Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
1
Replies

Netflow Version 5 or 9? + Configuration on a Cisco 6500

Matthew burnley
Level 1
Level 1

‎01-31-2014 06:21 AM - edited ‎03-04-2019 10:13 PM

Hello Everyone,

I have a few questions regarding Netflow and I’m hoping you guys can help me out.  We have an internet facing 6500 Layer 3 switch running BGP, i want to turn on Netflow and capture a sample of all the traffic on the interfaces that connect us to other Autonomous Systems (AS's) in a bid to ascertain where the traffic is going, or  to which AS our traffic is going outbound.

I obviously want to use sampling so i propose 1 in every 512 packets to be sent to the Netflow server, now my dilemma is do i configure Netflow with the usual commands or do i use the:

ip cef

flow-sampler-map netflowexport

mode random one-out-of 512

interface fastethernet0/0

ip route-cache cef

flow-sampler netflowexport

ip flow-cache timeout active 1

ip flow-cache timeout inactive 15

ip flow-export source Loopback0

ip flow-export version 9 origin-as

ip flow-export destination 150.150.150.2 9996

snmp-server ifindex persist

Or

Switch(config)#mls netflow

Switch(config)#mls flow ip full

Switch(config)#mls nde sender version 5

mls sampling packet-based 512

mls aging long 300

mls aging normal 120

is the MLS commands just to enable Netflow for layer 2 exports?

Also i have a choice between version 5 and 9, i want to monitor traffic inbound and outbound on an interface, i have read on the internet that exports only work in one direction on version 5?

Does anyone know any decant windows based Netflow software that is value for money and supports monitoring of traffic between autonomous systems? - I’m about to trial Scrutinizer Netflow Analyser.

Many thanks for your ideas/suggestions.

Matt.

Labels:
0 Helpful
1 Reply 1

Robert Falconer
Level 1
Level 1

‎01-31-2014 08:41 AM

mls netflow enables netflow collection on the PFC

ip route-cache flow enables netflow on the MSFC for a particular interface and all subinterfaces.

Netflow 5 only works for inbound flows. Version 9 allows you to specify flow egress from an interface as well.

I've used Scrutinizer in the past and been pretty happy with it. I've also used Solarwinds.

0 Helpful
Customers Also Viewed These Support Documents