Skip to content
View in the app

A better way to browse. Learn more.
Gear Crushers

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Cisco Netflow Notes (Sup720)

wildweaselmi
in Cisco

Featured Replies

The SUP720 is a very poor netflow platform.



There has been extensive discussion about this problem in cisco-nsp over the past several years. Basically, there is too little netflow tcam on this card to deal with anything more than a couple of gigs of traffic. You can help things by setting the aging timer to be very aggressive, and by getting DFCs (although these are a rather expensive option). Sampling won't generally help, as the sampling is done in software, after the data has been collected.



What I will do is pass along some OID's to poll that will show you the


TCAM table utilization and how many flow "misses" you are experiencing


because the SUP720 is horribly undersized.



Active flows


.1.3.6.1.4.1.9.9.97.1.4.1.1.5



Flow Learn Failures


.1.3.6.1.4.1.9.9.97.1.4.1.1.6



Total Packets being L3 switched by box


.1.3.6.1.4.1.9.9.97.1.4.1.1.1



Like I said before about sampling... turn it off. It does nothing for


you and doesn't help the situation. Heck, turn it off and watch the


CPU... I suspect you won't see much of a change at all.


  • Author

An example of how to configure a switch for netflow



Switch(config)#interface Vlan101


 Switch(config-if)#ip address 10.10.101.1 255.255.255.0


 Switch(config-if)#exit



Switch(config)#interface Vlan200


 Switch(config-if)#ip address 10.10.200.1 255.255.255.0


 Switch(config-if)#exit



Switch(config)#interface loopback 0


 Switch(config-if)#ip address 10.10.1.1 255.255.255.255


 Switch(config-if)#exit



Switch(config)#interface Gigabit 1/1


 Switch(config-if)#description WAN Router


 Switch(config-if)#no switchport


 Switch(config-if)#ip address 10.10.200.1 255.255.255.0


 Switch(config-if)#exit



!--- This configuration shows that 


!--- the VLANs are configured with IP addresses.





!


Switch(config)#mls netflow




!--- Enables NetFlow on the PFC.



!


Switch(config)#mls flow ip full




!--- Configures flow mask on the PFC. 


!--- In this example, flow mask is configured as full.



!


Switch(config)#interface Vlan101


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit



Switch(config)#interface Vlan200


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit



Switch(config)#interface Gigabit 1/1


Switch(config-if)#ip route-cache flow


Switch(config-if)#exit






!--- Enables NetFlow on the MSFC.




Switch(config)#ip flow ingress layer2-switched vlan 101,200



!--- Enables NetFlow for Layer 2-switched traffic on the PFC. 


!--- It also enables the NDE for Layer 2-switched traffic on the PFC.[/code]


  • 2 weeks later...
  • Author

Just enabled netflow on a router (2821) running (C2800NM-ADVSECURITYK9-M), Version 12.4(2)XA, RELEASE SOFTWARE (fc3) and this is what was entered.

config t

interface GigabitEthernet0/0

ip route-cache flow

ip flow-export source GigabitEthernet0/0

ip flow-export version 5

ip flow-export destination 10.58.128.39 2185

snmp-server community zahsys RO

end

copy running-config startup-config[/code]

Create an account or sign in to comment
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Account

Navigation

Search

Search

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.