Re: Hi James,Thanks for your

A Stevens · ‎10-09-2015

Hi All,

I hope someone can shed some light on my problem :)

The Situation is as follow: We have a Cisco Switch (WS-C3650-24TS) and configured netflowV9 on it.
It should export the cache every 60sec to the some collector ( we will use PRTG from Paessler).
The netflow is by the server where PRTG is running on, but somehow it has no volume see screenschot.

Paessler said this:

We did notice something very important in the Netflow Tester results.
The crucial point are the '-1' numbers at the end of each line.
The last number for each decoded flow is its volume. -1 is no volume at all.
So while the Netflow Tester (and PRTG as well) do get source & destination information, the traffic actually has no volume.
Thus the sensor stays grey, as it needs a volume to start working at all.

They say that they dont know the right configuration for every Vendor, so thats why I post it here.
The question is why the volume keeps on -1 and how to fix this?

Here the netflow configuration of the Switch

>flow record ipv4_record
>match ipv4 protocol
>match ipv4 source address
>match ipv4 destination address
>match transport source-port
>match transport destination-port
>match interface input
>collect transport tcp flags
>collect interface output
>collect counter packets long
>collect counter bytes layer2 long
>!
>!
>flow exporter PRTG
>destination 172.16.x.x
>source Vlan101
>transport udp 2055
>!
>!
>flow monitor MAIN_MONITOR
>exporter PRTG
>cache timeout active 60
>record ipv4_record
>

>interface GigabitEthernet1/0/19
>ip flow monitor MAIN_MONITOR input

fbsdkernel · ‎10-10-2015

Hi,

I've not configured this as such on a 3650, however, this is a snippet of the configuration I have used with PRTG and now with manageengine on a 7600 and an NPE-G2:-

mls aging long 64
mls aging normal 32
mls flow ip interface-full
mls flow ipv6 interface-full
mls nde sender version 5
mls sampling packet-based 1024 16000

ip flow-export source Loopback0
ip flow-export version 5 origin-as
ip flow-export destination (IP OF SMAPLER DEVICE HERE) 9996


interface GigabitEthernet1/1
 description Transit: provider name
 ip flow ingress
 mls netflow sampling
!

interface GigabitEthernet1/2
 description Core: Internal core link
 ip flow ingress
 mls netflow sampling
!

Hope this helps

James

A Stevens · ‎10-13-2015

Hi James,

Thanks for your reply, however I could not use the version 5 command and I could not get this working. But I decided to configure netflow on the 2921 router in front and it works.

Even if I make a own record-template with match and flow it works.

Notice I used the record netflow-original which the switch didnt have only the wireless template.

==Snip Switch ==

pco1-ven1-swi1(config-flow-monitor)#record ?
ipv4_record User defined
wireless Templates for Wireless Traffic

==Snip Switch END==

==Snip Router==

flow exporter PRTG
destination 172.16.x.x
source BVI101
transport udp 9996
!
!
flow monitor MAIN_MONITOR
exporter PRTG
cache timeout active 60
record netflow-original

==Snip Router END==

If there is anybody, that knows the cause of 'no volume sending within the netflow' , from a switch WS-C3650-24TS, or any other switch.

Let me know :)

Ibrahim Khatib · ‎07-18-2018

Hi A Stevens. I have the exact sane problem here. What did you end up doing as a workaround exactly?

You said "Even if I make a own record-template with match and flow it works."

Flexible Netflow has no Volume