Catalyst 6509 NetFlow support is essential, especially when the switch is set up as a core network device; this blog should help you get started with NetFlow traffic monitoring on 6500 series switches.
Enabling NetFlow on a 6509 is slightly different from the traditional IOS NetFlow setup. Here you need to keep in mind that NetFlow on the MSFC is collected in software, and on the PFC it is collected in hardware. Beside the familiar IOS NetFlow commands, Cisco 6509 NetFlow also requires enabling NDE in order to export flow statistics to the collector.
Now, how do we configure NetFlow on a 6509 catalyst?
GLOBAL COMMANDS
ip flow-export source <Interface name>
ip flow-export version 9
ip flow-export destination <Collector IP address> <Port>
ip flow ingress layer2-switched vlan A, B, C – F (where A, B, and C through F are the vlans you want to monitor)
ip flow-cache timeout active 1
These next commands will configure NetFlow for the switched traffic:
mls nde sender version 5
mls flow ip interface-full
mls nde interface
mls aging long 64
mls aging normal 64
ENABLE NETFLOW ON INTERFACES
Add the following commands on interfaces you want to monitor.
ip flow ingress
ip flow egress
NB: One frequent mistake I see people make with how NetFlow export is enabled on interfaces is to put both ip flow ingress and ip flow egress while ip flow-export version is set to 5. Netflow v5 does not support egress, having both the Ingress and the Egress command is telling the switch to export the same data twice. As a result, your NetFlow analyzer will overstate traffic.
I recently learned that the 6509 sup 2T supports Flexible NetFlow, please share your experience if you are currently collecting and monitoring FnF on a 6509 sup 2T.
