Hi all
I have a catalyst 6509, one port is on one VLAN through which all WAN
traffic passes to/from about 15 WAN other. Note: There is another router
between the catalyst and the WAN sites but only sees encrypted traffic, so
can be used).
I want to turn on netflow accounting but I dont want to see flows related
to the local LAN of the 6909, which would be the majority of the traffic.
I know I need to run something like:
set mls flow full
set mls nde version 7
set mls nde 10.0.0.1 9800
set mls nde enable
and I see
http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_command_reference_chapter09186a008007f2ab.html
says I can put a filter on the source address. This will work for me if I
can put multiple source filters that act like an OR on. something like:
set mls nde flow destination 0.0.0.0/0 source 10.30.0.0/16
set mls nde flow destination 0.0.0.0/0 source 10.126.0.0/16
Will this act like an OR for the two filters? Anybody doing this? Would I
be better filtering this at the collector via flow-nfilter?
Secondly, what is the equivalent to these IOS commands:
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
Thanks in advance.
BB
_______________________________________________
Flow-tools mailing list
[EMAIL PROTECTED]
http://mailman.splintered.net/mailman/listinfo/flow-tools
