Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
913
Views
0
Helpful
2
Replies

Neflow on 3560G with 15.0 Image

gammatel1
Level 1
Level 1

‎10-24-2012 02:44 AM - edited ‎03-03-2019 06:48 AM

I am trying to collect Netflow statistics on a C3560G running IOS IP Services 15.0(2)SE. From the documentation it seems I should use Flexible Netflow and these commands are supported. However, no entries appear in the flow caches.

All interfaces are configured as layer 2 except for the SVI - vlan11. Does anyone have experience enabling any Netflow collection (original or the Flexible type) for a 3560 with a newer version of IOS such as this?

This is the configuration I have applied to capture flows:

flow monitor FLOW-MONITOR-INPUT

description Input Original IPV4 Monitor

record netflow ipv4 original-input

flow monitor FLOW-MONITOR-OUTPUT

description Output Original IPV4 Monitor

record netflow ipv4 original-output

int vlan11

ip flow monitor FLOW-MONITOR-INPUT input

ip flow monitor FLOW-MONITOR-OUTPUT output

MLS003-LAN-TMH#show flow monitor FLOW-MONITOR-INPUT cache

  Cache type:                               Normal

  Cache size:                                 4096

  Current entries:                               0

  High Watermark:                                0

  Flows added:                                   0

  Flows aged:                                    0

    - Active timeout      (  1800 secs)          0

    - Inactive timeout    (    15 secs)          0

    - Event aged                                 0

    - Watermark aged                             0

    - Emergency aged                             0

There are no cache entries to display.

Labels:
0 Helpful
2 Replies 2

neharris
Level 1
Level 1

‎02-08-2014 05:41 PM

Pretty old message to post a reply to but I will regardless.  I've been messing around with this intermittently for quite a while but am just now making an effort to either succeed or close it out.

I'm seeing mixed comments on the web on whether this is supported or not. 

Clearly straight netflow is not avail on 3560G  =>v15 

NBAR is not

....But is FNF or FLT?

Obviously the software packages that can poll for the data work fine, but those waiting on unsolicited netflow (like scrutinizer) from the switches are not working.  Seems to be sending the template data (format/layout) but not the actual data.


Cisco3560# sho flow exporter statistics
Flow Exporter LIVEACTION:
  Packet send statistics (last cleared 41w3d ago):
    Successfully sent:         0                     (0 bytes)

Flow Exporter export-to-scrutinizer:
  Packet send statistics (last cleared 41w3d ago):
    Successfully sent:         167810                (180109148 bytes)
    Adjacency failure:         6                     (5876 bytes)
    No destination address:    3                     (3250 bytes)

  Client send statistics:
    Client: Option options interface-table
      Records added:           1605991
        - sent:                1605910
        - failed to send:      81
      Bytes added:             160599100
        - sent:                160591000
        - failed to send:      8100

    Client: Option options exporter-statistics
      Records added:           148
        - sent:                148
      Bytes added:             4144
        - sent:                4144

    Client: Option options sampler-table
      Records added:           0
      Bytes added:             0

    Client: Flow Monitor scrutinizer-monitor
      Records added:           0
      Bytes added:             0

Flow Exporter export-to-manageengine:
  Packet send statistics (last cleared 41w3d ago):
    Successfully sent:         7295944               (9756852122 bytes)
    Adjacency failure:         60419                 (77889958 bytes)
    No destination address:    3                     (3250 bytes)

  Client send statistics:
    Client: Option options interface-table
      Records added:           1600843
        - sent:                1585740
        - failed to send:      15103
      Bytes added:             160084300
        - sent:                158574000
        - failed to send:      1510300

    Client: MMON EXPORTER GROUP MMON-EXP-1
      Records added:           0
      Bytes added:             0

    Client: MMON EXPORTER GROUP MMON-EXP-2
      Records added:           128843485
        - sent:                127827828
        - failed to send:      1015657
      Bytes added:             9276730920
        - sent:                9203603616
        - failed to send:      73127304

Flow Exporter export-to-scrutinizer-FNF:
  Packet send statistics (last cleared 41w3d ago):
    Successfully sent:         0                     (0 bytes)

any thoughts on why

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to neharris

‎02-09-2014 07:07 AM

I've poked at trying to get NetFlow from a couple of L2 and L3 switches and never had any success. The documentation is very confusing and misleading and the commands' effect seems to vary per hardware platform even within a given image.

I see you appear to have been trying to use LiveAction some or at least their template. From the demo they have, it appears to be possible to do it using a 2960X. I didn't have one of those in my lab but I can say the same commands on a 3650 (yes the new 3650 - not the older 3560 models) switch did not work.

The conclusion I ended up coming to was to just target a router or an ASA firewall as the better source of Netflow data and use that as your source.

If Cisco (or anyone) were to publish a how-to guide - Configuring Netflow on L2/L3 switches - it would be a very welcome addition to the body of knowledge.

0 Helpful
Customers Also Viewed These Support Documents