Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
0
Helpful
4
Replies

SPAN on 2960 Switch with 1841 Router as destination

Go to solution
acisco
Level 1
Level 1

‎09-27-2018 09:29 PM

Anyone able to get this working before? My output packet numbers on the 2960 vs input on the 1841 are very different. Basically I'm trying to use that SPAN traffic for NetFlow running on that 1841 router. Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8
In response to acisco

‎09-28-2018 01:25 AM

Hi,

Your setup is not going to work. Router cannot use spanned traffic to create sessions. You will only be able to create netflow sessions for  traffic destined for the roter's address or going through the router.

If you want to use spanned traffic, you will need to send this traffic to the netflow application (if it supports spanned traffic)( i.e. netflow server interface connected to span destination port on switch)

**Please rate posts you find helpful**

View solution in original post

0 Helpful
4 Replies 4

Go to solution
johnd2310
Level 8
Level 8

‎09-27-2018 11:09 PM

Hi,

What are you trying to achieve? Netflow on the 1841 will export flow data of traffic processed by the router. Span is replicating traffic seen on an interface/vlan. Please give us more details on what your trying to configure.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
acisco
Level 1
Level 1
In response to johnd2310

‎09-28-2018 01:00 AM

Hi John. I previously made a thread here: https://community.cisco.com/t5/network-management/can-t-get-span-to-work-with-netflow/td-p/3711480 

Basically I'm trying to mirror user traffic to the SPAN destination port connected to the router with NetFlow, so it will create NetFlow export packets from this replicated traffic to then be sent to a collector afterwards.

 

I seem to have localized the issue down a bit to SPAN. So I thought I would ask first if a router's port can actually use mirrored traffic from SPAN which is a bit unusual (usually you would use a host e.g. with Wireshark). This doesn't seem to be the case if I check the interface statistics. It's being done in this way due to unique constraints (I only have a small amount of access to the network).

 

The issue is that flows aren't being created from this mirrored traffic. I have verified that flows are created with anything that isn't mirrored e.g. if I a ping or Telnet to/from the router. I'm wondering if what I'm trying to achieve is possible. Thanks for any input you can give me.

0 Helpful

Go to solution
johnd2310
Level 8
Level 8
In response to acisco

‎09-28-2018 01:25 AM

Hi,

Your setup is not going to work. Router cannot use spanned traffic to create sessions. You will only be able to create netflow sessions for  traffic destined for the roter's address or going through the router.

If you want to use spanned traffic, you will need to send this traffic to the netflow application (if it supports spanned traffic)( i.e. netflow server interface connected to span destination port on switch)

**Please rate posts you find helpful**
0 Helpful

Go to solution
acisco
Level 1
Level 1
In response to johnd2310

‎09-28-2018 01:40 AM

I see, that's what I was afraid of. Thank you very much for clearing that up.

 

I will have to use a PC as the SPAN destination with some sort of NetFlow probe/converter instead and then send the NetFlow data from that to the collector.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card