I am new to NNA/collecting NetFlow data and trying to configure a Catalyst 6500 switch to export NetFlow stats to NNA.
Below is a list of the commands I believe will need to be configured...
ENABLING NETFLOW
Global Commands:
#mls netflow
#mls flow ip interface-full
#ip flow ingress layer2-switched vlan 188
Sub-Interface Commands (configured on the associated interface VLAN as well):
#ip route-cache flow <---didn't run this command
CONFIGURING NDE
Global Commands:
#mls nde sender
#ip flow-export source loopback 0 <---do you have to use a loopoback interface?
#ip flow-export destination 10.224.214.1 9900
#ip flow export layer2-switched vlan 188
NetFlow stats from Catalyst 6500
Re: NetFlow stats from Catalyst 6500
Cisco has some fantastic documentation located here: http://www.cisco.com/c/en/us/support/do ... t6500.html
I suggest reading over that document if you have not already.
Best,
Jesse
I suggest reading over that document if you have not already.
In the Cisco documentation they have defined a VLAN Interface as well, so it does not have to be loopback:do you have to use a loopback interface?
Code: Select all
ip flow-export source vlan 1Jesse
Re: NetFlow stats from Catalyst 6500
Thanks for the doc, I am now receiving NetFlow data from the switch.
Do I have to configure a different/unique port listening port for each device?
Do I have to configure a different/unique port listening port for each device?
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: NetFlow stats from Catalyst 6500
No...
You can, but it's absolutely not necessary.
You can, but it's absolutely not necessary.
Re: NetFlow stats from Catalyst 6500
That's great, I was hoping I could use just one source port for all devices when sending to NNA.
I am a little confused as to why it says "must be unique" under listening port when I add a new device within NNA. And the post with the title "Issue with adding different source" makes it sound like they need to be unique.
I'm just trying to clarify.
Thank you for your help.
I am a little confused as to why it says "must be unique" under listening port when I add a new device within NNA. And the post with the title "Issue with adding different source" makes it sound like they need to be unique.
I'm just trying to clarify.
Thank you for your help.
-
jdalrymple
- Skynet Drone
- Posts: 2620
- Joined: Wed Feb 11, 2015 1:56 pm
Re: NetFlow stats from Catalyst 6500
I had a discussion with the developers about the wording on that page. It's awkward - but it's true.
One thing to take away - there is some value added to having your sources defined individually, the canned dashboards and such offer some nice views of those sources. You can achieve most of the same information through customization, but you do forfeit the simplicity if you aggregate all your sources.
That said - OK to lock and mark solved?
The port must be unique in the context of the server's listening ports. For each source a process is spun up and bound to that UDP port.Must be unique. Port that the flow data is received on for this source. Multiple switches, routers, and servers can send to one port.
One thing to take away - there is some value added to having your sources defined individually, the canned dashboards and such offer some nice views of those sources. You can achieve most of the same information through customization, but you do forfeit the simplicity if you aggregate all your sources.
That said - OK to lock and mark solved?
You do not have the required permissions to view the files attached to this post.
Re: NetFlow stats from Catalyst 6500
Yeah feel free to close, thanks for clarifying.