Sorry, Ill try that first paragraph again: I have a catalyst 6509, one port is on one VLAN through which all WAN traffic passes to/from about 15 WAN other sites. Note: There is another router between the catalyst and the WAN sites but this router only sees encrypted traffic, so cant be used).
on Fri, Apr 16, 2004 at 03:36:25PM +1000, Broun, Bevan <[EMAIL PROTECTED]> wrote: > Hi all > > I have a catalyst 6509, one port is on one VLAN through which all WAN > traffic passes to/from about 15 WAN other. Note: There is another router > between the catalyst and the WAN sites but only sees encrypted traffic, so > can be used). > > I want to turn on netflow accounting but I dont want to see flows related > to the local LAN of the 6909, which would be the majority of the traffic. > > I know I need to run something like: > > set mls flow full > set mls nde version 7 > set mls nde 10.0.0.1 9800 > set mls nde enable > > and I see > http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_command_reference_chapter09186a008007f2ab.html > says I can put a filter on the source address. This will work for me if I > can put multiple source filters that act like an OR on. something like: > > set mls nde flow destination 0.0.0.0/0 source 10.30.0.0/16 > set mls nde flow destination 0.0.0.0/0 source 10.126.0.0/16 > > Will this act like an OR for the two filters? Anybody doing this? Would I > be better filtering this at the collector via flow-nfilter? > > Secondly, what is the equivalent to these IOS commands: > ip flow-cache timeout active 1 > ip flow-cache timeout inactive 15 > > Thanks in advance. > > BB > _______________________________________________ > Flow-tools mailing list > [EMAIL PROTECTED] > http://mailman.splintered.net/mailman/listinfo/flow-tools _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
