10-24-2012 02:44 AM - edited 03-03-2019 06:48 AM
I am trying to collect Netflow statistics on a C3560G running IOS IP Services 15.0(2)SE. From the documentation it seems I should use Flexible Netflow and these commands are supported. However, no entries appear in the flow caches.
All interfaces are configured as layer 2 except for the SVI - vlan11. Does anyone have experience enabling any Netflow collection (original or the Flexible type) for a 3560 with a newer version of IOS such as this?
This is the configuration I have applied to capture flows:
flow monitor FLOW-MONITOR-INPUT
description Input Original IPV4 Monitor
record netflow ipv4 original-input
flow monitor FLOW-MONITOR-OUTPUT
description Output Original IPV4 Monitor
record netflow ipv4 original-output
int vlan11
ip flow monitor FLOW-MONITOR-INPUT input
ip flow monitor FLOW-MONITOR-OUTPUT output
MLS003-LAN-TMH#show flow monitor FLOW-MONITOR-INPUT cache
Cache type: Normal
Cache size: 4096
Current entries: 0
High Watermark: 0
Flows added: 0
Flows aged: 0
- Active timeout ( 1800 secs) 0
- Inactive timeout ( 15 secs) 0
- Event aged 0
- Watermark aged 0
- Emergency aged 0
There are no cache entries to display.
02-08-2014 05:41 PM
Pretty old message to post a reply to but I will regardless. I've been messing around with this intermittently for quite a while but am just now making an effort to either succeed or close it out.
I'm seeing mixed comments on the web on whether this is supported or not.
Clearly straight netflow is not avail on 3560G =>v15
NBAR is not
....But is FNF or FLT?
Obviously the software packages that can poll for the data work fine, but those waiting on unsolicited netflow (like scrutinizer) from the switches are not working. Seems to be sending the template data (format/layout) but not the actual data.
Cisco3560# sho flow exporter statistics
Flow Exporter LIVEACTION:
Packet send statistics (last cleared 41w3d ago):
Successfully sent: 0 (0 bytes)
Flow Exporter export-to-scrutinizer:
Packet send statistics (last cleared 41w3d ago):
Successfully sent: 167810 (180109148 bytes)
Adjacency failure: 6 (5876 bytes)
No destination address: 3 (3250 bytes)
Client send statistics:
Client: Option options interface-table
Records added: 1605991
- sent: 1605910
- failed to send: 81
Bytes added: 160599100
- sent: 160591000
- failed to send: 8100
Client: Option options exporter-statistics
Records added: 148
- sent: 148
Bytes added: 4144
- sent: 4144
Client: Option options sampler-table
Records added: 0
Bytes added: 0
Client: Flow Monitor scrutinizer-monitor
Records added: 0
Bytes added: 0
Flow Exporter export-to-manageengine:
Packet send statistics (last cleared 41w3d ago):
Successfully sent: 7295944 (9756852122 bytes)
Adjacency failure: 60419 (77889958 bytes)
No destination address: 3 (3250 bytes)
Client send statistics:
Client: Option options interface-table
Records added: 1600843
- sent: 1585740
- failed to send: 15103
Bytes added: 160084300
- sent: 158574000
- failed to send: 1510300
Client: MMON EXPORTER GROUP MMON-EXP-1
Records added: 0
Bytes added: 0
Client: MMON EXPORTER GROUP MMON-EXP-2
Records added: 128843485
- sent: 127827828
- failed to send: 1015657
Bytes added: 9276730920
- sent: 9203603616
- failed to send: 73127304
Flow Exporter export-to-scrutinizer-FNF:
Packet send statistics (last cleared 41w3d ago):
Successfully sent: 0 (0 bytes)
any thoughts on why
02-09-2014 07:07 AM
I've poked at trying to get NetFlow from a couple of L2 and L3 switches and never had any success. The documentation is very confusing and misleading and the commands' effect seems to vary per hardware platform even within a given image.
I see you appear to have been trying to use LiveAction some or at least their template. From the demo they have, it appears to be possible to do it using a 2960X. I didn't have one of those in my lab but I can say the same commands on a 3650 (yes the new 3650 - not the older 3560 models) switch did not work.
The conclusion I ended up coming to was to just target a router or an ASA firewall as the better source of Netflow data and use that as your source.
If Cisco (or anyone) were to publish a how-to guide - Configuring Netflow on L2/L3 switches - it would be a very welcome addition to the body of knowledge.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide