Cisco :: Configure Netflow Catalyst 6500 With SUP720-10GE
Jun 5, 2012
I tried to configure netflow without success.
Setup is the following.
Cisco Catalyst 6509 with Sup720-10GE IOS 12.2(33)SHX7. There are around 30 L3 vlans configured on the switch. I'm only interested for the traffic on one L3 vlan which is the connection to wan cloud.
I wanna see only the traffic that goes to and come from the wan. On other Catalyst where I have routed interfaces i successfully configured netflow. I read a lot in the forums and documentations but i didn't find the right one.
I'm trying to configure a egress netflow in a 6500 (VSS) with VS-S720-10G supervisor. I foud some old posts and understood that netflow wasn't supported on 6500 but i found a new document and it seems that netflow is supported in Supervisor Engine 2T:[URL] Does the netflow still not supported in VS-S720-10G? It's weird because the command is supported:
#sh run int vlan 4 Building configuration... Current configuration : 353 bytes ! interface Vlan4 ip address X.X.X.X 255.255.0.0
Is it possible to have one netflow export profile (may not be the right word...) to send all the flow information to one collector and another profile to only send traffic to and from centain IP addresses to another collector? If it is possible on the hardware and software, any quick sample config?
#sh ver Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH4,
#sho module 7 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 7 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1115LJBR
Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 7 0017.9444.9814 to 0017.9444.9817 5.3 8.4(2) 12.2(33)SXH4 Ok
Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 7 Policy Feature Card 3 WS-F6K-PFC3B SAL1115L2NH 2.3 Ok 7 MSFC3 Daughterboard WS-SUP720 SAL1115LH7W 2.6 Ok
Mod Online Diag Status ---- ------------------- 7 Pass
I am in front of a choice what to select to deploy 10Ge in my datacenter to get four 6504e and two 3750x units connected to each other.All devices are located in 3-7 meters away from each other.The choice is whether to go for a multimode fiber and 10GBASE-SR X2 Modules OR cat7 UTP and 10GBASE-T X2 pluggable transceiver.Money wise it doesn't matter.Fiber looks less attractive since it's fragile and a bit harder to put in underfloor area.Cat7 is more attractive but there are 2 points:
1) I couldn't find ANY single photo of a 10GBASE-T (a module with a single RJ45 port). How does it look? Does it come with a cable or...??
Cisco 6500 Sup720-3B SPA IOS SXI - GRE tunnel will not come up.It worked fine on SXF code, but the crypto map can not be applied on tunnel interface.The iskmp is up with the OM_IDLE The crypto give it a Cryto UP, the the Tunnel does not come up. It is UP down.Does some one have a working config with a 6500 IOS SXI Train with GRE IPSEC Tunnel?
What does RP drops entail? We are experiencing 0.23 % drops on an vlan int on one of our 6500. This interface is an L3 to a server-subnet. Doing a sh int vlan 238 switching shows 30935411 RP (Route Processing) drops.It was a bit unclear to me in the thread "Input queue drops on 6500 vlan interface" if RP drops was through the router, or to the router(mgmnt)?I can do a netdr to see what traffic goes to it. It should not generate CPU load, but I think I will wait until after hours before I try that command.
- do NETDR: -- debug netdr cap rx vlan 238 -- show netdr cap
I have problem with the standby supervisor in 6500 vss and need to replace the supervisor. I have follow how-to on the cisco web site url...
But when i boot the new standby sup720 it comes active and both supervisors is rebooting. I wonder if i can do the replacement without rebooting both active and standy supervisor.
I want to choose a pair of switches for our data center.What I need: 48 x 1GE access ports, 2 x 10GE uplink ports.Nice feature of 3750-X is stacking. So what features has 4948-10GE? Why I should prefer that switch?
I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
I will be installing a secondary SUP720 in a 6509-E and will be upgrading the IOS on the existing SUP which is on 122-18.SXF6. I've read that this release has passed End of Critical Maintenance earlier this you. I thinking of upgrading the IOS to 12.2.33-SXJ1(ED) or 12.2.33-SXI8(ED) (possible more stable), but i'm not sure if i need any step upgrades from the current version. The SUP meets the required hardware specs and I will also be upgrading the ROMMON to 12.2(17r)SX7 first.
I have alot of experience upgrading IOS on routers and switches, but i just need to now if there are any gotchas that i need to know for the upgrade on the SUP.
The other issue is i don't believe the current IOS has been installed, are there any issue running on an IOS not installed. Patching is not available since the system is not running from an installed image. To install please use the "install file" command.
if it is possible to recover a Cat 6500 that has no code on bootflash from ROMMON, and is it mandatory to have a compact flash card to do the recovery ? or can one use xmodem or TFTP ?
I have a situation where a customer doesn't have the required power units installed in their 6500 for me to provision a WiSM2.They use a VSS pair with a single Sup720 in each. They have no intention of adding a second Sup to each chassis.
