Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

FNF (Netflow) Not getting TCP/UDP ports or interfaces

bnidacoc
Level 1
Level 1

‎05-24-2016 08:14 AM - edited ‎03-08-2019 05:55 AM

I wanted to get FNF working with Top-N local capability.

Documentation seems to be scattered about on different platforms and different conf-guides/command references. Below is what I've managed to piece together into a configuration for my hardware.


Hardware is:

WS-C4506-E ,WS-X45-SUP8-E, WS-X4748-UPOE+E

Software is:

Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500es8-UNIVERSALK9-M), Version 03.07.02.E RELEASE SOFTWARE (fc1)

License Information for 'WS-X45-SUP8-E'
License Level: entservices Type: Permanent
Next reboot license Level: entservices

ROM: 15.1(1r)SG5

No VSS, no ISE, nothing fancy, nothing which we haven't been doing on various 4500 platforms for over 10 years (except FNF with Top-N). Routing protocol is EIGRP (which is working as we expect).

If I issue a " show flow monitor FLOW-MONITOR1 cache", all flows have "0" for the source and destination port and all flows have "Null" as both the input and output interface.

What am I getting wrong?

T4-CommRm-4506# show flow monitor FLOW-MONITOR1 cache aggregate interface input
Processed 950 flows
Aggregated to 1 flow

INTF INPUT flows bytes long pkts long
==================== ========== ==================== ====================
Null 950 30151231 52493

T4-CommRm-4506# show flow monitor FLOW-MONITOR1 cache aggregate interface output
Processed 950 flows
Aggregated to 1 flow

INTF OUTPUT flows bytes long pkts long
==================== ========== ==================== ====================
Null 950 59691386 89772

T4-CommRm-4506# show flow monitor FLOW-MONITOR1 cache aggregate transport destination-port
Processed 950 flows
Aggregated to 1 flow

TRNS DST PORT flows bytes long pkts long
============= ========== ==================== ====================
0 950 18972230 35366

T4-CommRm-4506# show flow monitor FLOW-MONITOR1 cache aggregate transport sou
Processed 950 flows
Aggregated to 1 flow

TRNS SRC PORT flows bytes long pkts long
============= ========== ==================== ====================
0 950 44384018 74679

T4-CommRm-4506#
T4-CommRm-4506# show flow monitor FLOW-MONITOR1 cache format table
Cache type: Normal
Cache size: 1000
Current entries: 950
High Watermark: 1000

Flows added: 23807353
Flows aged: 23806403
- Active timeout ( 60 secs) 0
- Inactive timeout ( 60 secs) 0
- Event aged 0
- Watermark aged 14408202
- Emergency aged 9398201

IPV4 SRC ADDR IPV4 DST ADDR TRNS SRC PORT TRNS DST PORT IP DSCP IP PROT intf input intf output bytes long pkts long time first time last
=============== =============== ============= ============= ======= ======= ==================== ==================== ==================== ==================== ============ ============
192.232.17.192 10.15.14.104 0 0 0x00 0 Null Null 70 1 11:03:59.083 11:03:59.083
10.5.10.119 10.15.20.131 0 0 0x00 0 Null Null 23742 122 11:03:59.083 11:04:01.367
10.15.14.171 10.7.11.65 0 0 0x00 0 Null Null 56952 87 11:03:59.083 11:04:00.223

[CUT]

Config:

flow record FLOW-RECORD1
match ipv4 dscp
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow monitor FLOW-MONITOR1
cache timeout inactive 60
cache timeout active 60
cache entries 1000
record FLOW-RECORD1



vlan configuration 1,8,12,14,20,22,30-32,112,114-115,120,122,253,501,503
ip flow monitor FLOW-MONITOR1 input

vlans for local lans of users/ipphones and such.

...and my physical routed interfaces....

interface TenGigabitEthernet1/7
description [REMOVED]
no switchport
ip flow monitor FLOW-MONITOR1 input
ip address [REMOVED] 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim sparse-dense-mode
ip summary-address eigrp [REMOVED] 255.255.0.0
logging event link-status
logging event nfas-status
logging event trunk-status
auto qos trust
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
!
interface TenGigabitEthernet1/8
description [REMOVED]
no switchport
ip flow monitor FLOW-MONITOR1 input
ip address [REMOVED] 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip pim sparse-dense-mode
ip summary-address eigrp [REMOVED] 255.255.0.0
logging event link-status
logging event nfas-status
logging event trunk-status
auto qos trust
service-policy input AutoQos-4.0-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

2 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic