cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Who Me Too'd this topic

ISR 4431, 4-port NIM and Flexible Netflow on VLAN interface

theamberlion
Level 1
Level 1

Hello supportforums!
Got a Cisco ISR 4431 SEC-K9

ISR#show version
Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
System image file is "bootflash:isr4400-universalk9.03.16.04b.S.155-3.S4b-ext.SPA.bin"

with  a NIM-ES2-4

  module installed

 

All 4 interfaces of that module are configured in access mode in a VLAN 23, up and running.

I configured FNF on the router, those are configurations for flow records:

ISR#show flow record NETFLOW
flow record NETFLOW:
  Description:        User defined
  No. of users:       1
  Total field space:  55 bytes
  Fields:
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    match transport tcp source-port
    match transport tcp destination-port
    match transport udp source-port
    match transport udp destination-port
    match interface input
    match flow direction
    match application name
    collect interface output
    collect counter bytes
    collect counter packets
    collect connection initiator
    collect connection client ipv4 address
    collect connection client transport port
    collect connection server ipv4 address
    collect connection server transport port

ISR# show flow record NETFLOW_OUT
flow record NETFLOW_OUT:
  Description:        User defined
  No. of users:       1
  Total field space:  55 bytes
  Fields:
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    match transport tcp source-port
    match transport tcp destination-port
    match transport udp source-port
    match transport udp destination-port
    match interface output
    match flow direction
    match application name
    collect interface input
    collect counter bytes
    collect counter packets
    collect connection initiator
    collect connection client ipv4 address
    collect connection client transport port
    collect connection server ipv4 address
    collect connection server transport port

which are bound to flow monitors:

ISR#show run flow monitor NETFLOW
Current configuration:
!
flow monitor NETFLOW
 exporter PRTG
 cache timeout inactive 60
 cache timeout active 60
 cache timeout update 60
 record NETFLOW
!
ISR#show run flow monitor NETFLOW_OUT
Current configuration:
!
flow monitor NETFLOW_OUT
 exporter PRTG
 cache timeout inactive 60
 cache timeout active 60
 cache timeout update 60
 record NETFLOW_OUT
!

using the same exporter.

Now i have that VLAN 23 interface on which i apply flow monitors on both directions:

ISR#show run int vlan 23
Building configuration...

Current configuration : 196 bytes
!
interface Vlan23
 description -----
 ip address 172.16.23.102 255.255.255.0
 ip nat inside
 ip flow monitor NETFLOW input
 ip flow monitor NETFLOW_OUT output
 ip virtual-reassembly
end


THe problem is that there are no entries when i run:

ISR#show flow monitor NETFLOW_OUT cache format table 
  Cache type:                               Normal (Platform cache)
  Cache size:                               200000
  Current entries:                               0

  Flows added:                                   0
  Flows aged:                                    0

There are no cache entries to display.


I understand that if that were configured on physical interface, it would be working, as on our other ISR 4321 routers, even with one flow record and monitor, i just decided to go with separated records and monitors, just to check if it works for me.

The question: is it possible to configure both input and output netflow on VLAN interface, or a router worth 14000$ is not capable to do such a thing?

 

Who Me Too'd this topic