购买或续订
购买或续订
Umbrella 发布说明和公告现已在 Cisco 社区发布!点击查看详情。
取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
搜索替代 
您的意思是: 
cancel
开始对话
503
查看次数
2
有帮助
3
回复

ISR4331配置NETFLOW后一直没有流量导出

jiangwensheng
Level 1
Level 1

发布时间 ‎06-26-2024 11:23 PM

配置如下:

flow exporter TAC-EXPORT
destination X.X.X.X vrf Mgmt-intf
source GigabitEthernet0
!
!
flow monitor TAC-MONITOR-IN
exporter TAC-EXPORT
record TAC-RECORD-IN
!
!
flow monitor TAC-MONITOR-OUT
exporter TAC-EXPORT
record TAC-RECORD-OUT
!
!
flow record TAC-RECORD-IN
match flow direction
match ipv4 source address
match interface input
match ipv4 destination address
match ipv4 protocol
collect counter packets long
collect counter bytes long
collect timestamp absolute last
collect transport tcp flags
!
Current configuration:
!
flow record TAC-RECORD-OUT
match flow direction
match interface output
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
collect counter packets long
collect counter bytes long
collect timestamp absolute last
collect transport tcp flags
!
interface GigabitEthernet0/1/0
ip flow monitor TAC-MONITOR-IN input
ip flow monitor TAC-MONITOR-OUT output
ip address XXXX
ip pim sparse-mode
negotiation auto
bfd interval 500 min_rx 500 multiplier 5

show情况如下:

R1#show flow monitor
Flow Monitor TAC-MONITOR-IN:
Description: User defined
Flow Record: TAC-RECORD-IN
Flow Exporter: TAC-EXPORT
Cache:
Type: normal (Platform cache)
Status: allocated
Size: 200000 entries
Inactive Timeout: 15 secs
Active Timeout: 1800 secs
Trans end aging: off

Flow Monitor TAC-MONITOR-OUT:
Description: User defined
Flow Record: TAC-RECORD-OUT
Flow Exporter: TAC-EXPORT
Cache:
Type: normal (Platform cache)
Status: allocated
Size: 200000 entries
Inactive Timeout: 15 secs
Active Timeout: 1800 secs
Trans end aging: off


RT1#show flow ex
RT1#show flow exporter sta
RT1#show flow exporter statistics
Flow Exporter TAC-EXPORT:
Packet send statistics (last cleared 00:24:14 ago):
Successfully sent: 0 (0 bytes)

Client send statistics:
Client: Flow Monitor TAC-MONITOR-IN
Records added: 0
Bytes added: 0

Client: Flow Monitor TAC-MONITOR-OUT
Records added: 0
Bytes added: 0


RT1#show flow exporter
Flow Exporter TAC-EXPORT:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: xxxx
VRF label: Mgmt-intf
Source IP address: xxxx
Source Interface: GigabitEthernet0
Transport Protocol: UDP
Destination Port: 9995
Source Port: 63844
DSCP: 0x0
TTL: 255
Output Features: Used

在另一台ISR4331设备上进行同样的配置,exported是有流量的,两个设备之间只有版本的区别,本台(没有流量)是16.6.5,另一台(正常)是15.5(3)S4b

0 有帮助
3 条回复3

Rps-Cheers
VIP
VIP

发布时间 ‎07-03-2024 12:17 AM

不确定是不是你的两个接口在不同的vrf,这里的源接口是G0,属于mgmt-vrf, GigabitEthernet0/1/0应该是默认的vrf吧。让相关接口都在同一个vrf试试呢

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !

Rockyw
Spotlight
Spotlight

发布时间 ‎07-06-2024 07:40 AM

楼主可以参考一下下面的帖子

isr 4331 配置netflow

https://community.cisco.com/t5/%E8%B7%AF%E7%94%B1%E8%AE%A8%E8%AE%BA%E5%8C%BA/isr-4331-%E9%85%8D%E7%BD%AEnetflow/td-p/4568065

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rockyw | If it solves your problem, please mark as answer. Thanks !
0 有帮助

eric888888
Spotlight
Spotlight

发布时间 ‎07-13-2024 08:55 AM

因为 GigabitEthernet0是管理端口处于VRF接口,ISE设备管理端口是不能作为netflow出端口的,需要使用业务端口配置。

快捷链接

浏览社区快速链接并以您的母语获取个性化内容:

发布或浏览文章 分享想法或新闻 观看我们的所有视频
Customers Also Viewed These Support Documents