Configuring Scrutinizer to Collect Data
Moderators: scottr, Moderator Team
3 posts
• Page 1 of 1
Configuring Scrutinizer to Collect Data
by Arabs » Mon Dec 26, 2011 8:22 am
I have a technical issue that I need help on, I am not much of an expert so I would like a professional advice. I have recently installed the Scrutinizer NetFlow & sFlow Analyzer, and done all the configuration as per Cisco’s site, but I can only see all the network traffic, how can see a specific physical port?
Let me give you more details to understand what I need exactly. I have a Cisco core switch 6509-E, did the below configuration to enable netflow. I am trying to monitor a physical interface gigaethernet 3/45, but surprisingly, ip route-cache flow command is not available in that interface! So I had to do it in may native VLan 1, which is my management Vlan. I didn’t configure a loopback interface; I can do that if it is necessary.
Switch(config)#mls netflow
Switch(config)#mls flow ip full
Switch(config)#ip flow-export source gigaethernet 3/45
Switch(config)#ip flow-export version 7
Switch(config)#ip flow-export destination x.x.x.x 9996
Switch(config)#interface vlan 1
Switch(config)#ip flow egress
Switch(config)#ip flow ingress
Switch(config)#ip route-cache flow
Now what’s happening is that the Scrutinizer is only retrieving the entire Vlans, around 20 Vlans, but no physical interface, how can I achieve that? I need to monitor the physical interface to monitor all the traffic going into my WAN connection.
I appreciate your support on this,
Amjad
Let me give you more details to understand what I need exactly. I have a Cisco core switch 6509-E, did the below configuration to enable netflow. I am trying to monitor a physical interface gigaethernet 3/45, but surprisingly, ip route-cache flow command is not available in that interface! So I had to do it in may native VLan 1, which is my management Vlan. I didn’t configure a loopback interface; I can do that if it is necessary.
Switch(config)#mls netflow
Switch(config)#mls flow ip full
Switch(config)#ip flow-export source gigaethernet 3/45
Switch(config)#ip flow-export version 7
Switch(config)#ip flow-export destination x.x.x.x 9996
Switch(config)#interface vlan 1
Switch(config)#ip flow egress
Switch(config)#ip flow ingress
Switch(config)#ip route-cache flow
Now what’s happening is that the Scrutinizer is only retrieving the entire Vlans, around 20 Vlans, but no physical interface, how can I achieve that? I need to monitor the physical interface to monitor all the traffic going into my WAN connection.
I appreciate your support on this,
Amjad
- Arabs
- Posts: 2
- Joined: Mon Dec 26, 2011 8:17 am
Re: Configuring Scrutinizer to Collect Data
by pauld » Tue Dec 27, 2011 7:21 am
Hello Amjad,
Typically the 6500's export NetFlow data per VLan and not by physical interface. I would recommend escalating to Cisco to find out what's required to export NetFlow data by the physical interface. I believe it depends on the physical NetFlow card you have in the device.
A couple other things to note with your configuration -- The 6500 does not support the "ip flow egress" command, so you'll want to remove it from your configuration as it will result in getting duplicate data from the device.
"ip flow ingress" and "ip route-cache flow" are redundant commands, meaning you need one or the other, not both -- we have a blog on this http://www.plixer.com/blog/general/ip-r ... -do-i-use/
You're not monitoring any bridged traffic on your 6500 and you haven't specified the proper timeout values -- see our recommended guide for configuring a 6500 http://www.plixer.com/blog/general/how- ... -catalyst/
Thanks,
Paul
Typically the 6500's export NetFlow data per VLan and not by physical interface. I would recommend escalating to Cisco to find out what's required to export NetFlow data by the physical interface. I believe it depends on the physical NetFlow card you have in the device.
A couple other things to note with your configuration -- The 6500 does not support the "ip flow egress" command, so you'll want to remove it from your configuration as it will result in getting duplicate data from the device.
"ip flow ingress" and "ip route-cache flow" are redundant commands, meaning you need one or the other, not both -- we have a blog on this http://www.plixer.com/blog/general/ip-r ... -do-i-use/
You're not monitoring any bridged traffic on your 6500 and you haven't specified the proper timeout values -- see our recommended guide for configuring a 6500 http://www.plixer.com/blog/general/how- ... -catalyst/
Thanks,
Paul
-
pauld - Posts: 156
- Joined: Mon Jan 04, 2010 10:05 am
- Location: Sanford, Maine
Re: Configuring Scrutinizer to Collect Data
by Arabs » Tue Dec 27, 2011 8:36 am
Thanks for clarification Paul 
I might go to another approach and configure netflow on the router instead just to get it over with.
Truly appreciate your guidance,
Amjad
I might go to another approach and configure netflow on the router instead just to get it over with.Truly appreciate your guidance,
Amjad
- Arabs
- Posts: 2
- Joined: Mon Dec 26, 2011 8:17 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests