Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1635
Views
0
Helpful
5
Replies

Netflow not exporting after powering switches back up

WallaceVanDunk1494
Level 1
Level 1

‎03-02-2020 04:56 PM

I have a 3750G and 3750X which were both running Netflow and exporting to PRTG fine.  I recently powered them down and changed some interface configurations around, renamed both switches (basically I'm using the 3750x as a core switch now instead of an access switch).  Everything works fine, except netflow doesn't seem to export at all now.  I made no changes to the netflow configuration at all.  I've turned terminal monitor on and run "debug ip flow", "debug ip flow cache" and "debug ip flow non-forwarded" on both switches and I get nothing in the CLI.  Here's some example output from one of the switches:

 

#do sh ip flow export
Flow export v1 is enabled for main cache
  Export source and destination details : 
  VRF ID : Default
    Source(1)       10.8.255.2 (Loopback1)
    Destination(1)  10.5.7.172 (9997) 
  Version 1 flow records
  0 flows exported in 0 udp datagrams
  0 flows failed due to lack of export packet
  0 export packets were sent up to process level

#do sh flow export stat
Flow Exporter NetFlow-To-PRTG:
  Packet send statistics (last cleared 00:46:58 ago):
    Successfully sent:         0                     (0 bytes)

  Client send statistics:
    Client: Flow Monitor NetFlow-To-PRTG
      Records added:           0
      Bytes added:             0

#do sh run | s flow
flow record NetFlow-To-PRTG
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match transport tcp source-port
match transport tcp destination-port
match transport tcp flags
flow exporter NetFlow-To-PRTG
destination 10.5.7.172
source Port-channel1
transport udp 9997
flow monitor NetFlow-To-PRTG
record NetFlow-To-PRTG
exporter NetFlow-To-PRTG
cache timeout active 5

ip flow-export source Loopback1
ip flow-export destination 10.5.7.172 9997

Again, I have not changed any of the netflow config, outside of changing the source interfaces a bit just to see if I could get it to work.  I know it's not an IOS version issue because it was running fine before.  I tried running "clear ip cef * prefix" but that didn't seem to help either.

 

I'm kind of at a loss since I didn't touch any of the netflow config when I reconfigured the switches to swap the core and the access switch around.  Any help would be greatly appreciated.  

 

 

Labels:
0 Helpful
5 Replies 5

WallaceVanDunk1494
Level 1
Level 1

‎03-03-2020 05:07 PM

So I've been reading up.  I've tried just about every solution I was able to find from other forums/articles, including changing the export interface to loopback, enabling route-cache, etc.  Still don't have a solution though.

0 Helpful

WallaceVanDunk1494
Level 1
Level 1
In response to WallaceVanDunk1494

‎03-03-2020 05:46 PM

Full config of one of the switches when everything was working

 

