netflow on cisco me 6523

seanbakers · ‎09-29-2011

hello

im trying to get netflow working on a me 6523 to a destination address using udp port 4739 but im not getting anything through wire shark while connected

to a span port on the router or the connecting switch.

Im using the management interface which is using port-channel1

Don Jacob · ‎09-30-2011

Hi Sean,

Can you try configuring your Cisco switch as below and check.

mls netflow // This enables NetFlow on the Supervisor.

mls nde sender version 7

mls aging long 64 // This breaks up long-lived flows into (roughly) one-minute segments.

mls aging normal 32 // This ensures that flows that have finished are exported in a timely manner.

mls flow ip interface-full

mls nde interface

The next two commands will help to enable NetFlow data export for bridged traffic which is optional. You can specify the list of VLANs here to enable bridged traffic.

ip flow ingress layer2-switched vlan

ip flow export layer2-switched vlan

Apart from this, NetFlow has to be enabled on the MSFC using the below commands.

ip flow egress // This command has to be executed on all the L3/VLAN interfaces.

ip flow-export destination {hostname|ip_address} 9996 // The hostname or IP address of the flow server

ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0

ip flow-export version 9

ip flow-cache timeout active 1

snmp-server ifindex persist

Regards,

Don Thomas Jacob

ManageEngine NetFlow Analyzer

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.