[Flow-tools] Setting up NetFlow on 6509
David Mitchell
mitchell at ucar.edu
Mon Mar 8 12:54:39 EST 2010
Travis,
when you add the second VLAN to monitor, do you add an additional source
command?
> ip flow-export source vlan10
You only need this command once. You also don't need it to be a
loopback. If you have a loopback, then it's a good choice to use. But
you don't need to create one just for this. All this command does is
tell IOS what source address to use in outgoing netflow data packets.
You could probably get away with not specify it at all, but then there
is a chance that unrelated configuration changes would affect your
netflow exports.
-David Mitchell
Travis Formoso wrote:
> Greg,
>
> We are not running IOS-XR, however this is almost the same and I can set
> this up.
>
> With the loopback0 interface setup what are the commands I need to run,
> so that I am monitoring this device correctly with netflow? Would it be:
>
> ip flow-export source loopback0
> ip flow-export version 5
> ip flow-export destination 172.20.200.50
>
> Now I configure netflow for switched traffic:
> mls nde sender version 5
> mls flow ip interface-full
> mls nde interface
>
> On the interface (loopback0): (Not sure if this is needed for the
> loopback interface?)
> ip route-cache flow
>
> Thanks for the help.
>
> ________________________________
>
> From: Volk,Gregory B [mailto:greg.volk at edwardjones.com]
> Sent: Monday, March 08, 2010 11:50 AM
> To: Travis Formoso; flow-tools at list.splintered.net
> Subject: RE: [Flow-tools] Setting up NetFlow on 6509
>
>
>> What should the loopback interface look like?
>>
>
> Here's what one of mine looks like, but it requires some config
> integration with OSPF, assuming you're running OSPF.
>
>
> router#sho run int lo0
> Building configuration...
>
> Current configuration : 128 bytes
> !
> interface Loopback0
> description *** MANAGEMENT & OSPF ID ***
> ip address 10.130.25.1 255.255.255.255
> ip pim sparse-mode
> end
>
> router#
>
>
> This doc from cisco...
> http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.0/interfaces/configur
> ation/guide/hc3loop.html ...may help, but it's for IOS-XR.
>
>
>
>
>
>
> ________________________________
>
> From: Travis Formoso [mailto:tformoso at Syracuse.com]
> Sent: Monday, March 08, 2010 10:30 AM
> To: Volk,Gregory B; flow-tools at list.splintered.net
> Subject: RE: [Flow-tools] Setting up NetFlow on 6509
>
>
> Hey Greg,
>
> On the 6509 there is currently no loopback interface so I will
> need to set this up.
>
> What should the loopback interface look like?
>
> Also once I set it to this loopback I will not need to export to
> the VLAN's as this would monitor all the ports?
>
> Thanks
>
> ________________________________
>
> From: Volk,Gregory B [mailto:greg.volk at edwardjones.com]
> Sent: Monday, March 08, 2010 11:19 AM
> To: Travis Formoso; flow-tools at list.splintered.net
> Subject: RE: [Flow-tools] Setting up NetFlow on 6509
>
>
> Have you tried setting the source to a non-vlan (physical or
> loopback) interface like:
>
> ip flow-export source Loopback0
>
> I don't know if that will fix your issue, but I always source my
> netflow data from a loopback interface that is dedicated for management
> traffic.
>
>
>
>
>
> If you are not the intended recipient of this message
> (including attachments), or if you have received this message in error,
> immediately notify us and delete it and any attachments. If you no
> longer wish to receive e-mail from Edward Jones, please send this
> request to messages at edwardjones.com. You must include the e-mail
> address that you wish not to receive e-mail communications. For
> important additional information related to this e-mail, visit
> www.edwardjones.com/US_email_disclosure
> <http://www.edwardjones.com/US_email_disclosure>
>
>
>
>
>
>
>
>
>
> ________________________________
>
> From: flow-tools-bounces at list.splintered.net
> [mailto:flow-tools-bounces at list.splintered.net] On Behalf Of Travis
> Formoso
> Sent: Monday, March 08, 2010 9:47 AM
> To: flow-tools at list.splintered.net
> Subject: [Flow-tools] Setting up NetFlow on 6509
>
>
> Hello all,
>
> I am trying to setup a NetFlow product on our 6509. We
> have a number of different VLAN's across our network and I think I would
> want to monitor those VLAN's and that should capture the traffic on the
> 6509 (correct me if I am wrong.) The way the product is licensed is by
> source (a source is a router or switch.) When I try to setup netflow
> each VLAN comes in as a different source and I would like it if I can
> use the 6509 as just once source. Here are the commands I am using to
> set this up.
>
> in configuration mode:
>
> ip flow-export source vlan10
> ip flow-export version 5
> ip flow-export destination 172.20.200.50
>
> Now I configure netflow for switched traffic:
> mls nde sender version 5
> mls flow ip interface-full
> mls nde interface
>
> On the interface (vlan 10):
> ip route-cache flow
>
> After doing that I see that incoming traffic is being
> monitored by NetFlow, however as said that interface (VLAN) is coming in
> as a source, so if I configure another VLAN I now have 2 sources, but I
> would like to set this up so the 6509 is just one source, monitoring all
> the VLAN's.
>
> I wanted to know if these commands are correct, if I
> should be monitoring the VLAN's and if anyone knows how to set this up
> as explained above with the 6509 as one source.
>
> Thank you,
>
> Travis
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Flow-tools mailing list
> flow-tools at splintered.net
> http://mailman.splintered.net/mailman/listinfo/flow-tools
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Flow-tools
mailing list