!
! Last configuration change at 21:23:23 EST Wed Feb 12 2020 by mvd
! NVRAM config last updated at 21:23:26 EST Wed Feb 12 2020 by mvd
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Asgard-Switch1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt
 !
 address-family ipv4
 exit-address-family
!
logging buffered 100000 informational
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication dot1x default group radius
aaa authorization exec default local none 
!
!
!
!
!
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3750x-24
system mtu routing 1500
!
!
!
!
ip routing
!
!
!
no ip domain-lookup
ip domain-name Bifrost.local
vtp domain MikeNet.com
vtp mode off
!
!
!
!
!
!
flow record NetFlow-To-PRTG
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match transport tcp source-port
 match transport tcp destination-port
 match transport tcp flags
!
!
flow exporter NetFlow-To-PRTG
 destination 10.5.7.172
 transport udp 9997
!
!
flow monitor NetFlow-To-PRTG
 exporter NetFlow-To-PRTG
 cache timeout active 5
 record NetFlow-To-PRTG
!
!
!
archive
 path ftp://10.5.7.35/Asgard-Switch-1
 time-period 1440
!
!
!
dot1x system-auth-control
!
spanning-tree mode rapid-pvst
spanning-tree portfast edge default
spanning-tree portfast edge bpduguard default
spanning-tree extend system-id
spanning-tree vlan 5-7,50,297 priority 28672
spanning-tree vlan 19 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
vlan 5
 name Management
!
vlan 6
 name Access
!
vlan 7
 name Server
!
vlan 30
 name Dev-Env
!
vlan 50
 name Asus-Router-Subnet
!
vlan 297
 name Bornio
!
lldp run
!
! 
!
!
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 10.8.255.2 255.255.255.0
!
interface Port-channel1
 description Bond-To-Asgard-Core
 switchport access vlan 297
 switchport trunk allowed vlan 6,7,30,50
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 297
 switchport mode trunk
!
interface Port-channel2
 description Bond-To-Asgard-1-NAS
 switchport access vlan 7
 spanning-tree portfast edge
!
interface Port-channel3
 description Bond-To-Asgard-2-NAS
 switchport access vlan 7
 spanning-tree portfast edge
!
interface Port-channel4
 description Bond-L3-To-Asgard-Core
 no switchport
 ip address 10.5.255.2 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip ospf dead-interval 3
 ip ospf hello-interval 1
!
interface FastEthernet0
 description Management
 vrf forwarding Mgmt
 ip address 10.5.5.2 255.255.255.0
 no ip route-cache
!
interface GigabitEthernet1/0/1
 description Link-L3-To-Asgard-Core
 no switchport
 no ip address
 channel-group 4 mode active
!
interface GigabitEthernet1/0/2
 description Link-L3-To-Asgard-Core
 no switchport
 no ip address
 channel-group 4 mode active
!
interface GigabitEthernet1/0/3
 shutdown
!
interface GigabitEthernet1/0/4
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/5
 description Mjolnir
 switchport trunk allowed vlan 6,7,30
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 177
 switchport mode trunk
!
interface GigabitEthernet1/0/6
 description S-NETMON1
 switchport access vlan 7
!
interface GigabitEthernet1/0/7
 description Thor
 switchport access vlan 6
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/8
 description ARLO
 switchport access vlan 50
!
interface GigabitEthernet1/0/9
 description S-WINNIX
 switchport access vlan 6
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/10
 description Aesir
 switchport access vlan 7
 spanning-tree portfast edge
!
interface GigabitEthernet1/0/11
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/12
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/13
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/14
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/15
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/16
 description Link-To-Asgard-1-NAS
 switchport access vlan 7
 spanning-tree portfast edge
 channel-group 2 mode active
!
interface GigabitEthernet1/0/17
 description Link-To-Asgard-1-NAS
 switchport access vlan 7
 spanning-tree portfast edge
 channel-group 2 mode active
!
interface GigabitEthernet1/0/18
 description Link-To-Asgard-2-NAS
 switchport access vlan 7
 spanning-tree portfast edge
 channel-group 3 mode active
!
interface GigabitEthernet1/0/19
 description Link-To-Asgard-2-NAS
 switchport access vlan 7
 spanning-tree portfast edge
 channel-group 3 mode active
!
interface GigabitEthernet1/0/20
 description Trunk-To-Asgard-Core
 switchport access vlan 297
 switchport trunk allowed vlan 6,7,30,50
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 297
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/21
 description Trunk-To-Asgard-Core
 switchport access vlan 297
 switchport trunk allowed vlan 6,7,30,50
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 297
 switchport mode trunk
 channel-group 1 mode active
!
interface GigabitEthernet1/0/22
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/23
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/1/2
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/1/3
 switchport access vlan 297
 shutdown
!
interface GigabitEthernet1/1/4
 switchport access vlan 297
 shutdown
!
interface TenGigabitEthernet1/1/1
 switchport access vlan 297
 shutdown
!
interface TenGigabitEthernet1/1/2
 switchport access vlan 297
 shutdown
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan5
 no ip address
!
router ospf 1
 router-id 10.8.255.2
 passive-interface default
 no passive-interface Port-channel4
 network 10.5.255.2 0.0.0.0 area 0
!
ip access-list log-update threshold 1
ip default-gateway 10.5.5.1
ip forward-protocol nd
!
ip flow-export source Loopback1
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.5.255.1
ip route vrf Mgmt 0.0.0.0 0.0.0.0 10.5.5.1
ip route vrf Mgmt 10.5.7.0 255.255.255.0 10.5.255.2
ip ssh version 2
ip scp server enable
!
ip access-list standard Access-ACL
 permit 192.168.50.0 0.0.0.255 log
 permit 10.5.19.0 0.0.0.255 log
 permit 10.5.5.0 0.0.0.255 log
 deny   any log
!
!
logging source-interface FastEthernet0 vrf Mgmt
logging host 10.5.7.172 vrf Mgmt
!
!
!
line con 0
 logging synchronous
line vty 0 4
 access-class Access-ACL in vrf-also
 exec-timeout 120 0
 logging synchronous
 autocommand  terminal monitor
 autocommand-options nohangup
 transport input ssh
line vty 5 15
 access-class Access-ACL in vrf-also
 logging synchronous
 autocommand  terminal monitor
 autocommand-options nohangup
 transport input ssh
!
ntp server 10.5.7.35
ntp server 10.5.7.36
!
end

The only thing different really is I took the vrf off of this one

0 Helpful

WallaceVanDunk1494
Level 1
Level 1
In response to WallaceVanDunk1494

‎03-20-2020 05:05 PM

I still haven't found a solution for this.  Does anyone have any ideas?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to WallaceVanDunk1494

‎03-21-2020 08:52 AM

Thanks for posting the config. My first question is whether the switch is able to access the server where PRTG is running, using loopback interface as the source?

 

I note that the net flow destination address is 10.5.7.172. And I see a route for that subnet

ip route vrf Mgmt 10.5.7.0 255.255.255.0 10.5.255.2

but the route specifies vrf Mgmt and if I understand correctly you have removed that vrf.

HTH

Rick
0 Helpful

WallaceVanDunk1494
Level 1
Level 1
In response to Richard Burts

‎03-23-2020 10:59 AM

Yes I removed the vrf.  I can ping the server from that switch with a source of loopback1 and I can ping from the server to the loopback interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents