Skrao

Sundar gave you a good answer about how to enable NetFlow on an IOS based box. The procedure to enable it if your layer 3 switch runs in hybrid mode is slightly different.

Also you asked if there is need for some server to process NetFlow. I believe that the answer to that question depends on what you are trying to accomplish. As Sundar has shown there are CLI commands to show the NetFlow records (which get tricky to interpret as the traffic volume increases, and the flow records have a very limited lifetime on the device that generates them). So most people who run NetFlow do export the NetFlow records to some external device (server) which will accumulate the NetFlow records and assist in interpreting them. So is an external server required? Not necessarily - but most people do have an external server.

HTH

Rick

Are you sure about that?

SW1-3550#show ver

Cisco Internetwork Operating System Software

IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE

(fc1)

Copyright (c) 1986-2005 by cisco Systems, Inc.

Compiled Wed 23-Mar-05 17:16 by yenanh

Image text-base: 0x00003000, data-base: 0x00841750

ROM: Bootstrap program is C3550 boot loader

SW1-3550 uptime is 1 week, 3 days, 2 hours, 19 minutes

System returned to ROM by power-on

System image file is "flash:c3550-i5q3l2-mz.121-22.EA4.bin"

cisco WS-C3550-24-PWR (PowerPC) processor (revision D0) with 65526K/8192K bytes

of memory.

Processor board ID CAT0730Y0KX

Last reset from warm-reset

Bridging software.

Running Layer2/3 Switching Image

Ethernet-controller 1 has 12 Fast Ethernet/IEEE 802.3 interfaces

Ethernet-controller 2 has 12 Fast Ethernet/IEEE 802.3 interfaces

SW1-3550#config t

Enter configuration commands, one per line. End with CNTL/Z.

SW1-3550(config)#int f0/2

SW1-3550(config-if)#no swit

SW1-3550(config-if)#ip add 172.30.1.50 255.255.255.0

SW1-3550(config-if)#ip route-cache ?

cef Enable Cisco Express Forwarding

flow Enable Flow fast-switching cache

policy Enable fast-switching policy cache for outgoing packets

same-interface Enable fast-switching on the same interface

SW1-3550(config-if)#ip route-cache flow

SW1-3550(config-if)#do ping 172.30.1.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.30.1.12, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

SW1-3550(config-if)#do show ip cache flow

IP packet size distribution (5 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

1 active, 4095 inactive, 1 added

6 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa0/2 172.30.1.12 Local 172.30.1.50 01 0000 0000 5

HTH,

Sundar

*Please rate all helpful posts.

Yes, try any newer IOS - you will be able configure netflow export, but no flows will be exported. Check the following web page:

http://www.cisco.com/en/US/products/ps6601/products_white_paper0900aecd80406232.shtml

In the table 1 there is that Cisco doesn't support netflow on the 2900, 3500, 3660 and 3750 series. I know that netflow works on the 3550 switches with older IOS, but in the exports there wasn't all flows, only the first routed packet (other packets that were switched, were not stored in the netflow cache).

Jan