I need to double check, but I think netflow only "sees" packets sent on an interface, or maybe received? Either way, if you enable netflow on a single interface you'll only get half the flows. So, enable it on all interfaces traffic streams transit. In my example below, I have and ethernet IF on the DMZ and a HSSI connected to an DS3 - so I have it enabled on both interfaces. There used to be a quick little doc on the ntop home page about setting up netflow, but I don't see it anymore...
Gary >>> [EMAIL PROTECTED] 10/23/2006 1:58 PM >>> Gary, In your example, are you monitoring multiple links on your router as seen below "interface h1" and "interface f2" ? I'm just trying to make sure I don't need it enabled on both the serial interfaces as well as the gigabit interface.. In my case I'm thinking of just enabling it on the gigabit interface. Thanks, Brian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Gatten Sent: Tuesday, October 17, 2006 1:01 PM To: [EMAIL PROTECTED]; [email protected] Subject: Re: [Ntop] cisco flow export Don't know about loopback interfaces with netflow.... doesn't make sense. IMO loopback interfaces are overused / misused - but that's another topic. My sanitized config: Router1#show run | inc flow Global config: ip flow-cache timeout inactive 10 ip flow-cache timeout active 1 ip flow-export version 5 ip flow-export destination 1.2.3.4 2055 interface h1 ip route-cache flow interface f2 ip route-cache flow I THINK you also need CEF enabled, but don't recall. We do by default, so you'll want to check this out. CEF is required for NBAR which we use but can't remember about netflow... May not want to enable CEF during high loads on a production system Gary _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop =========================================================================== "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
