cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2162
Views
0
Helpful
9
Replies

IP Netflow Exporter Packet sending problem in C2960X Switch

Hello Team,

I am facing issue in IP Netflow Exporter Packet sending problem in C2960X. Records are added and client send packets but exporter not sending to Netflow Stealthwatch device.

 

SW1#show flow exporter statistics
Flow Exporter NETFLOW_EXPORTER:
Packet send statistics (last cleared 01:28:30 ago):
Successfully sent: 0 (0 bytes)
Enqueued to process level: 3210 (3656968 bytes)

Client send statistics:
Client: Flow Monitor IPv4_NETFLOW
Records added: 58951
- sent: 58948
Bytes added: 3478109
- sent: 3477932

9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

Can you post the configuration of netflow bit and show version of the device

 

or use below working one :

 

!

flow record ipv4

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect interface output

collect counter bytes

collect counter packets

!

flow exporter NetFlow-Server

destination  x.x.xx (ip address of Netflow  server)

source vlanXX (interface with IP address Orion is managing the device with)

transport udp 2055 (Netflow collector port)

export-protocol Netflow version 9

template data timeout 60 (This will ensure the template is exported every 1 minute, default is 600 seconds)

!

flow monitor NetFlow-Monitor

record ipv4

exporter NetFlow-Server

cache timeout inactive 10

cache timeout active 1

!

vlan configuration XX  ( VLAN of Layer 3 Interface)

ip flow monitor NetFlow-Monitor input

!

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

.

You need config as output as same as input

 

example :

 

flow record FLOW-RECORD-OUTPUT
description Standard  out flow record
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last

 

 

flow monitor FLOW-MONITOR-OUTPUT
description Default out  Netflow monitor
exporter XXXXXXXXXXXXX
cache timeout active 60
record FLOW-RECORD-OUTPUT

 

 

interface range te 1/0/1, te 1/01/2
ip flow monitor FLOW-MONITOR-INPUT input   - change the name as per the config
ip flow monitor FLOW-MONITOR-OUTPUT output  - change the name as per the config

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dear Balaji,

Your example is correct but below command not working-

"match interface output".

 

SW1(config-if)# ip flow monitor IPv4_NETFLOW sampler NETFLOW output             (input working*)
% Flow Monitor: 'IPv4_NETFLOW' could not be added to interface due to invalid sub-traffic type: 0

 

Kindly suggest further. 

 

@balaji.bandi 

Can you post complete netflow config and show version, i have seen this issue some time back Cat 4K (not remember solution) let me dig mean time if i can.

 

is the interface Layer 2 or Layer 3 ? where you applying this config ? same interface accept input right, just for clarity.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes find the same-

Model-WS-C2960X-48FPD-L

Version- 15.2(7)E3

Netflow version- 9

Config****

 

 

 

flow record FLOW_RECORD
match ipv4 source address
match ipv4 dest address
match ipv4 protocol
match tra source-port
match tra dest-port
match ipv4 tos
match int output
collect int input
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect ip version

 

flow exporter NETFLOW_TO_SW_FC
destination 192.168.151.32
source vlan 100
transport udp 2055
export-protocol netflow-v9
templete data timeout 60

 

flow monitor IPv4_NETFLOW
record FLOW_RECORD
exporter NETFLOW_TO_SW_FC
cache timeout active 60
cache timeout inactive 15

 

int te1/0/1
ip flow monitor IPv4_NETFLOW input


int te1/0/2
ip flow monitor IPv4_NETFLOW input

the config does not match or missing something, i would like to see both input and output config ?

 

 

example :

 

https://www.balajibandi.com/?p=1383

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

FYI,

 

flow record FLOW_RECORD_input
description NetFlow input record format to send to SW
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input (not working)
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last

flow record FLOW_RECORD_output
description NetFlow output record format to send to SW
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output (not working)
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last

flow exporter NETFLOW_TO_SW_FC
description Export NetFlow to SW FC
destination 192.16.151.32
source Vlan100
transport udp 2055
template data timeout 30
export-protocol netflow-v9

flow monitor IPv4_NETFLOW_input
exporter NETFLOW_TO_SW_FC
cache timeout active 60
statistics packet protocol
record FLOW_RECORD_input

flow monitor IPv4_NETFLOW_output
exporter NETFLOW_TO_SW_FC
cache timeout active 60
statistics packet protocol
record FLOW_RECORD_output

 

 

SW1(config)#int te1/0/1
SW1(config-if)#
SW1(config-if)#
SW1(config-if)#ip flow monitor IPv4_NETFLOW_input sampler NETFLOW input
SW1(config-if)#
SW1(config-if)#ip flow monitor IPv4_NETFLOW_output sampler NETFLOW ou
SW1(config-if)#$itor IPv4_NETFLOW_output sampler NETFLOW output
% Flow Monitor: 'IPv4_NETFLOW_output' could not be added to interface due to invalid sub-traffic type: 0

I used command syntax as below :

 

interface range te 1/x/1, te 1/x/2
ip flow monitor FLOW-MONITOR-INPUT-01 input
ip flow monitor FLOW-MONITOR-OUTPUT-01 output

 

sampler have never used or tested before : ( i tried on Cat 9K switches your command not accpeted, until we do sampler config)

 

But you need to define sampler as per the document :

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-mt/fnf-15-mt-book/use-fnflow-redce-cpu.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco