06-12-2018 05:20 AM - edited 03-01-2019 06:38 PM
Hello supportforums!
Got a Cisco ISR 4431 SEC-K9
ISR#show version Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1) System image file is "bootflash:isr4400-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin"
with a NIM-ES2-4
module installed
All 4 interfaces of that module are configured in access mode in a VLAN 23, up and running.
I configured FNF on the router, those are configurations for flow records:
ISR#show flow record NETFLOW flow record NETFLOW: Description: User defined No. of users: 1 Total field space: 55 bytes Fields: match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match transport tcp source-port match transport tcp destination-port match transport udp source-port match transport udp destination-port match interface input match flow direction match application name collect interface output collect counter bytes collect counter packets collect connection initiator collect connection client ipv4 address collect connection client transport port collect connection server ipv4 address collect connection server transport port ISR# show flow record NETFLOW_OUT flow record NETFLOW_OUT: Description: User defined No. of users: 1 Total field space: 55 bytes Fields: match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match transport tcp source-port match transport tcp destination-port match transport udp source-port match transport udp destination-port match interface output match flow direction match application name collect interface input collect counter bytes collect counter packets collect connection initiator collect connection client ipv4 address collect connection client transport port collect connection server ipv4 address collect connection server transport port
which are bound to flow monitors:
ISR#show run flow monitor NETFLOW Current configuration: ! flow monitor NETFLOW exporter PRTG cache timeout inactive 60 cache timeout active 60 cache timeout update 60 record NETFLOW ! ISR#show run flow monitor NETFLOW_OUT Current configuration: ! flow monitor NETFLOW_OUT exporter PRTG cache timeout inactive 60 cache timeout active 60 cache timeout update 60 record NETFLOW_OUT !
using the same exporter.
Now i have that VLAN 23 interface on which i apply flow monitors on both directions:
ISR#show run int vlan 23 Building configuration... Current configuration : 196 bytes ! interface Vlan23 description ----- ip address 172.16.23.102 255.255.255.0 ip nat inside ip flow monitor NETFLOW input ip flow monitor NETFLOW_OUT output ip virtual-reassembly end
THe problem is that there are no entries when i run:
ISR#show flow monitor NETFLOW_OUT cache format table Cache type: Normal (Platform cache) Cache size: 200000 Current entries: 0 Flows added: 0 Flows aged: 0 There are no cache entries to display.
I understand that if that were configured on physical interface, it would be working, as on our other ISR 4321 routers, even with one flow record and monitor, i just decided to go with separated records and monitors, just to check if it works for me.
The question: is it possible to configure both input and output netflow on VLAN interface, or a router worth 14000$ is not capable to do such a thing?