My concern is related to the supervisor module hardware because I was not able to find out the WS-SUP720-BASE datasheet. So I'm not sure whether or not this one includes the Netflow feature included.

The IOS version running on our core switches is 12.2(18)SXF16, howerver if an upgrade is required, we will be able to perform that.

My concern is related to the
supervisor module hardware because I was not able to find out the
WS-SUP720-BASE datasheet. So I'm not sure whether or not this one
includes the Netflow feature included.
The IOS version running on
our core switches is 12.2(18)SXF16, howerver if an upgrade is required,
we will be able to perform that.

Netflow configurations are also supported on Route Switch Processor           720, Supervisor Engine 720. There is no difference between Supervisor Engine           720 and Route Switch Processor 720 as far as NetFlow is concerned. So the same           configuration applies for both for Supervisor Engine 720 and Route Switch           Processor 720

Check out the below link for configuring netflow in 6500 series switches

https://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml#prereq

Hope to help !!

Ganesh.H

Remember to rate the helpful post

Hello Daniela,

as noted by Ganesh netflow is supported in all sup720 versions.

first difference is about the possibility to monitor bridged traffic

In PFC3A mode, NetFlow collects statistics only  for routed traffic. With a PFC3B or PFC3BXL, you can configure NetFlow  to collect statistics for both routed and bridged traffic. Netflow for  bridged traffic requires Release 12.2(18)SXE or later.

you should have a PFC3B.

However, there are some differences that regards the size of the netflow cache.

with sup720 base you have a smaller table then with sup720 3BXL

see table 50-3 in

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html

this may be a problem if observed traffic contains a lot of different flows (different source and destination)

use of table is also influenced by the IP MLS flow mask a more detailed mask means more entries used in the table

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html#wp1148314

Hope to help

Giuseppe

Thank you for all help and support.

I'm a little bit confused on waht exactly means routed traffic and bridged traffic.

Would you mind to help me to understand what exactly this kind of traffic means?

Thanks again for all attention and support.

As far as I can understand my supervisor is “PFC3A mode”, which does not allow the bridged traffic capture.

So I'd like to understand better what exactly that means?

What exactly I'd be able to capture using my supervisor “PFC3A mode” with only routed traffic?

Regards,

Daniela Goulart

Hello Daniela,

sh module can tell you what type of PFC you have I took one from one of our C6500 in a campus

sh module

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  1   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL10414U9U

  2   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-45AF   SAL10425G99

  3   48  SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-45AF   SAL1211JJ4Y

  4    8  CEF720 8 port 10GE with DFC            WS-X6708-10GE      SAL1222S32A

  >>>5    2  Supervisor Engine 720 (Active)         WS-SUP720-3B       SAL10381QC0

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  1  0019.2f56.f14c to 0019.2f56.f163   2.5   12.2(14r)S5  12.2(33)SXH2 Ok

  2  0019.5635.21b0 to 0019.5635.21df  12.1   7.2(1)       8.7(0.22)BUB Ok

  3  001f.6ca0.eea0 to 001f.6ca0.eecf  12.3   7.2(1)       8.7(0.22)BUB Ok

  4  001e.f7f7.c428 to 001e.f7f7.c42f   1.4   12.2(18r)S1  12.2(33)SXH2 Ok

  5  0014.a982.4c0c to 0014.a982.4c0f   5.2   8.4(2)       12.2(33)SXH2 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  1  Distributed Forwarding Card WS-F6700-DFC3B     SAL1034Z9J9  4.4    Ok

  2  IEEE Voice Daughter Card    WS-F6K-48-AF       SAL1043654N  2.2    Ok

  3  IEEE Voice Daughter Card    WS-F6K-48-AF       SAD111504LD  2.3    Ok

  4  Distributed Forwarding Card WS-F6700-DFC3C     SAL1222SCMD  1.0    Ok

>>>>  5  Policy Feature Card 3       WS-F6K-PFC3B       SAL10371CLL  2.3    Ok

  5  MSFC3 Daughterboard         WS-SUP720          SAL10371E8H  2.5    Ok

you should have a PFC3B as PFC3A should be in sup32

bridged traffic means traffic that is within a vlan and that is only processed at Layer 2

routed traffic means traffic between different Vlans/IP subnets (like in a router just to say) for which your 6500 is performing L3 switching.

Hope to help

Giuseppe

So does it mean I will not be able to collect L2 traffic on a trunk interface because my supervisor is not able to collect bridged traffic?

Hello Danielle,

you should be able as you should have a PFC3B in your chassis, post the sh module of your device to provide confirmation

see the following datasheet comparing different types of sup 720

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

even sup32 has PFC3B installed see

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps5972/product_data_sheet0900aecd801c5cab_ps708_Products_Data_Sheet.html

Be aware that you may need specific configuration to support netflow accounting of bridged traffic

see

Enabling NetFlow for Ingress-Bridged IP Traffic

In PFC3B or PFC3BXL mode with Release 12.2(18)SXE and later releases,  NetFlow supports ingress-bridged IP traffic. PFC3A mode does not support  NetFlow for bridged IP traffic.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html#wp1105127

Hope to help

Giuseppe

I guess what Danielle means is, if it is possible to monitor the trunk interfaces directly for L2 traffic. My understanding is that this is not possible as NetFlow data is exported only from L3 interfaces and only Cisco 6500 running Hybrid OS can export NetFlow from switch ports.

As mentioned by Giuseppe, the option is to see the bridged traffic (L2 traffic) within a VLAN using the corresponding bridged traffic command.

Regards,

Jacob