Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3379
Views
0
Helpful
3
Replies

Cisco 871W - Netflow

hutcha4113
Level 1
Level 1

‎04-28-2010 08:45 AM

Hi Everyone,


I am running into a road block getting Netflow up and running on a Cisco 871W.  First the setup:

  • Cisco 871W running IPSEC VPN to an ASA 5510.
  • Netflow should be going to Solarwinds. (Their free tool).
  • 871 is running 12.4 (15)T7.

I have added ip-route cache flow to VLAN1 (I also had it on interface FA04, but seeing conflicting reports that it should not be there?).

For Netflow also have the following:

ip flow-export source VLAN1

ip flow-export version 5

ip flow-export destination (server IP) 2055

sh ip flow export advises that 45009 flows have been exported in 4931 udp datagrams, 0 failures.  However my graphical NetFlow tool shows nothing.  At this point I am not sure if I am missing something.  I had thought it might be VPN related (i.e. ASA is blocking) but other Solarwinds tools can connect and pull stats from the router in question.

I have never really used Netflow, so some help would be great.

NOTE:  I see this command being recommended - ip nbar protocol-discovery.  But when I try it in config, I get unrecognized command.

Thanks in advance.

Hutch

Labels:
0 Helpful
3 Replies 3

yjdabear
VIP Alumni
VIP Alumni

‎04-28-2010 03:21 PM

Since the 871W reports exporting udp datagrams, I think you'd want to start with verifying on the Solarwinds end if it's seeing those exports, say with a sniffer, then move towards the 871W end along the way. Since there's an ASA in the path, it could very well be where the flow exports hit the "road block", unless udp port 2055 is already open in the right direction by previous happenstance. The fact other Solarwinds tools can get their data does not have much bearing on ruling out an ASA blockage unless those tools communicate utilize udp port 2055 as well.

0 Helpful

jakewilson
Level 1
Level 1

‎05-07-2010 08:45 AM

To check to see if NetFlow is being received, shut down Solarwinds collector and run Flowalyzer:

http://media.plixer.com/flowalyzer.exe  (8.35MB). 

Also, might want to try Scrutinizer for NetFlow Analysis.

Jake

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents