You do need CEF enabled. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Tuesday, October 17, 2006 1:01 PM To: [EMAIL PROTECTED]; [email protected] Subject: Re: [Ntop] cisco flow export
Don't know about loopback interfaces with netflow.... doesn't make sense. IMO loopback interfaces are overused / misused - but that's another topic. My sanitized config: Router1#show run | inc flow Global config: ip flow-cache timeout inactive 10 ip flow-cache timeout active 1 ip flow-export version 5 ip flow-export destination 1.2.3.4 2055 interface h1 ip route-cache flow interface f2 ip route-cache flow I THINK you also need CEF enabled, but don't recall. We do by default, so you'll want to check this out. CEF is required for NBAR which we use but can't remember about netflow... May not want to enable CEF during high loads on a production system Gary >>> [EMAIL PROTECTED] 10/17/2006 11:49 AM >>> Just thought of something. When configuring the router you have enable flows on an interface. Somewhere, someplace I I saw that it was recommended you do this on the loopback device. Further down the road when you're configuring the router you have to provide a source - I used the interface closest to my ntop connection. i'm thinking they either both need to be the loopback interface or the ethernet interface - you think? Also, how does this part of the configuration change what data you see - if it does? On 10/17/06, Gary Gatten <[EMAIL PROTECTED]> wrote: > tcpdump host (your router ip / netflow source) > or > tcpdump udp 9001 (or whatever netflow is using) > > I'd start with the first and see what is coming from your router. > Maybe it's not sending to 9001? > > You should definitely see traffic from your routers if netflow is > configured correctly there. Post those configs too, but make sure your > route-cache is flow on the interfaces you want netflow info from. > > Gary > _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
