.
I have got a Cat 6506-E SUP 32.
It contains a lot of Vlan interfaces on Layer 3. Every vlan interface has got an ip address.
Netflow collector - NFA 5.5, which works correctly with routers 28,38 series.
I need in information L3 traffic.
Netflow configuration:
ip flow-cache timeout active 1
mls ip multicast flow-stat-timer 9
mls aging long 300
mls aging normal 120
mls flow ip interface-destination-source
no mls flow ipv6
mls nde sender
mls sampling time-based 64
no mls acl tcam share-global
mls cef error action freeze
...
...
ip flow-export source Vlan10 (vlan 10 - core vlan of my network, it contains servers and network devices)
ip flow-export version 9
ip flow-export destination x.x.x.x 9996
and every Vlan interface has following lines:
ip flow ingress
mls netflow sampling
And when I try to enter
#mls flow ip full
or
#mls flow ip interface-full
I receive:
% Unable to configure flow mask for ip protocol: interface-full. Reset to the default flow mask type: none
03-25-2007 05:52 PM
I don't believe that nobody knows the answer.
Please, help me, save my soul !
04-02-2007 03:21 PM
Call TAC.
04-02-2007 05:19 PM
I'm sorry, I'm new to Cisco.
What is it TAC ?
04-03-2007 01:07 AM
It is Cisco technical support center... My recommendation is contact Crannog and require what is wrong on your configuration. I'm curious what they answer ;o) We are using similar cisco configuration, but we haven't any problem with it. (Only one problem: on the Sup720 are not exported TCP flags in the netflow ;o( ), but we are using another analyzing software...
04-03-2007 01:04 PM
Ok... Here are some things I notice...
Change this:
mls flow ip interface-destination-source
to this:
mls flow ip interface-full
Also, get rid of the mls sampling... it only samples out of the table and not the actual traffic going into the table.
Also... you have a sup 32 and not a sup720? If so, that is going to be something that may be a problem for you getting accurate traffic from netflow.
Try all that and see what you get.
04-03-2007 05:25 PM
My Cat doesn't accept following:
mls flow ip interface-full
It replies^
% Unable to configure flow mask for ip protocol: full. Reset to the default flow mask type: none
But I remember that once time I managed to enter this string.
Yeah. I have Sup 32. My current config I got from colleage, who uses Sup 720.
Sapmling means that One of set packets will be switch to NetFlow collector?
04-03-2007 11:59 PM
You will not be able to change the flowmask after you configure NAT. You might be hitting the bug CSCsb41562.
PS.: I don't think that netflow statement is required on all interfaces. It is required on L3 interfaces. You can use 'show ip interface brief' to see all interfaces with assigned IP address. Put netflow statement on these interfaces only. I agree that mls sampling may cause some problems with your collector...
Bye
Jan
04-04-2007 06:21 PM
I have netflow statement only on all VLAN interfaces L3. I'll try to remove "mls sampling" from some interfaces and compare results with current ones.
04-05-2007 12:07 AM
I found out that I already have got a patched IOS. It's version is Version 12.2(18)SXF6, RELEASE SOFTWARE (fc1). But the bug presents.
I remove all nat from configuartion and I managed to enter:
mls ip flow interface-full
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide