Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1381
Views
0
Helpful
11
Replies

Netflow analyzer set up for C3750X (service module C3KX-NM-10G)

JungChoi77534
Level 1
Level 1

‎05-17-2021 09:05 AM

Hello all,

I am trying to set up a netflow analyzer tool and will be collecting the data from Sonicwall firewall and C3750x switches.

Per ManageEngine support, the server/application side is all set up but they are saying that the switch is not configured to export out the data and that we need to speak to Cisco about the remaining configuration. 

 

Unfortunately, the switches are not supported any more (and the client let the support lapse) so I am not sure where I can get the information need to finish the configuration. 

Labels:
0 Helpful
11 Replies 11

marce1000
VIP
VIP

‎05-17-2021 09:49 AM

 

 - FYI : http://www.ibbconsult.de/download/pdf/20CiscoCAT.pdf

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

JungChoi77534
Level 1
Level 1
In response to marce1000

‎05-17-2021 11:12 AM

Marce1000,

 

Thanks for that link. It does show that the module has to be SM-10G instead of the NM-10G that is on the switches.

 

Does that mean that NM-10G is just not supported for the flow monitoring?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-17-2021 10:20 AM

Can you post the configuration from Cisco switch to look and understand what is configured.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JungChoi77534
Level 1
Level 1
In response to balaji.bandi

‎05-17-2021 10:29 AM - edited ‎05-17-2021 10:32 AM

Building configuration...

Current configuration : 15813 bytes
!
! Last configuration change at 20:53:48 Pacific Mon Jan 22 2007 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname BlackSwitch3
!
boot-start-marker
boot-end-marker
!
!
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxx
!
username admin password 7 xxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
!
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
aaa accounting dot1x default start-stop group radius
!
!
!
!
!
!
aaa session-id common
clock timezone Pacific -8 0
switch 1 provision ws-c3750x-24p
system mtu routing 1500
!
!
!
!
!
!
!
ip domain-name xxxxxxxxxxxxxxxxxxx
ip name-server xxxxxxxx
ip name-server xxxxxxx
!
!
!
!
!
!
flow record NFArecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow record VLAN1
description record to monitor network traffic
match ipv4 destination address
collect counter bytes
collect counter packets
!
!
flow exporter NFAexporter
destination 192.168.100.249
source Vlan1
transport udp 9996
template data timeout 60
!
!
flow monitor NFAmonitor
exporter NFAexporter
cache timeout active 60
record NFArecord
!
!

dot1x system-auth-control
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/2
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/3
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/4
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/5
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/6
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/7
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/8
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/9
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/10
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/11
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/12
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/13
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/14
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/15
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/16
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/17
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/18
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order dot1x mab
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/19
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/20
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/21
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/22
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/23
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/0/24
switchport mode access
authentication event server dead action authorize
authentication host-mode multi-auth
authentication order mab dot1x
authentication port-control auto
authentication periodic
authentication timer inactivity 900
authentication violation replace
mab
dot1x pae authenticator
dot1x timeout quiet-period 15
dot1x timeout tx-period 2
dot1x max-reauth-req 1
!
interface GigabitEthernet1/1/1
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/2
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/3
ip flow monitor NFAmonitor input
!
interface GigabitEthernet1/1/4
ip flow monitor NFAmonitor input
!
interface TenGigabitEthernet1/1/1
description Uplink to Printer and Server Network
switchport trunk encapsulation dot1q
switchport mode trunk
ip flow monitor NFAmonitor input
!
interface TenGigabitEthernet1/1/2
switchport access vlan 100
switchport mode access
ip flow monitor NFAmonitor input
!
interface Vlan1
ip flow ingress
ip flow egress
ip flow monitor NFAmonitor input
ip address 192.168.100.52 255.255.255.0
!
interface Vlan100
ip flow monitor NFAmonitor input
no ip address
!
ip default-gateway 192.168.100.254
ip forward-protocol nd
!
ip flow-export source Vlan1
ip flow-export destination 192.168.100.249 9996
!
no ip http server
no ip http secure-server
ip ssh version 2
!
!
!
!
snmp-server community public RO
!
!
banner login ^C
*****************************************************************************
* WARNING!!! AUTHORIZED USE ONLY *
*****************************************************************************
* Users of this system have no implicit or explicit expectation of privacy. *
* Unauthorized or improper use of this system may result in disciplinary *
* action, and/or civil or criminal penalties. Use of this system indicates *
* your consent. LOG OFF IMMEDIATELY IF YOU DO NOT AGREE TO THESE CONDITIONS *
*****************************************************************************
^C
!
!
!
end

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to JungChoi77534

‎05-17-2021 12:16 PM

Is this never worked, or working one stop working (if working stop working, what is the changes ?)

 

compared with my working config below lines were missed - try adding and let us know

 

flow record NFArecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface input snmp
collect interface output snmp
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JungChoi77534
Level 1
Level 1
In response to balaji.bandi

‎05-18-2021 09:57 AM

It has never worked. This is the first time trying to configure it.

 

The configs provided are from ManageEngine so not sure if changing it to match yours will do anything. 

 

I am trying to find out if it is even possible to set this up for the NM-10G module. 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-18-2021 10:04 AM

i do not see any issue, i have only suggested add some config to existing config to see if that works.

 

post the below output :

show version

show flow interface

show flow exporter

show flow minitor

 

here document for reference :

 

https://content.cisco.com/chapter.sjs?uri=%2Fsearchable%2Fchapter%2Fwww.cisco.com%2Fcontent%2Fen%2Fus%2Ftd%2Fdocs%2Fswitches%2Flan%2Fcatalyst3750x_3560x%2Fsoftware%2Frelease%2F15-2_1_e%2Fconfiguration%2Fguide%2Fscg3750x%2Fswmnetflow.html.xml&platform...

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JungChoi77534
Level 1
Level 1
In response to balaji.bandi

‎05-18-2021 10:07 AM

I appreciate the help. Should I even bother with the config changes on a NM-10G module? I can't find any information regarding whether or not the NM module is supported. 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to JungChoi77534

‎05-18-2021 10:21 AM

i do not see any issue "NM-10G module" what you see issue here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JungChoi77534
Level 1
Level 1
In response to balaji.bandi

‎05-18-2021 10:24 AM

Not really an issue but from what I have read, it said that it will work on SM modules and only work on the service module ports and not all the ports on the switch. Maybe that was not the correct information. 

 

I will try your suggestions and see if that clears up the issue. 
There is a script that runs from the ManageEngine server that we set up and it applies the settings they are recommending but just not exporting any data out.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to JungChoi77534

‎05-18-2021 12:57 PM 

There is a script that runs from the ManageEngine server that we set up and it applies the settings they are recommending but just not exporting any data out.

You need to check the show command to see you really have data to send. is the device reachable to ManageEngine?

 

also, post the output here to understand the issue - we may have missing small information.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents