Thanks for the help..

Ip flow ingress is enabled on all vlan interfaces.

I am recieving flows from all vlan interfaces . When i run the command "show ip interface brief | exclude unassigned" The output is vlan interfaces only and yes they are netflow enabled.

The flows i want are flows from specific interfaces. IE. how much port 80 traffic from "interface GigabitEthernet1/7". How do i enable netflow on specific interfaces? Is it possible to recieve flows for these interfaces? I have tried different combinations of netflow versions and collecters, nothing seems to work.

Shane Gaumond

Try

ip flow ingress layer2-switched vlan

ip flow export layer2-switched vlan

You don't mention (or I skimmed over it) what IOS Version you are running. With PFC3B or PFC3BXL running 12.2(18)SXE or higher you need these two commands to enable NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.

HTH

Steve

IOS version 12.2(18)SXF6 about to go to 12.2(18)SXF7..

I had the IP flow ingress layer2-switched commands in place and I was recieving all traffic within vlans as well as inter-vlan traffic.

The problem I have is that the info collected pertains only to VLAN interfaces. The ifindex #'s being sent to the collecter are those of the vlan interfaces. What i want is the ifindex's to be matched to the physical interfaces. for example Vlan 83 runs across 3 trunk ports setup on int 4/5 4/7 and 2/3. I am recieving vlan 83 data but the ifindex #'s of the flows dont match to these interfaces the ifindex being reported for all vlan 83 traffic is the ifindex of "int vlan 83"

I Think i found something. All of my physical interfaces are setup with the switchport command and the command ip flow ingress is not available. If i enter no switchport from an ifconfig the ip flow ingress command becomes available. It seems that the 2 cannot coexist. Perhaps there is some sort of global command or CEF command to enable all interfaces to send netflwo info.

How do i collect netflow stats on "int gi 2/3" without using the ip flow ingress command??

Thanks for all the help...

Shane Gaumond...

Clarification of my issue...

I have a server connected to port 3/4 with ip 192.168.56.9.

I am recieving flows with the IP 192.168.56.9 both as source and destination..lots of info.

The problem is that the flows have an ifindex matching to "int vlan 56". What im looking for is that the ifindex matches to "int gi 3/4"

We also run netflow on another 6006 chassis. Hybrid OS...Cat OS for the switching and IOS for the routing. Netflow reporting from this chasis is very good. The CatOS reports MLS Switched info with ifindex's matching to physical ports such as 2/3 or 4/5. The IOS only reports Routed info with ifindex's matching vlan interfaces.

I'm trying to duplicate the setup on the 6509 chasis. Is it possible??

Thanks for the imput....

Shane Gaumond

Here is some output.

sh running-config full | include mls

mls ip multicast flow-stat-timer 9

mls aging long 64

mls aging normal 55

mls netflow usage notify 80 120

mls flow ip interface-full

no mls flow ipv6

mls nde sender

no mls acl tcam share-global

mls cef error action freeze

I dont know if the above helps but from the config prompt I have entered

mls netflow

I have trouble believing that the large amounts of flows and traffic I am recieving are only what hits the CPU. The Router is reporting all the flows even MLS/CEF I would expect it too but the flows are reporting Vlan interfaces not physical interfaces.