MLS has no commands to enable version 9. CISCO states that you do not use MLS for version 9. Does that mean I cannot get hardware switches flows for version 9? Maybe I should use version 5 which is supported in MLS.
Jeff Fitzwater OIT Network Systems Princeton University Andrew Mabe wrote: > You need to turn on mls nde > > You are not getting anything that is routed in hardware until you turn > on MLS netflow. > > Also, poll these, because it's possible to have too much traffic to > get accurate netflow in a 6500. > > Active flows > .1.3.6.1.4.1.9.9.97.1.4.1.1.5 > > Flow Learn Failures > .1.3.6.1.4.1.9.9.97.1.4.1.1.6 > > Total Packets being L3 switched by box > .1.3.6.1.4.1.9.9.97.1.4.1.1.1 > > > > On Jun 6, 2007, at 10:24 AM, Jeff Fitzwater wrote: > >> New to list... >> >> Could anyone on this list help with the correct config for NETFLOW >> EXPORT for version 9 on a CISCO 6500 with SUP-720-3B running >> 12.2.18-SXF. >> >> We are trying to export the flows to a "QRadar" device but the date >> we are seeing does not come close to what we see with our MRTG data. I >> understand that flows are not every packet but the flow data does >> contain the count and QRadar can show the flows in bits per second and >> packets per second. It appears that only routed (RP) flows are pushed >> out, and according to the doc you don't need the MLS configs (SP/PFC) >> for version 9. We also do not have bridged flows. All data is routed >> except for some monitoring ports. >> I could use version 5 but 9 has TCP connection info. >> >> >> I have already discussed this with CISCO, but they never give me the >> same answer twice. The doc is extremely confusing when it comes to the >> 7203B running 12.2.18SXF version 5 or 9. >> >> Maybe it's working correct and I just don't know it. >> ---------------------------- >> >> This is what I have setup.... >> >> >> ip flow-cache timeout inactive 10 >> ip flow-cache timeout active 5 >> >> Not sure about if the following is needed >> ip flow ingress layer2-switched vlan 268,524-525,3553,4000-4001 >> >> >> On all vlan interfaces I have the following... >> ip route-cache flow >> >> >> >> ip flow-export source Loopback2 >> ip flow-export version 9 >> ip flow-export template options export-stats >> ip flow-export template options timeout-rate 1 >> ip flow-export template timeout-rate 1 >> ip flow-export destination "host IP" 2055 >> ip flow-aggregation cache protocol-port >> export version 9 >> export template timeout-rate 1 >> export destination "host IP" 2055 >> enabled >> >> ------------------------------------------ >> >> >> Thanks for any help. >> >> >> Jeff Fitzwater >> OIT Network Systems >> Princeton University >> >> >> _______________________________________________ >> cisco-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
