Page 1 of 1
NetFlow stats from Catalyst 6500
Posted: Tue Mar 31, 2015 2:48 pm
by msuhr1980
I am new to NNA/collecting NetFlow data and trying to configure a Catalyst 6500 switch to export NetFlow stats to NNA.
Below is a list of the commands I believe will need to be configured...
ENABLING NETFLOW
Global Commands:
#mls netflow
#mls flow ip interface-full
#ip flow ingress layer2-switched vlan 188
Sub-Interface Commands (configured on the associated interface VLAN as well):
#ip route-cache flow <---didn't run this command
CONFIGURING NDE
Global Commands:
#mls nde sender
#ip flow-export source loopback 0 <---do you have to use a loopoback interface?
#ip flow-export destination 10.224.214.1 9900
#ip flow export layer2-switched vlan 188
Re: NetFlow stats from Catalyst 6500
Posted: Tue Mar 31, 2015 2:53 pm
by jolson
Cisco has some fantastic documentation located here:
http://www.cisco.com/c/en/us/support/do ... t6500.html
I suggest reading over that document if you have not already.
do you have to use a loopback interface?
In the Cisco documentation they have defined a VLAN Interface as well, so it does not have to be loopback:
Best,
Jesse
Re: NetFlow stats from Catalyst 6500
Posted: Tue Apr 07, 2015 3:55 pm
by msuhr1980
Thanks for the doc, I am now receiving NetFlow data from the switch.
Do I have to configure a different/unique port listening port for each device?
Re: NetFlow stats from Catalyst 6500
Posted: Tue Apr 07, 2015 3:58 pm
by jdalrymple
No...
You can, but it's absolutely not necessary.
Re: NetFlow stats from Catalyst 6500
Posted: Tue Apr 07, 2015 5:44 pm
by msuhr1980
That's great, I was hoping I could use just one source port for all devices when sending to NNA.
I am a little confused as to why it says "must be unique" under listening port when I add a new device within NNA. And the post with the title "Issue with adding different source" makes it sound like they need to be unique.
I'm just trying to clarify.
Thank you for your help.
Re: NetFlow stats from Catalyst 6500
Posted: Wed Apr 08, 2015 9:43 am
by jdalrymple
I had a discussion with the developers about the wording on that page. It's awkward - but it's true.
Must be unique. Port that the flow data is received on for this source. Multiple switches, routers, and servers can send to one port.
The port must be unique in the context of the server's listening ports. For each source a process is spun up and bound to that UDP port.
One thing to take away - there is some value added to having your sources defined individually, the canned dashboards and such offer some nice views of those sources. You can achieve most of the same information through customization, but you do forfeit the simplicity if you aggregate all your sources.
That said - OK to lock and mark solved?
Re: NetFlow stats from Catalyst 6500
Posted: Wed Apr 08, 2015 1:47 pm
by msuhr1980
Yeah feel free to close, thanks for clarifying.