06-05-2008 12:51 AM - edited 03-05-2019 11:26 PM
Good day everyone!
device: MSFC2(C6MSFC2-BOOT-M), Version 2.1(8a)EX.
A_Root(config)#interface Vlan 15
A_Root(config-if)#ip route-cache flow
Q: When I do 'show ip cache flow', only 1 packet per IP is printed(see attached file).
thank you very much.
06-05-2008 02:14 AM
Hello,
you need to enable mls netflow...
Try the following commands:
switch(config)# mls nde sender version 7
switch(config)# mls aging long 128
switch(config)# mls aging normal 16
switch(config)# mls netflow
On the Supervisor Engine 1 issue the following to put full flows into the netfow exports:
switch(config)# mls flow ip full
If you have a Supervisor Engine 2 or 720 running IOS version 12.1.13(E) or higher, issue the following commands instead:
switch(config)# mls flow ip interface-full
Thats, all.
Kind regards,
Jan Nejman
Caligare, Co.
06-05-2008 03:12 AM
MLS is already enabled, because only the first packet is routed through the MSFC, the remaining packets are switched on the Supervisor.
on switch:
#mls
set mls flow full
set mls nde enable
MLS commands supported on MSFC:
A_Root(config)#mls ?
ip ip keyword
rp rp
A_Root(config)#mls ip ?
acl Enable ACLs particular features
multicast multicast keyword
A_Root(config)#mls rp ?
ip Enable IP shortcuts
ipx Enable IPX shortcuts
nde-address nde-address
A_Root(config)#mls rp ip ?
input-acl Enable IP input access list
route-map Enable IP route map
A_Root(config)#mls rp nde-address ?
A.B.C.D IP address
06-05-2008 03:36 AM
Hello,
ohh, you are using CatOs on the switch and IOS on the MSFC.
The first packet goes to the MSFC where is "routed", the switch learn it and other packets go directly via switching part (on the supervisor). So I think that it is correct, if you see only one packet per flow. Did you configure correctly netflow export on the supervisor? See our webpages: http://netflow.caligare.com (section configuration).
Could you send me configuration of your CatOS?
Your MSFC configuration is OK.
Kind regards,
Jan
06-05-2008 04:08 AM
On MSFC:
interface Vlan15
ip address x.x.x.x
ip route-cache flow
ip flow-export source Vlan15
ip flow-export version 5
ip flow-export destination 10.248.6.70 9994
On Catalyst:
#mls
set mls flow full
set mls agingtime 128
set mls nde enable
### I suppose this version of IOS does not allow to enable Netflow on the MSFC.
06-05-2008 04:16 AM
I think, that your msfc configuration is really OK. But you haven't specified an export destination from your switching part.
switch> (enable) set mls nde 10.248.6.70 9994
switch> (enable) set mls nde version 7
switch> (enable) set mls agingtime long 128
switch> (enable) set mls agingtime 16
If you are using CatOS on the supervisor, and IOS on the MSFC, it is neccessary to configure netflow export destinations for both parts!
In the MSFC you will see only the first packet and on the supervisor (CatOS) the rest of communication (99% flows). I recommend to use the same IP address and port number for both parts (if your analyzer supports it).
Jan
06-05-2008 04:43 AM
When I do configure netflow export destinations for both parts, it works., the problem is that all traffic is exported, not only traffic from Vlan 15., but it's OK, thank you very much for the support.
06-05-2008 04:52 AM
Welcome.
On the supervisor there is not any mechanism, how to specify from which VLANs or ports do you want to collect a netflow. If you want to see a separate traffic flow, it is neccessary to use some filtering method on the analyzer side. I'm coding Caligare Flow Inspector software, and there are two ways how to filter flow a) you can drop unwanted flows when you receive it or b) when you specify query it is possible to set filtering conditions based on (IP addresses, interfaces, ports, ...), but in the database there are all flows.
Kind regards,
Jan
PS.: One interesting command is: set mls bridged-flow-statistics enable ... (it will account intra-vlan flows, e.g. flows that goes from vlan 15 to vlan 15), but it generates many many flows....
06-05-2008 05:04 AM
ok, I will use filtering conditions(set mls nde flow include source...).
thanks again.
07-18-2012 08:57 AM
Hi there guys. Can anyone please tell me where i can go to get help on a problem i have with a 2801 router and using ip flow-export? I entered the following commands into my router and then the router dropped all outgoing TCP traffic. I disabled all the commands and my path out reopened.
snmp-server ifindex persist
ip flow-export destination 172.16.10.64 9996
ip flow-export source FastEthernet 0/1
ip flow-export version 5
ip flow-cache timeout active 1
int fa0/0
no ip route-cache flow
ip flow egress
int fa0/1
no ip route-cache flow
ip flow egress
once this is entered then all TCP traffic heading outside is blocked...
Thanks for any help..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide