Solved: 1-Can we use Mgmt Pot in Netflow..?? 2-Can we use Mgmt Port in SNMP without removing existing in...

ehtesham.ahmed1 · ‎07-27-2020

1-Can we use int Mgmt Pot in Netflow instead of interface gig 1/0/0...?

flow exporter EXPORTER-1
destination 172.16.10.2
transport udp 90
exit

flow record v4_r1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long

flow monitor FLOW-MONITOR-1
record v4_r1
exporter EXPORTER-1

ip cef
!
interface GigabitEthernet1/0/0
ip address 172.16.6.2 255.255.255.0
ip flow monitor FLOW-MONITOR-1 input

2-Can we use int Mgmt Port in SNMP without removing existing interface GigabitEthernet0/0/0 ..??

snmp-server group VODAGYAN_CPE v3 auth read myview
snmp-server group VODAVISTA_CPE v3 auth read myview
snmp-server view myview mib-2 included
snmp-server trap link ietf
snmp-server trap-source GigabitEthernet0/0/0

Georg Pauwen · ‎07-27-2020

Hello,

which platform and IOS do you have ? I think in IOS-XE, Netflow is not supported on MGMT ports.

View solution in original post

Georg Pauwen · ‎07-27-2020

Hello,

which platform and IOS do you have ? I think in IOS-XE, Netflow is not supported on MGMT ports.

ehtesham.ahmed1 · ‎07-27-2020

Router:- ISR4451-X/K9

IOS :- isr4400-universalk9.16.12.04.SPA.bin... ... Cisco IOS XE Gibraltar 16.12.X

Georg Pauwen · ‎07-27-2020

You are running XE, so you cannot use the Management port for Netflow. You need to use another port...

ehtesham.ahmed1 · ‎07-27-2020

Please guide me on which IOS can we use for Netflow MGMT port..??

ehtesham.ahmed1 · ‎07-27-2020

Can we use int Mgmt Port in SNMP without removing existing interface GigabitEthernet0/0/0 ..??

snmp-server group VODAGYAN_CPE v3 auth read myview
snmp-server group VODAVISTA_CPE v3 auth read myview
snmp-server view myview mib-2 included
snmp-server trap link ietf
snmp-server trap-source GigabitEthernet0/0/0

---------------

Router:- ISR4451-X/K9

IOS :- isr4400-universalk9.16.12.04.SPA.bin...Cisco IOS XE Gibraltar 16.12.X

Georg Pauwen · ‎07-27-2020

Hello,

that shouldn't be a problem.

Georg Pauwen · ‎07-27-2020

Hello,

there is no way to use the MGMT port as source for Netflow. The workaround is to create a loopback interface and source from there...

ehtesham.ahmed1 · ‎07-27-2020

Thanks..
Can you please share the config so I can deploy in the Router..

Georg Pauwen · ‎07-27-2020

Hello,

in theory, you should just be able to replace the physical with the loopback interface:

interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip flow monitor FLOW-MONITOR-1 input

ehtesham.ahmed1 · ‎07-27-2020

Thank you so much for your reply...

Can you please share the link of Cisco's best Security Practice for the Router...

1-Can we use Mgmt Pot in Netflow..?? 2-Can we use Mgmt Port in SNMP without removing existing interface..??