cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5401
Views
15
Helpful
1
Replies

Configuring Netflow on IOS XE with VRF not working.

RonaldT
Level 1
Level 1

Hi all,

I am having trouble configuring Netflow on an IOS XE router through an management interface with a vrf on it. I have used the configuration guide from cisco (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3se/5700/fnf-ing-vrf.pdf), but without succes. Any help is appreciated.

The config that I used is as follows:

-----------------------

flow record NETFLOW1
!The more matches and collects, the more you'll get.
match routing vrf input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input !also tried output
collect counter bytes
collect counter packets
collect interface output
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect routing source as
collect routing destination as

flow exporter EXPORTER1
description DESTINATION SERVER
destination 1.0.0.6 vrf Mgmt-intf
transport udp 9996
export-protocol netflow-v9
template data timeout 60

flow monitor MONITOR1
record NETFLOW1
exporter EXPORTER1

interface Port-channel10
ip flow monitor EXPORTER1 input

interface TenGigabitEthernet0/1/0
ip flow monitor EXPORTER1 input

interface TenGigabitEthernet0/1/1
ip flow monitor EXPORTER1 input

interface TenGigabitEthernet0/1/2
ip flow monitor EXPORTER1 input

interface TenGigabitEthernet0/1/3
ip flow monitor EXPORTER1 input

interface GigabitEthernet0
ip flow monitor EXPORTER1 input

-----------------------

Trying to put the monitor on the GigabitEthernet0 will give the following error: 'Management interface (GigabitEthernet0) cannot be used as source for an exporter'

The config of GigabitEthernet0 is as follows:

-----------------------

interface GigabitEthernet0
description MGMT-INTF
vrf forwarding Mgmt-intf
ip address 1.0.0.5 255.255.255.0

-----------------------

using the command 'Show ip cache flow' will give the following output:

-----------------------

IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures

-----------------------

What am I doing wrong here?
Thanks in advance.

1 Accepted Solution

Accepted Solutions

cmarva
Level 4
Level 4

you didn't specify the platform, but i can tell you from working with ASR1000s this is not possible, as the mgmt interface (Gig0) is not part of the route processor or something like that. I forget the details but if you dig around a little you can find the explanation.

 

the workaround that we used to do, if you have an extra interface, is to create another vrf named MGMT or something like that, put the extra interface into that vrf, and convert your mgmt functionality to that interface. It is basically the same thing as using gig0 without having the particular limitation for netflow. 

View solution in original post

1 Reply 1

cmarva
Level 4
Level 4

you didn't specify the platform, but i can tell you from working with ASR1000s this is not possible, as the mgmt interface (Gig0) is not part of the route processor or something like that. I forget the details but if you dig around a little you can find the explanation.

 

the workaround that we used to do, if you have an extra interface, is to create another vrf named MGMT or something like that, put the extra interface into that vrf, and convert your mgmt functionality to that interface. It is basically the same thing as using gig0 without having the particular limitation for netflow.