Solved: Re: Can't get either switch to export netflow

WallaceVanDunk1494 · ‎08-06-2019

Hello,

I have 2 layer 3 switches - 3750G and 3750X. I have been trying to get netflow to export to PRTG network monitor, but it doesn't seem that either switch is exporting any netflow data at all. Below is what I have tried so far:

flow record NetFlow-To-PRTG

description Record-Network-Traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port

match transport tcp source-port

match transport tcp destination-port

match transport tcp flags

collect interface input snmp

collect interface output snmp

collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last

flow exporter NetFlow-To-PRTG
description Export-Flow-to-PRTG
destination 192.168.x.x

source vlan5
transport udp 9997

flow monitor NetFlow-To-PRTG
description Monitor-PRTG-Flow
record NetFlow-To-PRTG
exporter NetFlow-To-PRTG
cache timeout active 60

sampler PRTG-Sampler

mode random 1 out-of 32

I've also tried without the sampler. I have tried removing the above config and just doing "ip flow ingress" and "egress" on a port, with ip flow-export source and export destination global config commands, using port 9991 and also 9997, but the output of the "show ip flow export" command shows nothing. Route-cache is enabled on interface, cef is enabled globally and I purposely configured it on the interface. Vlan 5 is my management vlan but I've tried every source I could think of including creating a loopback. Also it appears that I can only apply the flow monitor on Vlans and not L3 interfaces? When I try, I get an error that "flexible netflow is not supported on the interface"

Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.x.x (Port-channel1)
Destination(1) 192.168.x.x (9991)
Version 5 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level

I've also tried using version 9 but same result. As you can see most recently I have the source set as a L3 port channel but I've tried every active interface as the source, all with the same result.

Any help anyone can provide would be greatly appreciated.

Francesco Molino · ‎08-06-2019

Hi
For 3750G if I recall, netflow isn't supported.
For 3750X, you can only enable netflow on 1G and 10G service module (physical interfaces not port channel).

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎08-06-2019

Hi
For 3750G if I recall, netflow isn't supported.
For 3750X, you can only enable netflow on 1G and 10G service module (physical interfaces not port channel).

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

WallaceVanDunk1494 · ‎08-07-2019

Curious why the commands would go through if it is not supported but thanks for the info.

Francesco Molino · ‎08-07-2019

I would answer in a short way that IOS code is shared across platforms and commands go through but you need to refer to documentations or IOS Navigator feature to see what is supported or not and in which condition it's supported.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question