I need to justify why they can't use slot 6 (which has power reserved) if I am to get them to upgrade the PSU's. The documentation I've found says it is supported but not recommended.
we have Supervisor Engine 720 10GE (VS-S720-10G) in slot 5 on Catalyst 6509-E. Slot 6 is free. We need to replace VS-S720-10G. Is it possible the following scenario
1. we will insert new VS-S720-10G into the slot 6 2. then we will remove the faulty VS-S720-10G from the slot 5
Will everything work without interuptions. Is any document where I can find step-by-step procedure how to replace VS-S720-10G ?
We recently purchased 2 Cisco 6500 series switches (with Sup 2T). These switches will be replacing our old 2 6500 series switches (with Sup 720).
We have 70 vlans and 90+ closet switches (2900) connecting the core switches We have 2 WLC connected to the core switch. We also have a 1 x 1 connection to a VSS switch which in turn connects to our Server Co-Location data center utilizing IPSec & GRE tunnel to connect to our Server Co-Location data center.
Our routing protocol is EIGRP. Our VTP domain at Server Co-Location is separate from our location “A” campus. I was wondering what is the best way to migrate our Core switches at location “A” campus.
The requirement is we would like to replace these switches with minimum downtime.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
we have multiple Video production networks, with Video servers (AVID Unity ISIS) connected by 10GE fiber links to 4948-10GE switches. On almost every of these switches, I see more or less "Sequence-Err" interface errors. We do not currently have a known problem because this, and no other errors are seen. But I would like to understand the error, and therefore I would like to find out, what a sequence error means, what the cause is, and what the impact (to a frame) is?
By the way, it is well-known that the ISIS Video server does generate very excessive UDP data bursts. Maybe this matters? On Cisco doc I did not find an answer. The document "Troubleshooting Switch Port and Interface Problems" does unfortunately not refer to "sequence-err".
Here is an example output: WS-C4948-10GE#sh int t1/49 TenGigabitEthernet1/49 is up, line protocol is up (connected) [code].....
I have 2x v10000 Websense Security Gateways that are connected to 2x 6500 SUP720. When I turn on cluster management function between Websense appliance, they speak to each other only if they are connected in the same 6500. When they are connected one in every 6500 cluster management does not work. They are connected on the same physical vlan. Do I need multicast to be configured in the 6500 switches?
I see these errors on my 6500 router which acts as my server farm and has hundreds of servers connecting to it. I have just taken over these routers from another guy and think the errors may have been there for quiet awhile. I have another router which doen't seem to have these errors. Can you tell me how to turn off netflow? Will it cause any problems to my server farm? Is there a risk to the router if I disable something?
I ask this cause the server guys are having problems with certain servers. I am not sure if they are because of this or not. I really would like to clear the logs. [code]
We are attempting to configure Netflow and export to a colloector. We have the following configuration applied to the device, we can ping from within the vrf to the destination of the flow collector
ip flow-cache timeout active 1 ip flow ingress layer2-switched vlan 1,800-801,803,821-823,861-862,871,900,998,1100-1107,1121,1200,1221,1301-1302,1321-1322 mls netflow interface mls flow ip interface-full ip flow-export version 5(code)
however we do not receive the flows on the collector. We can see the flow for both hardware and software but cannot see them at the collowctor.
Configured 6500 and 4500 to send netflow to a stealthwatch NADS.When visited by the stealthwatch engineer found that because i didnt have NDE configaured.i wasnt actually exporting any but the initial data in the flow.Now if i have got this right the command for this is - mls nde sender version 5
This is confirmed by looking at the following out put -show mls nde.Neither of these command work on my 4500 switch -does this mean that its not outputting all the data or do i not need to configure NDE or do i need another command ?
I am using a Thrid party NetFlow tool, Enabled NetFlow on the Cisco 6500 as per recommendations and getting only half amout of traffic passing thorugh the interfaces. I have verified with 3 different NetFlow based tools, everything showing the same value. Is there any bug in my Cisco 6500.
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export Flow export v5 is enabled for main cache Export source and destination details : VRF ID : Default Source(1) xxx.xxx.83.253 (Unknown)
We've just invested in a pair of Sup2Ts to upgrade a Sup720 6509 chassis but I'm unsure exactly how the management port(s), aka the Connectivity Management Processor (CMP), should be configured (and patched) in a dual supervisor system?Is each CMP an independent entity or is the management interface configuration (IP address, gateway, etc) replicated between supervisors?If it's the latter then do both management ports need to be physically connected at the same time?
I'm working for KOREA TELECOM, and currently providing MPLS VPN.We're planning to provide our customer with traffic report using NetFlow..
I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
I have an interface e0/4 that is 172.1.1.1 on router one (network one) which links to another router (onnetwork two) which has an interface of e0/4 172.1.1.2 which allows two networks to communicate. Network one is 192.168.0.0 /24 and network two is 10.255.255.0 /24.
How do i configure netflow to monitor the traffic going through these interfaces?
I am trying to configure the NetFlow Top Talkers function on an ASR1002 with ADVENTERPRISEK9-M, Version 15.2(4)S. With this new Hardware and Software I am surprised to see that the command:
