netflow : 6506E IOS 12.2(33)SXJ10 only a small part of data collected
I am not sure if I am correct with my netflow question in this category. But I hope so.
I am running "nfsen" as netflow collector. I am collecting the netflow data from two cisco devices: this is a C2921 as Internet gateway and a WS-C6506-E as central switch with routing module and several routed VLAN's. This 6506 has IOS Version 12.2(33)SXJ10. The netflow graphs for C2921 are looking quite fine. What we are seeing could be what really goes over this router. But if I look at graph of 6506 I see typically less than 5 Mbit which can't be true in a network of hundred of users and a lot of servers. I made some tests between two routed VLANs with "iperf" and netflow shows less than 0.1% of the reported throughout. Obviously I made something wrong with the cisco configuration.
These are the relevant part of my config:
ip flow-cache entries 128000 ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,25,52,56,80,90,125
mls aging fast time 15 threshold 3 mls aging long 64 mls aging normal 32 mls netflow interface mls flow ip interface-full mls flow ipv6 interface-full mls nde sender version 5 mls sampling time-based 64 mls qos map dscp-cos 40 to 4
VLAN interfaces I have for example:
interface Vlan1 ip flow ingress ip flow egress
Finally I have:
ip flow-export source Vlan1 ip flow-export version 9 ip flow-export destination some.ip.add.ress 10002 ip flow-aggregation cache protocol-port cache entries 1024 cache timeout inactive 300 export destination some.ip.add.ress 10002 enabled ! ip flow-top-talkers top 50 sort-by bytes
Looking at your config I would try reverting the cache timeout value to default (30 minutes). You already have configured an above default cache size, so timing active flows out after one minute seems excessive and may be where you hare losing the data.
Show CommandPurposeCiscoICX-RuckusShow Spanning tree infoShow spanning-treeshow 802-1wVerify Port-Channel / Link aggregation infosh lag briefsh etherchannel summaryShow CDC/LDP neighbor infoshow cdp neighbors detailsh lldp neighbors de sh mac a...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.
Introduction to SD-Access Multicast
The document describes the Cisco DNAC UI workflow introduced as part of the Cisco DNA Center1.3.3 release. The document covers the components of Multicast forwarding on SD-Access fabric and the configuration pushed to...