12-07-2011 06:38 AM
Dear Mister
I have a 7204VXR Router, with Neflow.
The collection for all interfaces is ok, but one interface (Gigabitethernet 1/0), is not showing the egress traffic in the pictures.
The configuration has "ip route-cache flow", ip flow egress, and ip flow ingress set. But, is not showing the egress traffic.
Will be a bug???
Or the ifindex is falling. The interface description is send in the flow packet??
Best Regards
Solved! Go to Solution.
12-08-2011 10:57 PM
Hi Rodrigo,
Do a "sh ip cache flow" and check if the Gi1/0 is present under the output interface field or if you see NULL. If it is present, you may want to troubleshoot the flow collector and if it shows NULL, the reason could be any of the below:
1. The packets are blocked by an ACL.
2. The packets are process switched. This could be because the feature is not supported by CEF or fast switching. Do a "show int stats" to distinguish between data being process switched instead of cef/fast switched. Also, check "show cef interface" and "show ip interface" to check if CEF is disabled or packets are being punted/dropped due to an unsupported feature configured.
3. Multicast traffic.
4. Packets destined for the router.
5. Tunnels (IPIP, GRE, IPSEC, L2TP) & WCCP.
6. Static route to null0 - e.g. ip route 10.1.0.0 255.255.0.0 Null0
7. Dropped by CAR-QoS.
Regards,
Don Thomas Jacob
NOTE: Please rate posts and close questions if your query has been answered
12-08-2011 12:06 PM
Are you exporting Netflow v9 to your NF collector?
If so, do a packet capture of the NF export from the 7204 to your collector. What do the Direction field show, in the packets concerning g1/0? Are they 0 or 1, or a mix of both? The 1s would be the "ip flow egress" exports.
12-08-2011 10:57 PM
Hi Rodrigo,
Do a "sh ip cache flow" and check if the Gi1/0 is present under the output interface field or if you see NULL. If it is present, you may want to troubleshoot the flow collector and if it shows NULL, the reason could be any of the below:
1. The packets are blocked by an ACL.
2. The packets are process switched. This could be because the feature is not supported by CEF or fast switching. Do a "show int stats" to distinguish between data being process switched instead of cef/fast switched. Also, check "show cef interface" and "show ip interface" to check if CEF is disabled or packets are being punted/dropped due to an unsupported feature configured.
3. Multicast traffic.
4. Packets destined for the router.
5. Tunnels (IPIP, GRE, IPSEC, L2TP) & WCCP.
6. Static route to null0 - e.g. ip route 10.1.0.0 255.255.0.0 Null0
7. Dropped by CAR-QoS.
Regards,
Don Thomas Jacob
NOTE: Please rate posts and close questions if your query has been answered
12-12-2011 11:08 AM
Thank you Tomas
OK, I am working now.
But, I have a doubt. The name of description must to be the same in the Router interface and the netflow analyzer?
Best Regards
12-12-2011 10:46 PM
Hi Rodrigo,
Yes, NetFlow collector products can retrieve the interface name, alias or description and most of them depend on SNMP for this. Configure the SNMP parameters of your router on your flow collector and try to retrieve the interface name or description as per your requirements. For eg. ManageEngine NetFlow Analyzer has an 'edit' icon near a router name/IP Address from where you can set SNMP parameters. The same way, each product may have its own settings.
Regards,
Don Thomas Jacob
NOTE: Please rate posts and close questions if your query has been answered
09-07-2017 09:44 PM
Hello All,
I have got a problem. Netflow Egress is not exporting flows on my physical interface which is a source for a IPsec GRE tunnel. Ingress flow is working fine.
Can someone please help to advise on this?
Regards,
Godwin. S
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide