cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3683
Views
10
Helpful
11
Replies

Netflow Monitor not working on 3850

sysad43
Level 1
Level 1

Cisco IOS XE Software, Version 16.06.04
Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.6.4, RELEASE SOFTWARE (f
c3)

 

Hey all. Ive looked through a lot of posts, but didnt see any that helped me. Ive configured records, monitor, exporter and applied to interface on a 3850. But when I check monitor statistics, its 0

 

 

 

r3#show flow monitor tfb statistics
Cache type: Normal (Platform cache)
Cache size: 10000
Current entries: 0

Flows added: 0
Flows aged: 0

------

Here is the config, which I copied from a 3650 where its working.

------

flow record tfb
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter whatsup01
destination 10.5.200.68
transport udp 9999
!
!
flow monitor tfb
exporter whatsup01
cache timeout active 60
record tfb

...

interface TenGigabitEthernet1/0/12
description uplink-r1
switchport mode trunk
ip flow monitor tfb input
spanning-tree portfast disable
ip nbar protocol-discovery

 

Any idea what Ive done wrong?

11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

here is the config for 3850 ( but your post also mentioned 3650 - not sure what version)

 

here is 3850 config 

 

 

flow record tfb
match ipv4 version
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
collect counter bytes layer2 long
!
!
flow exporter whatsup01
destination 10.5.200.68
source VlanXX
transport udp 9999
!
!
flow monitor tfbmonitor   <--change to monitor
exporter whatsup01
cache timeout active 60
record tfb

...

interface TenGigabitEthernet1/0/12      <--- i was not sure it support Trunk port never tested
description uplink-r1
switchport mode trunk
ip flow monitor tfb input
spanning-tree portfast disable
ip nbar protocol-discovery

 

Any L3 / L2 intercace works 


interface interface XX 
ip flow monitor tfbmonitor input  <<--- <--change to monitor

 

Test and Advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks, but no change. Still nothing in the flow monitor. The 3650 I mentioned is also flexible netflow 9, but running ios Version 03.03.05SE. I copied the netflow config from there, where it works.

So this proves that "Cisco IOS XE Software, Version 16.06.04" not working in this version ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

natuan
Level 1
Level 1

Hi there,

 

This is my configuration on C3850, I use PRTG to monitor netflow.

!

flow record test-record
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
collect counter bytes long
collect timestamp absolute first
collect timestamp absolute last
!
flow exporter test-export
destination x.x.x.x
source GigabitEthernet1/0/2
transport udp 2055
template data timeout 60
!
flow monitor test-monitor
exporter test-export
cache timeout active 60
record test-record
!
interface GigabitEthernet1/0/2
description >>>
no switchport
ip flow monitor test-monitor input
ip address a.b.c.d

 

Hope this help.

Almost exactly my setup, so it should work, but still no. Im not sure whats wrong.

Can you post show version. Full config (removing any confidential to look).

 

Do you have QoS Enabled ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

QOS is enabled

show run
r3#show run
Building configuration...

Current configuration : 8255 bytes
!
! Last configuration change at 08:45:51 EDT Wed Apr 10 2019
!
version 16.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

!
no aaa new-model
clock timezone est -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3850-12xs
!
!
!
!
ip routing
!
!
ip nbar http-services
!
!
!
!
!
!
!
!
!
!
flow record tfbrecord
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match ipv4 version
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
collect timestamp absolute last
!
!
flow exporter whatsup01
destination a.b.c.d
source Vlan1
transport udp 9999
!
!
flow monitor tfbmonitor
exporter whatsup01
cache timeout active 60
record tfbrecord
!
!
crypto
!
!
crypto pki certificate
quit
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
username
!
redundancy
mode sso
!
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
speed 1000
negotiation auto
!
interface TenGigabitEthernet1/0/1
description rubrik
switchport access vlan 200
switchport mode access
spanning-tree portfast disable
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/2
description rubrik
switchport access vlan 200
switchport mode access
spanning-tree portfast disable
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/3
description rubrik
switchport access vlan 200
switchport mode access
spanning-tree portfast disable
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/4
description rubrik
switchport access vlan 200
switchport mode access
spanning-tree portfast disable
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/5
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/6
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/7
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/8
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/9
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/10
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/11
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/0/12
description uplink-r1
switchport mode trunk
ip flow monitor tfbmonitor input
spanning-tree portfast disable
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/1
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/2
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/3
ip nbar protocol-discovery
!
interface TenGigabitEthernet1/1/4
ip nbar protocol-discovery
!
interface Vlan1
ip address
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 180 requests 25
ip http session-idle-timeout 600
ip routes
!
!
logging trap errors
logging host
!
!
snmp-server community
!
control-plane
service-policy input system-cpp-policy
!
!

!
ntp logging

!
mac address-table notification mac-move
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

show ver

r3#show ver
Cisco IOS XE Software, Version 16.06.04
Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.6.4, RELEASE SOFTWARE (f
c3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Sun 08-Jul-18 02:57 by mcpre


Cisco IOS-XE software, Copyright (c) 2005-2018 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.


ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 3.58, RELEASE SOFTWARE (P)

r3 uptime is 25 weeks, 2 days, 2 minutes
Uptime for this control processor is 25 weeks, 2 days, 5 minutes
System returned to ROM by Power Failure or Unknown
System image file is "flash:packages.conf"
Last reload reason: Power Failure or Unknown



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.


Technology Package License Information:

-----------------------------------------------------------------
Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
ipbasek9 Permanent ipbasek9

cisco WS-C3850-12XS (MIPS) processor (revision L0) with 853093K/6147K bytes of memory.
Processor board ID
1 Virtual Ethernet interface
16 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
253984K bytes of Crash Files at crashinfo:.
3334464K bytes of Flash at flash:.
0K bytes of WebUI ODM Files at webui:.



Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 16 WS-C3850-12XS 16.6.4 CAT3K_CAA-UNIVERSALK9 INSTALL


Configuration register is 0x102

As suggested my other post, can you move the config from Trunk port to different L2 or L3 port and test and advise.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sorry, I did try that, but still no change. Time for a TAC?

engineer467
Level 1
Level 1

Hello.

Did you find a solution to this problem?

 

No, but another admin took over and had done a bunch since then. Ive moved on.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: