09-09-2021 03:23 AM - edited 09-26-2021 11:23 PM
Hello Team,
I am facing issue in IP Netflow Exporter Packet sending problem in C2960X. Records are added and client send packets but exporter not sending to Netflow Stealthwatch device.
SW1#show flow exporter statistics
Flow Exporter NETFLOW_EXPORTER:
Packet send statistics (last cleared 01:28:30 ago):
Successfully sent: 0 (0 bytes)
Enqueued to process level: 3210 (3656968 bytes)
Client send statistics:
Client: Flow Monitor IPv4_NETFLOW
Records added: 58951
- sent: 58948
Bytes added: 3478109
- sent: 3477932
09-09-2021 03:31 AM
Can you post the configuration of netflow bit and show version of the device
or use below working one :
!
flow record ipv4
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes
collect counter packets
!
flow exporter NetFlow-Server
destination x.x.xx (ip address of Netflow server)
source vlanXX (interface with IP address Orion is managing the device with)
transport udp 2055 (Netflow collector port)
export-protocol Netflow version 9
template data timeout 60 (This will ensure the template is exported every 1 minute, default is 600 seconds)
!
flow monitor NetFlow-Monitor
record ipv4
exporter NetFlow-Server
cache timeout inactive 10
cache timeout active 1
!
vlan configuration XX ( VLAN of Layer 3 Interface)
ip flow monitor NetFlow-Monitor input
!
09-09-2021 03:43 AM - edited 09-09-2021 03:52 AM
.
09-09-2021 03:52 AM
You need config as output as same as input
example :
flow record FLOW-RECORD-OUTPUT
description Standard out flow record
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
flow monitor FLOW-MONITOR-OUTPUT
description Default out Netflow monitor
exporter XXXXXXXXXXXXX
cache timeout active 60
record FLOW-RECORD-OUTPUT
interface range te 1/0/1, te 1/01/2
ip flow monitor FLOW-MONITOR-INPUT input - change the name as per the config
ip flow monitor FLOW-MONITOR-OUTPUT output - change the name as per the config
09-09-2021 04:29 AM
Dear Balaji,
Your example is correct but below command not working-
"match interface output".
SW1(config-if)# ip flow monitor IPv4_NETFLOW sampler NETFLOW output (input working*)
% Flow Monitor: 'IPv4_NETFLOW' could not be added to interface due to invalid sub-traffic type: 0
Kindly suggest further.
09-09-2021 04:40 AM
Can you post complete netflow config and show version, i have seen this issue some time back Cat 4K (not remember solution) let me dig mean time if i can.
is the interface Layer 2 or Layer 3 ? where you applying this config ? same interface accept input right, just for clarity.
09-09-2021 04:46 AM
Yes find the same-
Model-WS-C2960X-48FPD-L
Version- 15.2(7)E3
Netflow version- 9
Config****
flow record FLOW_RECORD
match ipv4 source address
match ipv4 dest address
match ipv4 protocol
match tra source-port
match tra dest-port
match ipv4 tos
match int output
collect int input
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect ip version
flow exporter NETFLOW_TO_SW_FC
destination 192.168.151.32
source vlan 100
transport udp 2055
export-protocol netflow-v9
templete data timeout 60
flow monitor IPv4_NETFLOW
record FLOW_RECORD
exporter NETFLOW_TO_SW_FC
cache timeout active 60
cache timeout inactive 15
int te1/0/1
ip flow monitor IPv4_NETFLOW input
int te1/0/2
ip flow monitor IPv4_NETFLOW input
09-09-2021 04:54 AM - edited 09-09-2021 05:05 AM
the config does not match or missing something, i would like to see both input and output config ?
example :
https://www.balajibandi.com/?p=1383
09-09-2021 05:36 AM
FYI,
flow record FLOW_RECORD_input
description NetFlow input record format to send to SW
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input (not working)
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
flow record FLOW_RECORD_output
description NetFlow output record format to send to SW
match datalink mac source address input
match datalink mac destination address input
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output (not working)
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
flow exporter NETFLOW_TO_SW_FC
description Export NetFlow to SW FC
destination 192.16.151.32
source Vlan100
transport udp 2055
template data timeout 30
export-protocol netflow-v9
flow monitor IPv4_NETFLOW_input
exporter NETFLOW_TO_SW_FC
cache timeout active 60
statistics packet protocol
record FLOW_RECORD_input
flow monitor IPv4_NETFLOW_output
exporter NETFLOW_TO_SW_FC
cache timeout active 60
statistics packet protocol
record FLOW_RECORD_output
SW1(config)#int te1/0/1
SW1(config-if)#
SW1(config-if)#
SW1(config-if)#ip flow monitor IPv4_NETFLOW_input sampler NETFLOW input
SW1(config-if)#
SW1(config-if)#ip flow monitor IPv4_NETFLOW_output sampler NETFLOW ou
SW1(config-if)#$itor IPv4_NETFLOW_output sampler NETFLOW output
% Flow Monitor: 'IPv4_NETFLOW_output' could not be added to interface due to invalid sub-traffic type: 0
09-09-2021 06:34 AM
I used command syntax as below :
interface range te 1/x/1, te 1/x/2
ip flow monitor FLOW-MONITOR-INPUT-01 input
ip flow monitor FLOW-MONITOR-OUTPUT-01 output
sampler have never used or tested before : ( i tried on Cat 9K switches your command not accpeted, until we do sampler config)
But you need to define sampler as per the document :
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide