09-26-2017 11:08 AM - edited 03-01-2019 06:09 PM
Community,
Im having issues setting up Netflow on a 4431 ISR that runs IOS-XE. The Configs are very different from what im used to on regular IOS that used to be pretty straight forward. Can someone help me with the config? None of the online materials are making sense. Here is the situation:
I want to send Netflow statistics from the G0/0/0 and G0/0/1 interfaces both ingress and egress to my Solarwinds server at 10.134.193.73. I want the netflow traffic to be sent over the managment interface that is in VRF "Mgmt-intf"to the Solarwinds server. Here is what I have so far on the config:
QTS-BORDER-1B#show ver
Cisco IOS XE Software, Version 03.16.06.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S6, RELEASE SOFTWARE (fc3)
vrf definition Mgmt-intf
!
interface GigabitEthernet0
description Mgmt Intf
vrf forwarding Mgmt-intf
ip address 10.110.255.15 255.255.255.0
negotiation auto
no mop enabled
!
ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.110.255.18
!
flow exporter Solarwinds
destination 10.134.193.73 vrf Mgmt-intf
source GigabitEthernet0
export-protocol netflow-v5
!
!
flow monitor Netflow
exporter Solarwinds
However when I try to apply the monitor to the interface I get the following error:
QTS-BORDER-1B(config-if)#ip flow monitor Netflow input
% Flow Monitor: Failed to add monitor to interface: The monitor does not have a valid record
The management interface is able to reach the solarwinds server.
QTS-BORDER-1B#ping vrf Mgmt-intf 10.134.193.73
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.134.193.73, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Solved! Go to Solution.
09-27-2017 04:38 AM
Heres a working one form my 4331s , just add in your destination and source and the vrf and under any interface you wnat monitored add the input /output
flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination X.X.X.X
source X
output-features
transport udp 2055
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor FLOW1
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
exporter NetQos
statistics packet protocol
record FLOW-RECORD
####################
for the interfaces
ip flow monitor FLOW1 input
ip flow monitor FLOW1 output
09-27-2017 01:49 AM
You will need to create a flow record attach that to the flow monitor for Flexible Netflow.
Because you are exporting to Solarwinds is will be worth following link below as the match records will most likely be the ones the exporter is expecting. I have had to create slightly different records depending on wat I was exporting to (Solarwinds, Stealthwatch..)
Configure your record which is the info you are collecting and sending to the exporter.
Configure the Exporter (which I think you have already)
Tie them together with the Flow Monitor.
Apply to Interface.
Hopefully helps or at least points you in direction you need to go.
Thanks
09-27-2017 07:59 AM
09-27-2017 04:38 AM
Heres a working one form my 4331s , just add in your destination and source and the vrf and under any interface you wnat monitored add the input /output
flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination X.X.X.X
source X
output-features
transport udp 2055
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor FLOW1
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
exporter NetQos
statistics packet protocol
record FLOW-RECORD
####################
for the interfaces
ip flow monitor FLOW1 input
ip flow monitor FLOW1 output
09-27-2017 07:59 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide