Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
0
Helpful
4
Replies

Exporting Netflow on Cisco 4331

utawakevou
Level 4
Level 4

‎03-23-2021 06:30 PM

Hi,

I need help with the above. Im using the management port on its own VRF. Can ping the netflow analyzer server from the router but can see an anything at all on the NFA server. Here is my configuration and probably something I'm missing ?:

 

flow record NFArecord
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
!
!
flow exporter NFA
destination 192.168.0.5 vrf Mgmt-intf
source GigabitEthernet0
transport udp 9996
template data timeout 60
option application-table timeout 60
option application-attributes timeout 60
!
!
flow monitor NFAmonitor
exporter NFA
cache timeout inactive 60
cache timeout active 60
record NFArecord


interface GigabitEthernet0/0/3
ip flow monitor NFAmonitor input
ip flow monitor NFAmonitor output

 

I can ping the server from the router using that VRF 


ping vrf Mgmt-intf 192.168.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

Any help will be really apprecaited

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-24-2021 01:01 AM

is this both the interface part of VRF - interface GigabitEthernet0/0/3 and GigabitEthernet0

 

try to change version 5 to 9 and test. "ip flow export version 9"

 

please post below output :

 

show version

show flow monitor NFAmonitor cache

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

utawakevou
Level 4
Level 4
In response to balaji.bandi

‎03-24-2021 05:28 AM

Only interface GigabitEthernet0 is in the management VFR. interface GigabitEthernet0/0/3 netlow is the flow I want to be exported to the NFA server.

 

see attach for the result of show version and the sample of netflow table

 

Preview file
9 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to utawakevou

‎03-24-2021 02:00 PM - edited ‎03-24-2021 02:28 PM

I have never tried exporting to VRF with a normal Routing table using Netflow.

 

I am sure VRF and Default routing table need to exchange each other information so the information will be replicated to VRF and GRT

 

try the below thread -  adding some information VRF aware.

 

match routing vrf input
 match routing vrf output

 

https://community.cisco.com/t5/routing/asr1000-flow-export-to-vrf-mgmt-intf/td-p/1568327

https://community.cisco.com/t5/switching/netflow-vrf-export/td-p/1339418

 

EDIT :

 

i was searching my document in one note :

found this URL may be helpful :

 

https://wannabelab.blogspot.com/2016/08/configuring-flexible-netflow-fnf-using.html?m=1

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

utawakevou
Level 4
Level 4
In response to balaji.bandi

‎03-25-2021 03:56 PM

Thank you. I've tried that to no avail. I don't understand why it doesn't work as I've got RADIUS, syslog working via the management VRF

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents