cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
907
Views
0
Helpful
2
Replies
Highlighted
Beginner

Flexible Netflow no exporting.....do i need an ACL ?

Hi All,

 

I've configured Flexible Netflow v9 on our ISR 4431 and it is collecting data and i've set the exporter to push it to a Prime device but it's not showing any data. I've also tried a couple of 3rd party Netflow collectors such as Solarwinds and PRTG on a PC and changed the exporter destination IP (and made firewall corrections etc) but they don't pick up any data either.

 

This is the exporter settings:

Company1#sh flow exporter CompanyNetflowExporter
Flow Exporter CompanyNetflowExporter:
Description: NETFLOW export to Prime
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: 192.168.2.106
Source IP address: 172.16.1.1
Source Interface: Loopback0
Transport Protocol: UDP
Destination Port: 2055
Source Port: 56194
DSCP: 0x0
TTL: 255
Output Features: Used

 

This is the ISR flow cache:

company1#sh flow monitor companyNetFlow cac
Cache type: Normal (Platform cache)
Cache size: 200000
Current entries: 945
High Watermark: 3392

Flows added: 2929085
Flows aged: 2928140
- Active timeout ( 1800 secs) 1415
- Inactive timeout ( 15 secs) 2926725

IPV4 SOURCE ADDRESS: 192.168.2.71
IPV4 DESTINATION ADDRESS: 109.249.180.0
TRNS SOURCE PORT: 4500
TRNS DESTINATION PORT: 4500
INTERFACE INPUT: Gi0/0/2
IP PROTOCOL: 17
interface output: Gi0/0/0
counter bytes: 29
counter packets: 1

IPV4 SOURCE ADDRESS: 216.58.205.34
IPV4 DESTINATION ADDRESS: 192.168.2.82
TRNS SOURCE PORT: 443
TRNS DESTINATION PORT: 53769
INTERFACE INPUT: Gi0/0/0
IP PROTOCOL: 17
interface output: Gi0/0/2
counter bytes: 200548
counter packets: 182

IPV4 SOURCE ADDRESS: 192.168.2.190
IPV4 DESTINATION ADDRESS: 52.97.133.242
TRNS SOURCE PORT: 52766
TRNS DESTINATION PORT: 443
INTERFACE INPUT: Gi0/0/2
IP PROTOCOL: 6
interface output: Gi0/0/0
counter bytes: 40
counter packets: 1

IPV4 SOURCE ADDRESS: 52.214.249.84
IPV4 DESTINATION ADDRESS: 192.168.3.85
TRNS SOURCE PORT: 12222
TRNS DESTINATION PORT: 34706
INTERFACE INPUT: Gi0/0/0
IP PROTOCOL: 17
interface output: Gi0/0/2
counter bytes: 109
counter packets: 1

IPV4 SOURCE ADDRESS: 192.168.2.50
IPV4 DESTINATION ADDRESS: 52.97.146.194
TRNS SOURCE PORT: 51945
TRNS DESTINATION PORT: 443
INTERFACE INPUT: Gi0/0/2

 

My question is that do i need to put an ACL in to allow Netflow to export to the collector ?

 

Thanks

 

2 REPLIES 2
Highlighted
Participant

You shouldn't require an ACL for a netflow exporter. 

 

Since you are getting flow data on the router it looks like you have everything configured, you may just need to reference the flow exporter in the flow monitor. 

 

If you do show flow monitor on the router do you see the flow exporter your configured? 

 

Flow Monitor FLOW-MON:
Description: User defined
Flow Record: FLOW-RECORD
Flow Exporter: FLOW-EXPORT
Cache:
Type: normal (Platform cache)
Status: allocated
Size: Unknown
Inactive Timeout: 300 secs
Active Timeout: 1800 secs
Update Timeout: 1800 secs
Synchronized Timeout: 600 secs

 

If the exporter is configured and referenced in the flow monitor it may be another issue. I would check the path from the router to the collector servers and make sure the source is allowed and routed properly. 

Highlighted

Thanks,

 

I changed the exporter IP to a Windows PC and put PTRG on there and that picks up the Netflow fine so i now know that the ISR is sending the data out but i can't get the Cisco Prime VM to pick it up. I've found that Prime only listens for it on port 9991 but it still won't pick it up if i change the exporter to send on that port. I've also ran Show Ports on the CLI of the Prime PC and it doesn't even look as though it's listening on 9991 ?

 

Thanks

 

 

Content for Community-Ad