Netflow on Cisco 6500

If you aren’t using Netflow on your internal network, you should be. It is a great way to troubleshoot chatty machines and the general flow of traffic on your network. It is also great to determine your backup windows. A lot of time admins just guess a time to kick off backups, but Netflow will give you a precise window for when to run backups.

In this tutorial I will go over how to set up Netflow on your 6500 switch. In my example I am using software version 12.2.

Enable Netflow

switch(config)#mls netflow

Enable Flows

switch(config)#mls flow ip full

or

switch(config)#mls flow ip interface-full

This enables all flows. If you only want specific flows, you can specify it with that command (example below). If you aren’t sure or don’t care, just use full.

switch(config)#mls flow ip ?
 interface-destination        interface-destination        flow keyword
 interface-destination-source interface-destination-source flow keyword
 interface-full               interface-full               flow keyword
 interface-source             interface-source only        flow keyword

Assign Flow to Layer 2 VLAN’s

switch(config)#ip flow ingress layer2-switched vlan 110-113,172,192

Assign Flow to Layer 3 Interfaces

Lets say you have a couple VLAN interfaces and an IP interface that connects to another switch/router you want to monitor. Here’s how to get flows from those interfaces.

switch(config)#interface Vlan100
switch(config-if)#ip route-cache flow

switch(config)#interface fastEthernet 1/1
switch(config-if)#ip route-cache flow

Configure Flow-exports

Configure the version you want to export. It will depend on the utility that you use to monitor your flows. Usually version 5 is safe, but most new ones support version 7.

switch(config)#mls nde sender version 5

Configure your source interface to send from, in my example VLAN100, and the destination. The destination will be your Netflow application server (10.100.1.50), note the port afterwards, be sure your server is listening on that port.

Switch(config)#ip flow-export source Vlan100

Switch(config)#ip flow-export destination 10.100.1.50 9996

Now, you have your 6500 exporting flows to your destination IP. Now it’s time to set up a Netflow server. I like ManageEngine Netflow monitor, there many others to choose from (Solarwinds, etc.) Just pick one that you are comfortable with and go with it.

Advertisements
Netflow on Cisco 6500

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s