Q. I have configured a Cisco 6500-series (6509) switch to send Netflow to IMFlows. I am not not seeing the level of traffic I expect to see from this exporter.

A. The Cisco 6500 basically contains two separate exporters: the PFC captures flow statistics for packets routed through hardware; the MFSC handles flows for packets routed through software. You must configure them both. The Cisco 6500 NetFlow Configuration and Troubleshooting Guide provides excellent background information on this.

The same Cisco Guide also provides a good walk-through of the configuration. Like all other Cisco NetFlow-capable equipment, you must also configure every interface to export its flows. The basic steps are:


  1. Enable NetFlow in the PFC with the mls netflow command
  2. Configure the flow mask for the PFC (mls flow ip full)
  3. Enable NetFlow on the MSFC (by executing ip route-cache flow for each interface)
  4. Enable NetFlow for the layer 2 switched traffic on the PFC (ip flow ingress layer2-switched vlan #,#...)
  5. Configure NetFlow Data Export (NDE) on the PFC (mls nde sender)
  6. Configure NDE on the MSFC (ip flow-export source interface, ip flow-export version 9, and ip flow-export destination address port)
  7. Enable layer-2 flow export (ip flow export layer2-switched vlan #...)


Note: In Cisco IOS 12.2, the mls flow ip full command (Step 2 above) is now mls flow ip interface-full

The mls nde sender command (Step 5 above) defaults to using NetFlow version 7 for the PFC. InterMapper Flows 1.2 now handles this protocol.

If you use the commands above, you will see two exporters with the same IP address in the Exporter Settings, one using version 9 and one using version 7. You can add tags to keep clear which you are looking at. Note that Flows will treat them as two exporters against your maximum exporter count.

If you want to treat them both as the same exporter, then both should be set to export v5 (use mls nde sender version 5 and ip flow-export version 5 in Steps 5 and 6, respectively). They will appear as a single exporter in the Exporters tab of the settings. When you change the exporter configuration, you should be sure to deselect or delete the duplicate exporter marked version 7 so that it doesn't take up an exporter slot.

You can verify that the switch is configured to export flow data by using these two commands:

  • sh mls nde
    sh ip flow export


The Cisco Catalyst 6500 Configuration Guide has additional information as well as Netflow commands for the 6500 PFC and MSFC on this page:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/netflow.html