Catalyst 9500-32Q Flexible Netflow issue "Help"

jracevedo · ‎03-20-2019

My issue, I think, is I cannot see interface Fo1/0/1 in any netflow server (Managengine Netflow, Extrahop Netflow). I can only see a Null interface only on interface fo1/0/1, I can add other interfaces and they will show up in the Netflow server choice of interfaces to monitor. One more thing I only see inbound and not outbound traffic. Please see my configuration below not sure if correct:

Cisco Catalyst C9500-32QC
Cisco IOS XE Software, Version 16.09.02
Cisco IOS Software [Fuji]
----------------------------------------

flow record record-ingress
description IPv4 ingress
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
match flow direction
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow record record-egress
description IPv4 egress
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface output
match flow direction
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter FlowExporter
description NETFLOW Export to Netflow
destination xx.xx.xx.xx
source Loopback0
transport udp 9996
template data timeout 60
!
!
flow monitor fm-input
description IPv4 ingress exports
exporter FlowExporter
cache timeout active 60
record record-ingress
!
!
flow monitor fm-output
description IPv4 egress exports
exporter FlowExporter
cache timeout active 60
record record-egress

interface FortyGigabitEthernet1/0/1
description Corp WAN
ip flow monitor fm-input input
ip flow monitor fm-output output
ip address xx.xx.xx.xx xx.xx.xx.xx
ip ospf message-digest-key 1 md5
ip ospf network point-to-point
ip ospf hello-interval 2
ip ospf cost 1

show flow monitor fm-input cache format table

Cache type: Normal (Platform cache)
Cache size: 10000
Current entries: 21928

Flows added: 292930320
Flows aged: 292908392
- Active timeout ( 60 secs) 22609577
- Inactive timeout ( 15 secs) 270298815

IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT INTF INPUT FLOW DIRN IP TOS IP PROT intf output
=============== =============== ============= ============= ============ ========= ====== ===== ============
172.xx.xxx.xx 172.xx.xx.xxx 6970 50487 Null Input 0x00 6 Null
172.xx.xxx.xx 172.xx.xx.xxx 2000 49154 Null Input 0x60 6 Null

sho flow monitor fm-output cache format table
Cache type: Normal (Platform cache)
Cache size: 10000
Current entries: 22494

Flows added: 4993240
Flows aged: 4970746
- Active timeout ( 60 secs) 645159
- Inactive timeout ( 15 secs) 4325587

IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT INTF OUTPUT FLOW DIRN IP TOS IP PROT intf input
=============== =============== ============= ============= ============= ========= ====== ======= ====================
10.xx.xx.xx 10.xx.xx.xx 5044 49246 Null Output 0x00 6 Null
137.xx.xx.xx 10.x.xx.xx 0 0 Null Output 0x40 47 Null

jracevedo · ‎03-20-2019

As I continue to troubleshoot this issue I noticed that the ports that are not showing have something in common each port that I cannot get to show up as a netflow port are using the QSFP TO SFP10G ADAPTER with a 10 SFP in a native QSFP 40G port. The native forty gig QSFP ports show up in netflow. This is most likely my issue. Not sure if there is a fix for this issue but I'll put it out there for any advise.