cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
4
Replies
utawakevou
Participant

Exporting Netflow on Cisco 4331

Hi,

I need help with the above. Im using the management port on its own VRF. Can ping the netflow analyzer server from the router but can see an anything at all on the NFA server. Here is my configuration and probably something I'm missing ?:

 

flow record NFArecord
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
collect interface output
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
!
!
flow exporter NFA
destination 192.168.0.5 vrf Mgmt-intf
source GigabitEthernet0
transport udp 9996
template data timeout 60
option application-table timeout 60
option application-attributes timeout 60
!
!
flow monitor NFAmonitor
exporter NFA
cache timeout inactive 60
cache timeout active 60
record NFArecord


interface GigabitEthernet0/0/3
ip flow monitor NFAmonitor input
ip flow monitor NFAmonitor output

 

I can ping the server from the router using that VRF 


ping vrf Mgmt-intf 192.168.0.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

Any help will be really apprecaited

 

4 REPLIES 4
balaji.bandi
VIP Expert

is this both the interface part of VRF - interface GigabitEthernet0/0/3 and GigabitEthernet0

 

try to change version 5 to 9 and test. "ip flow export version 9"

 

please post below output :

 

show version

show flow monitor NFAmonitor cache



BB


*** Rate All Helpful Responses ***

Only interface GigabitEthernet0 is in the management VFR. interface GigabitEthernet0/0/3 netlow is the flow I want to be exported to the NFA server.

 

see attach for the result of show version and the sample of netflow table

 

I have never tried exporting to VRF with a normal Routing table using Netflow.

 

I am sure VRF and Default routing table need to exchange each other information so the information will be replicated to VRF and GRT

 

try the below thread -  adding some information VRF aware.

 

match routing vrf input
 match routing vrf output

 

https://community.cisco.com/t5/routing/asr1000-flow-export-to-vrf-mgmt-intf/td-p/1568327

https://community.cisco.com/t5/switching/netflow-vrf-export/td-p/1339418

 

EDIT :

 

i was searching my document in one note :

found this URL may be helpful :

 

https://wannabelab.blogspot.com/2016/08/configuring-flexible-netflow-fnf-using.html?m=1

 



BB


*** Rate All Helpful Responses ***

Thank you. I've tried that to no avail. I don't understand why it doesn't work as I've got RADIUS, syslog working via the management VRF

Content for Community-Ad