beautypg.com

Enabling netflow export on a 4000 series switch, Enabling nde on a native ios device, Extra commands – Fluke Computer Accessories User Manual

Page 80: Input filters, User’s guide – version 3.5 netflow tracker 80

background image

User’s Guide – version 3.5

NetFlow Tracker

80

Enabling NetFlow Export on a 4000 Series Switch

The 4000 and 4500 series switches require a Supervisor IV with a NetFlow Services
daughter card (WS-F4531), or a Supervisor V, and IOS version 12.1(19)EW or above

to support NetFlow. First configure the device as for an IOS device above, omitting the
command

ip route-cache flow

on each interface, and then issue the following:

ip

route

-cache

flow

infer-fields

This ensures routing information is included in the flows.

Enabling NDE on a Native IOS Device

The following commands are required in addition to the commands required to

configure an

IOS

device above to get NetFlow information on route-switched traffic from

a Catalyst 6000 or above; they are not required for a Catalyst 4000 series.

mls netflow

This enables NetFlow on the supervisor.

mls nde sender version 5

or

mls nde sender version 7

This sets the export version. Due to several IOS bugs, the export version you
must use on the supervisor is dependent on your hardware configuration and

IOS version:

Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E,

12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5. Note
that this configuration will cause the

Performance Counters

to report

missed flows that are not actually missed; this is the result of an IOS bug
fixed in the SXF strains.

Distributed Forwarding Cards and older than 12.1(13)E03, 12.1(18.1)E,
12.2(13.6)S, 12.2(15.1)S or 12.2(17a)SX: this configuration will cause

serious problems, so please contact Fluke Networks if your device matches
this description.

No Distributed Forwarding Cards and 12.0(24)S, 12.2(18)S, 12.3(1) or
above: use version 5 and configure the MSFC to export version 9 as

described above.

No Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E,

12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5.

Anything else: use version 7. Note that version 7 may not include AS or

subnet mask information.

mls aging long 64

This breaks up long-lived flows into (roughly) one-minute segments.

mls aging normal 32

This ensures that flows that have finished are exported in a timely manner.