I just replied to this issue for Luca Deri. I'll repeat it here for you.
It depends on if you're using a sup1a w/ MSFC then you configure ip route-cache flow
on each vlan you want flows exporting from. Then in the global router config setup
the export ip, version, etc.
If you have a sup2 with MSFC2 then it's ankle-grabbing time. Cisco changed NetFlow on
the MSFC2 to support only version 7. This means that dest IP, port, protocol, AS, and
some other cool fields are always set to zero. Now both the router and the switch
will be exporting to your collector where the router does a flow for the first packet
and the switch does a lobotomized flow for the remainder of the data.
The commands you're looking for are:
SUP config
-----------
set mls agingtime 256 (or whatever values)
set mls agingtime fast 10 5 (or whatever values)
set mls flow full
set mls nde 172.17.246.225 9996
set mls nde version 7 (version 7 not 5)
set mls nde enable
MSFC config
-----------
interface vlanx
ip route-cache flow
ip flow-export destination 172.17.246.225 9996
ip flow-export version 5
ip flow-export source vlan 1
Here is a URL that may help.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sft_6_1/configgd/nde.htm#xtocid220905
If you end up opening a Cisco TAC case on this, we had case #B464927 on this issue.
Referencing it may help you out. The case was about an sup1a/MSFC working great and a
sup2/MSFC2 working like poop.
Let me know if you have any other questions.
Thanks,
- Jeffrey
Vladimir Kotal wrote:
> Hello,
>
> I'm trying to setup netflow on 'Cat6k-MSFC2 (R7000)' with MSFC2 cards.
> IOS ver is Version 12.1(3r)E2.
> Relevant configuration entries are:
>
> ip flow-cache entries 65536
> ip flow-cache timeout active 1
> ip flow-export source Vlan155
> ip flow-export version 5 peer-as
> ip flow-export destination a.b.c.d 9995
>
> and 'ip route-cache flow' on several interfaces. The box is running ~50M
> ATM line and various FEth based Vlan interfaces.
>
> The problem is that I no longer get the number of netflow packets I used
> to get when running the same lines on c75xx machine. The netlflow packet
> rate on 75xx with 12.1.x was usually hundreds packets per second, now it
> is hardly tens. I suspect it is caused by layer 3 switching.
> Could someone acknowledge my suspicion ?
>
> some useful links (which gave me no answer on this):
>
> http://www.cisco.com/univercd/cc/td/doc/product/lan/index.htm
> http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/msfc2_ds.htm
>
> please reply to my personal mail addr as well.
>
> Regards
>
> V. Kotal
> --
> cflowd mailing list
> cflowd@caida.org
-- Yahoo! BGP/Peering Engineer email: jeffrey@papen.com beep: page-jeffrey@papen.com work: 408-349-3897 fax: 408-349-5307 cell: 650-580-2684 page: 877-701-1126 Yahoo Messenger ID: jpapen-- cflowd mailing list cflowd@caida.org
This archive was generated by hypermail 2b29 : Fri Jul 20 2001 - 00:37:19 PDT