Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
0
Helpful
2
Replies

Netflow on 6509 - missing lots of traffic

roger perkin
Level 2
Level 2

‎05-13-2011 06:07 AM - edited ‎03-06-2019 05:02 PM

I have setup Netflow on our 6509 and it is reporting some traffic, but it appears today not all!

My Netflow monitoring was showing about 5Mbs usage across our replication link when in fact it was running at 100Mbs killing the line.

Config on the netflow is like this

ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 903,998

mls netflow interface
mls flow ip interface-full
mls nde sender version 5

** this is the bit I am not sure on **

interface Port-channel100
description Site to Site Connection
no switchport
ip address 10.252.255.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress

Firstly this is a Layer 2 interface and I am not sure about Netflow working on it?

The Vlan that the server generating the traffic is in is defined in the FWSM

So I have done this hoping it will catch all the traffic coming out.

interface Vlan999
description FWSM Outside
ip address 10.251.251.241 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
end

So the issue - a server generating a lot of replication traffic is not outputting this in Netflow

I am not sure how to test this as I have been told to get a 6509 configured for Netflow is quite tricky.

Any help advice would be appreciated

Roger

Labels:
0 Helpful
2 Replies 2

roger perkin
Level 2
Level 2

‎05-13-2011 06:55 AM

Having researched this a bit more it appears the only way to get Netflow stats out of devices underneath the FWSM is to enable it on the communication channel between FWSM and 6500

I assume this to be on my setup vlan 999, other posts I have read is to enable Layer 2 and Layer 3 netflow on this interface

So the config on this interface now looks like this

interface Vlan999
description FWSM Outside
ip address 10.251.251.241 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress - (Layer 3 Netflow )
end

ip flow ingress layer2-switched vlan 903,998-999

Roger

0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to roger perkin

‎05-13-2011 08:53 AM

It looks like you have most of it configured correctly, so you may have something with the FWSM that's affecting it. Try this:

mls aging long 64
mls aging normal 64
mls netflow interface
mls flow ip interface-full
mls nde sender version 5
mls cef error action freeze

ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,95,126,140
mls netflow interface
mls flow ip interface-full
ip flow-export version 5
ip flow-export destination
ip flow-top-talkers

Then under each VLAN you'd need to enable ip flow ingress/egress....

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml

As far as the FWSM, I'm not sure...I've only worked with ASAs, and I'm not sure they're the same.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents