Fluke Computer Accessories manual Enabling NetFlow Export on a 4000 Series Switch, mls netflow

Enabling NetFlow Export on a 4000 Series Switch

The 4000 and 4500 series switches require a Supervisor IV with a NetFlow Services daughter card (WS-F4531), or a Supervisor V, and IOS version 12.1(19)EW or above to support NetFlow. First configure the device as for an IOS device above, omitting the command ip route-cache flow on each interface, and then issue the following:

ip route-cache flow infer-fields

This ensures routing information is included in the flows.

Enabling NDE on a Native IOS Device

The following commands are required in addition to the commands required to configure an IOS device above to get NetFlow information on route-switched traffic from a Catalyst 6000 or above; they are not required for a Catalyst 4000 series.

mls netflow

This enables NetFlow on the supervisor.

mls nde sender version 5

or

mls nde sender version 7

This sets the export version. Due to several IOS bugs, the export version you must use on the supervisor is dependent on your hardware configuration and IOS version:

•Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E, 12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5. Note that this configuration will cause the Performance Counters to report missed flows that are not actually missed; this is the result of an IOS bug fixed in the SXF strains.

•Distributed Forwarding Cards and older than 12.1(13)E03, 12.1(18.1)E, 12.2(13.6)S, 12.2(15.1)S or 12.2(17a)SX: this configuration will cause serious problems, so please contact Fluke Networks if your device matches this description.

•No Distributed Forwarding Cards and 12.0(24)S, 12.2(18)S, 12.3(1) or above: use version 5 and configure the MSFC to export version 9 as described above.

•No Distributed Forwarding Cards and 12.1(13)E03, 12.1(18.1)E, 12.2(13.6)S, 12.2(15.1)S, 12.2(17a)SX or above: use version 5.

•Anything else: use version 7. Note that version 7 may not include AS or subnet mask information.

mls aging long 64

This breaks up long-lived flows into (roughly) one-minute segments.

mls aging normal 32

This ensures that flows that have finished are exported in a timely manner.

80