05-17-2021 09:05 AM
Hello all,
I am trying to set up a netflow analyzer tool and will be collecting the data from Sonicwall firewall and C3750x switches.
Per ManageEngine support, the server/application side is all set up but they are saying that the switch is not configured to export out the data and that we need to speak to Cisco about the remaining configuration.
Unfortunately, the switches are not supported any more (and the client let the support lapse) so I am not sure where I can get the information need to finish the configuration.
05-17-2021 09:49 AM
- FYI : http://www.ibbconsult.de/download/pdf/20CiscoCAT.pdf
M.
05-17-2021 11:12 AM
Marce1000,
Thanks for that link. It does show that the module has to be SM-10G instead of the NM-10G that is on the switches.
Does that mean that NM-10G is just not supported for the flow monitoring?
05-17-2021 10:20 AM
Can you post the configuration from Cisco switch to look and understand what is configured.
05-17-2021 10:29 AM - edited 05-17-2021 10:32 AM
Building configuration...
Current configuration : 15813 bytes
!
! Last configuration change at 20:53:48 Pacific Mon Jan 22 2007 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BlackSwitch3
!
boot-start-marker
boot-end-marker
!
!
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
!
username admin password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
!
!
!
!
!
aaa session-id common
clock timezone Pacific -8 0
switch 1 provision ws-c3750x-24p
system mtu routing 1500
!
!
!
!
!
!
!
ip domain-name xxxxxxxxxxxxxxxxxxx
ip name-server xxxxxxxx
ip name-server xxxxxxx
!
!
!
!
!
!
flow record NFArecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow record VLAN1
description record to monitor network traffic
match ipv4 destination address
collect counter bytes
collect counter packets
!
!
flow exporter NFAexporter
destination 192.168.100.249
source Vlan1
transport udp 9996
template data timeout 60
!
!
flow monitor NFAmonitor
exporter NFAexporter
cache timeout active 60
record NFArecord
!
!
dot1x system-auth-control
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/2
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/3
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/4
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/5
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/6
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/7
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/8
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/9
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/10
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/11
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/12
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/13
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/14
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/15
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/16
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/17
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/18
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/19
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/20
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/21
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/22
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/23
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/24
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/1/1
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/2
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/3
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/4
ip flow monitor NFAmonitor input
!
interface TenGigabitEthernet1/1/1
description Uplink to Printer and Server Network
switchport trunk encapsulation dot1q
switchport mode trunk
ip flow monitor NFAmonitor input
!
interface TenGigabitEthernet1/1/2
switchport access vlan 100
switchport mode access
ip flow monitor NFAmonitor input
!
interface Vlan1
ip flow ingress
ip flow egress
ip flow monitor NFAmonitor input
ip address 192.168.100.52 255.255.255.0
!
interface Vlan100
ip flow monitor NFAmonitor input
no ip address
!
ip default-gateway 192.168.100.254
ip forward-protocol nd
!
ip flow-export source Vlan1
ip flow-export destination 192.168.100.249 9996
!
no ip http server
no ip http secure-server
ip ssh version 2
!
!
!
!
snmp-server community public RO
!
!
banner login ^C
*****************************************************************************
* WARNING!!! AUTHORIZED USE ONLY *
*****************************************************************************
* Users of this system have no implicit or explicit expectation of privacy. *
* Unauthorized or improper use of this system may result in disciplinary *
* action, and/or civil or criminal penalties. Use of this system indicates *
* your consent. LOG OFF IMMEDIATELY IF YOU DO NOT AGREE TO THESE CONDITIONS *
*****************************************************************************
^C
!
!
!
end
05-17-2021 12:16 PM
Is this never worked, or working one stop working (if working stop working, what is the changes ?)
compared with my working config below lines were missed - try adding and let us know
flow record NFArecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface input snmp
collect interface output snmp
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
05-18-2021 09:57 AM
It has never worked. This is the first time trying to configure it.
The configs provided are from ManageEngine so not sure if changing it to match yours will do anything.
I am trying to find out if it is even possible to set this up for the NM-10G module.
05-18-2021 10:04 AM
i do not see any issue, i have only suggested add some config to existing config to see if that works.
post the below output :
show version
show flow interface
show flow exporter
show flow minitor
here document for reference :
05-18-2021 10:07 AM
I appreciate the help. Should I even bother with the config changes on a NM-10G module? I can't find any information regarding whether or not the NM module is supported.
05-18-2021 10:21 AM
i do not see any issue "NM-10G module" what you see issue here ?
05-18-2021 10:24 AM
Not really an issue but from what I have read, it said that it will work on SM modules and only work on the service module ports and not all the ports on the switch. Maybe that was not the correct information.
I will try your suggestions and see if that clears up the issue.
There is a script that runs from the ManageEngine server that we set up and it applies the settings they are recommending but just not exporting any data out.
05-18-2021 12:57 PM
There is a script that runs from the ManageEngine server that we set up and it applies the settings they are recommending but just not exporting any data out.
You need to check the show command to see you really have data to send. is the device reachable to ManageEngine?
also, post the output here to understand the issue - we may have missing small information.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide