Are you trying to get hardware and software based NetFlow from your Cisco Catalyst 4506 or Catalyst 6500 series switch? The Introduction to Cisco IOS NetFlow page does a great job explaining how to set this up. Below is a paste from the document:
The Cisco Catalyst 6500 Series Switch has two aspects of NetFlow configuration, configuration of hardware based NetFlow and software NetFlow. Almost all flows on the Cisco Catalyst 6500 Series Switch are hardware switched and the MLS commands are used to characterize NetFlow in hardware. The MSFC (software based NetFlow) will characterize software based flows for packets that are punted up to the MSFC. Figure 8 shows the concept of two paths for NetFlow packets, the hardware and software paths and the configuration for each path.
Normally on Cisco Catalyst 6500 Series Switch both hardware and software based NetFlow is configured.
Figure 6. NetFlow flow characterization on Cisco Catalyst 6500 Series Switch
The hardware switched flows use the MLS commands to configure NetFlow. Remember for hardware based flows, NetFlow is enabled on all interfaces when configured.
- mls aging normal 32 (Set aging of inactive flows to 32 seconds)
- mls flow ip interface-full (Optionally configure a flow mask)
- mls nde sender version 5 (Specify the version for export from the PFC)
- mls nde interface (send interface information with the export, command available by default with Supervisor720/Supervisor 32)
The following is the configurations for NetFlow on the MSFC for software based flows. This configuration is equivalent to what is shown in Appendix A. The user configures NetFlow per interface to activate flow characterization and also configures an export destination for the hardware and software switched flows.
- ip address 126.96.36.199 255.255.255.252
- ip route-cache flow (also ip flow ingress can be used)
- ip flow-export version 5 (The export version is setup for the software flows exported from the MSFC)
- ip flow-export destination 10.1.1.209 9999 (The destination for hardware and software flows is specified).
More Information on the Cisco Catalyst 6500 Series Switch NetFlow Configuration can be viewed at: http://www.cisco.com/en/US/products/ps6601/prod_white_papers_list.html#anchor7
The above is only a paste from the actual page. I found some great ‘show’ commands on it as well.
Ingress Vs. Egress
Are you planning on exporting ingress or egress flows? Do you care? If you are trouble shooting the NetFlow configuration of a Catalyst 6500 or 6000 switch you might. “When both the ip flow ingress and ip flow egress are enabled on the BVI interface, then it leads to receive duplicate packets. Usually the netflow is configured either only in ingress or egress, since netflow works on a per interface basis.” Source.
Our NetFlow Analyzer can be used for this type of network traffic monitoring and handles a mix of ingress or egress just fine. It is one of the few that can!