Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1859
Views
0
Helpful
0
Replies

Missing information from Netflow v9 packets (ISR4321)

eksantrik
Level 1
Level 1

‎04-24-2019 07:39 AM - edited ‎04-24-2019 07:54 AM

Hello folks:

 

I have this ISR 4321 in my lab and trying to configure it for Netflowv9 with application data. I have two Gig interfaces on this router and I am trying to collect the ingress traffic on both interfaces. I applied the following configuration on it. I am receiving some netflow data but it is having the following issues:

  • Data such as "source port", "direction", "output_snmp" are missing from the netflow packets.
  • I confirmed that my router has NBAR but my netflow v9 packets do not have the information. I receive some application data on my netflow analyzer but they are not delivered as part of a flow. They are delivered as separate netflow packets with the association back to an IP address or flow. It is the application name and some byte count. How can I receive the application information attached to a particular flow?

My question is that if I have the correct configuration on my router to resolve the issues listed above?

Please note that my "show version" output is at the bottom of this post.

 

ENABLE NBAR
1. enable
2. configure terminal
3. interface GigabitEthernet0/0/0
4. ip nbar protocol-discovery
5. exit
6. interface GigabitEthernet0/0/1
7. ip nbar protocol-discovery
8. exit
9. exit
10. copy run start

 

NETFLOW CONFIGURATION

flow record netflow-record
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match ipv4 tos
match interface input
match application name
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow exporter netflow-exporter
description --- XXXXXXX ---
destination XX.XX.XX.XX
source GigabitEthernet0/0/0
transport udp 4729
export-protocol netflow-v9
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
flow monitor netflow-monitor
exporter netflow-exporter
cache timeout active 60
cache timeout inactive 15
record netflow-record
!
interface GigabitEthernet0/0/0
ip flow monitor netflow-monitor input
!
interface GigabitEthernet0/0/1
ip flow monitor netflow-monitor input

 

*********

*********

 

isr4300-3977#show version
Cisco IOS XE Software, Version 03.16.04b.S - Extended Support Release
Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S4b, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Mon 17-Oct-16 20:23 by mcpre

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents