cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
25324
Views
10
Helpful
4
Replies

Netflow Configuration on IOS-XE

Craddockc
Level 3
Level 3

Community,

Im having issues setting up Netflow on a 4431 ISR that runs IOS-XE. The Configs are very different from what im used to on regular IOS that used to be pretty straight forward. Can someone help me with the config? None of the online materials are making sense. Here is the situation:

 

I want to send Netflow statistics from the G0/0/0 and G0/0/1 interfaces both ingress and egress to my Solarwinds server at 10.134.193.73. I want the netflow traffic to be sent over the managment interface that is in VRF "Mgmt-intf"to the Solarwinds server. Here is what I have so far on the config:

 

QTS-BORDER-1B#show ver
Cisco IOS XE Software, Version 03.16.06.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S6, RELEASE SOFTWARE (fc3)
 

 

vrf definition Mgmt-intf

!

interface GigabitEthernet0
description Mgmt Intf
vrf forwarding Mgmt-intf
ip address 10.110.255.15 255.255.255.0
negotiation auto
no mop enabled

!

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.110.255.18

!

flow exporter Solarwinds
destination 10.134.193.73 vrf Mgmt-intf
source GigabitEthernet0
export-protocol netflow-v5
!
!
flow monitor Netflow
exporter Solarwinds

 

However when I try to apply the monitor to the interface I get the following error:

 

QTS-BORDER-1B(config-if)#ip flow monitor Netflow input
% Flow Monitor: Failed to add monitor to interface: The monitor does not have a valid record

 

The management interface is able to reach the solarwinds server.

QTS-BORDER-1B#ping vrf Mgmt-intf 10.134.193.73
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.134.193.73, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

1 Accepted Solution

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni

Heres a working one form my 4331s , just add in your destination and source and the vrf and under any interface you wnat monitored add the input /output

 

flow record FLOW-RECORD
 description record to monitor network traffic
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 match interface output
 collect routing source as
 collect routing destination as
 collect routing next-hop address ipv4
 collect transport tcp flags
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter NetQos
 description export Netflow traffic to HQ
 destination X.X.X.X
 source X
 output-features
 transport udp 2055
 template data timeout 300
 option interface-table timeout 1000
 option exporter-stats timeout 1000
!
!
flow monitor FLOW1
 description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
 exporter NetQos
 statistics packet protocol
 record FLOW-RECORD

 

####################

for the interfaces

 

ip flow monitor FLOW1 input
 ip flow monitor FLOW1 output

View solution in original post

4 Replies 4

GRANT3779
Spotlight
Spotlight

You will need to create a flow record attach that to the flow monitor for Flexible Netflow.

 

Because you are exporting to Solarwinds is will be worth following link below as the match records will most likely be the ones the exporter is expecting. I have had to create slightly different records depending on wat I was exporting to (Solarwinds, Stealthwatch..)

 

https://support.solarwinds.com/Success_Center/Netflow_Traffic_Analyzer_(NTA)/Example_NetFlow_Config_-_Cisco_3850_IOS_XE

 

Configure your record which is the info you are collecting and sending to the exporter.

Configure the Exporter (which I think you have already)

Tie them together with the Flow Monitor.

Apply to Interface.

 

Hopefully helps or at least points you in direction you need to go.

Thanks

Thank you Grant, this was most helpful!

Mark Malone
VIP Alumni
VIP Alumni

Heres a working one form my 4331s , just add in your destination and source and the vrf and under any interface you wnat monitored add the input /output

 

flow record FLOW-RECORD
 description record to monitor network traffic
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 match interface output
 collect routing source as
 collect routing destination as
 collect routing next-hop address ipv4
 collect transport tcp flags
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter NetQos
 description export Netflow traffic to HQ
 destination X.X.X.X
 source X
 output-features
 transport udp 2055
 template data timeout 300
 option interface-table timeout 1000
 option exporter-stats timeout 1000
!
!
flow monitor FLOW1
 description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
 exporter NetQos
 statistics packet protocol
 record FLOW-RECORD

 

####################

for the interfaces

 

ip flow monitor FLOW1 input
 ip flow monitor FLOW1 output

Thank you Mark, this was most helpful!

Review Cisco Networking for a $25 gift card