01-27-2020 01:11 PM
Hi all,
I am having trouble configuring Netflow on an IOS XE router through an management interface with a vrf on it. I have used the configuration guide from cisco (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3se/5700/fnf-ing-vrf.pdf), but without succes. Any help is appreciated.
The config that I used is as follows:
-----------------------
flow record NETFLOW1
!The more matches and collects, the more you'll get.
match routing vrf input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input !also tried output
collect counter bytes
collect counter packets
collect interface output
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect routing source as
collect routing destination as
flow exporter EXPORTER1
description DESTINATION SERVER
destination 1.0.0.6 vrf Mgmt-intf
transport udp 9996
export-protocol netflow-v9
template data timeout 60
flow monitor MONITOR1
record NETFLOW1
exporter EXPORTER1
interface Port-channel10
ip flow monitor EXPORTER1 input
interface TenGigabitEthernet0/1/0
ip flow monitor EXPORTER1 input
interface TenGigabitEthernet0/1/1
ip flow monitor EXPORTER1 input
interface TenGigabitEthernet0/1/2
ip flow monitor EXPORTER1 input
interface TenGigabitEthernet0/1/3
ip flow monitor EXPORTER1 input
interface GigabitEthernet0
ip flow monitor EXPORTER1 input
-----------------------
Trying to put the monitor on the GigabitEthernet0 will give the following error: 'Management interface (GigabitEthernet0) cannot be used as source for an exporter'
The config of GigabitEthernet0 is as follows:
-----------------------
interface GigabitEthernet0
description MGMT-INTF
vrf forwarding Mgmt-intf
ip address 1.0.0.5 255.255.255.0
-----------------------
using the command 'Show ip cache flow' will give the following output:
-----------------------
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 0 added
0 ager polls, 0 flow alloc failures
-----------------------
What am I doing wrong here?
Thanks in advance.
Solved! Go to Solution.
01-28-2020 01:13 PM
you didn't specify the platform, but i can tell you from working with ASR1000s this is not possible, as the mgmt interface (Gig0) is not part of the route processor or something like that. I forget the details but if you dig around a little you can find the explanation.
the workaround that we used to do, if you have an extra interface, is to create another vrf named MGMT or something like that, put the extra interface into that vrf, and convert your mgmt functionality to that interface. It is basically the same thing as using gig0 without having the particular limitation for netflow.
01-28-2020 01:13 PM
you didn't specify the platform, but i can tell you from working with ASR1000s this is not possible, as the mgmt interface (Gig0) is not part of the route processor or something like that. I forget the details but if you dig around a little you can find the explanation.
the workaround that we used to do, if you have an extra interface, is to create another vrf named MGMT or something like that, put the extra interface into that vrf, and convert your mgmt functionality to that interface. It is basically the same thing as using gig0 without having the particular limitation for netflow.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide