User’s Guide – version 3.5
NetFlow Tracker
80
Enabling NetFlow Export on a 4000 Series Switch
The 4000 and 4500 series switches require a Supervisor IV with a NetFlow Services
daughter card (WS-F4531), or a Supervisor V, and IOS version 12.1(19)EW or above
to support NetFlow. First configure the device as for an IOS device above, omitting the
command
ip route-cache flow
on each interface, and then issue the following:
ip
route
-cache
flow
infer-fields
This ensures routing information is included in the flows.
Enabling NDE on a Native IOS Device
The following commands are required in addition to the commands required to
configure an
IOS
device above to get NetFlow information on route-switched traffic from
a Catalyst 6000 or above; they are not required for a Catalyst 4000 series.
mls netflow
This enables NetFlow on the supervisor.
mls nde sender version 5
or
mls nde sender version 7
This sets the export version. Due to several IOS bugs, the export version you
must use on the supervisor is dependent on your hardware configuration and
IOS version:
•
Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E,
12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5. Note
that this configuration will cause the
Performance Counters
to report
missed flows that are not actually missed; this is the result of an IOS bug
fixed in the SXF strains.
•
Distributed Forwarding Cards and older than 12.1(13)E03, 12.1(18.1)E,
12.2(13.6)S, 12.2(15.1)S or 12.2(17a)SX: this configuration will cause
serious problems, so please contact Fluke Networks if your device matches
this description.
•
No Distributed Forwarding Cards and 12.0(24)S, 12.2(18)S, 12.3(1) or
above: use version 5 and configure the MSFC to export version 9 as
described above.
•
No Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E,
12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5.
•
Anything else: use version 7. Note that version 7 may not include AS or
subnet mask information.
mls aging long 64
This breaks up long-lived flows into (roughly) one-minute segments.
mls aging normal 32
This ensures that flows that have finished are exported in a timely manner.