Thanks for your reply. Whether it is traditional or flexible, the problem I see is that the packets are not exported. Flexible provides additional features to netflow to export to multiple hosts etc. Also in the recent device support matrix in the URL you had given, 2900 series is not listed. The model I have is 2911. Some of the netflow analyzers like solarwinds mentions 2900 does not support netflow.

So, I am trying to find out whether it is really supported or not supported. Inspite of following the instructions to enable netflow and configuring source and destination, it is not generating network packets.

Any suggestions?

Hello, have you configured the below?

ip flow ingress

ip flow egress

ip flow-export source

ip flow-export version X

ip flow-export destination x.x.x.x 2055

What happens when you do a 'show ip flow export'

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

The steps I have followed are.

interface GigabitEthernet0/2

ip flow ingress

ip flow egress

ip route-cache flow

ip flow-export source GIgabitEtherner0/2

ip flow-export version 5

ip flow-export destination x.x.x.x 9996

wr

The output of

#show ip flow export

Flow export v5 is enabled for main cache

  Export source and destination details :

  VRF ID : Default

    Source(1)       x.x.x.x (GigabitEthernet0/2)

    Destination(1)  x.x.x.x (9996)

  Version 5 flow records

  0 flows exported in 0 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

  0 export packets were dropped due to no fib

  0 export packets were dropped due to adjacency issues

  0 export packets were dropped due to fragmentation failures

  0 export packets were dropped due to encapsulation fixup failures

It is not exporting any packet.

Please suggest what could be the reason.

hi,

could you post show run int g0/2?

make sure you've got ip route-cache and ip route-cache cef enabled under your egress/ingress ports.

Hi John,

Here is the output of the interface.

Current configuration : 213 bytes

!

interface GigabitEthernet0/2

description ----------connected to Core Switch---------

ip address x.x.x.x x.x.x.x

ip access-group test in

ip flow ingress

ip flow egress

duplex auto

speed auto

end

hi,

ok so you've got an ACL there.

have you tried the commands suggested earlier?

could you remove the ACL first and try to ping the netflow collector server from 2911?

Hi John,

I have removed the acl and the ping is successful to the netflow collector before and after the acl removal. Still it is not exporting.

I just tried this on a 2901...

NPEVG01#

NPEVG01#show ip flow export

Flow export v5 is enabled for main cache

  Export source and destination details :

  VRF ID : Default

    Destination(1)  1.1.1.1 (1)

  Version 5 flow records

  268 flows exported in 36 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

  0 export packets were dropped due to no fib

  0 export packets were dropped due to adjacency issues

  0 export packets were dropped due to fragmentation failures

  0 export packets were dropped due to encapsulation fixup failures

NPEVG01#

NPEVG01#show run | inc flow

ip flow ingress

ip flow egress

ip flow-export version 5

ip flow-export destination 1.1.1.1 1

NPEVG01#

NPEVG01#show ver

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M1, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Tue 14-Jun-11 19:25 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

NPEVG01 uptime is 18 weeks, 15 hours, 54 minutes

System returned to ROM by reload at 15:47:53 UTC Thu Feb 7 2013

System restarted at 15:49:12 UTC Thu Feb 7 2013

System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M1.bin"

Last reload type: Normal Reload

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO2901/K9 (revision 1.0) with 483328K/40960K bytes of memory.

Processor board ID FCZ153290E1

2 Gigabit Ethernet interfaces

2 ISDN Basic Rate interfaces

1 terminal line

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

255744K bytes of ATA System CompactFlash 0 (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2901/K9          XXXXXXXX

Technology Package License Information for Module:'c2900'

-----------------------------------------------------------------

Technology    Technology-package           Technology-package

              Current       Type           Next reboot

------------------------------------------------------------------

ipbase        ipbasek9      Permanent      ipbasek9

security      None          None           None

uc            uck9          Permanent      uck9

data          None          None           None

Configuration register is 0x2102

NPEVG01#

NPEVG01#show ip cache flow

IP packet size distribution (3331 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .000 .106 .570 .211 .037 .000 .000 .066 .000 .000 .006 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

  2 active, 4094 inactive, 387 added

  9165 ager polls, 0 flow alloc failures

  Active flows timeout in 30 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 34056 bytes

  1 active, 1023 inactive, 371 added, 371 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

  last clearing of statistics never

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

TCP-other            8      0.0       123    98      0.0      35.6      15.5

UDP-other          377      0.0         4   102      0.0       1.7      15.4

Total:             385      0.0         7   101      0.0       2.4      15.4

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts

Gi0/0         172.27.24.182   Local         172.27.24.185   06 F0B2 0016    76

Gi0/0         172.27.24.45    Null          172.27.24.255   11 0089 0089   427

Simply 4 commands and its generating flow exports straight away. It's like its not even active at all in the OP's case. Dont know why this isn't working for Prakash. Very strange & still looking...

What version of IOS are you running?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Thanks John. After enabling cef explicitly, it worked.

ip cef was not enabled. Since it is mentioned that "ip route-cache flow" will enable cef, I didnt' check. After enable ip cef explicitly, it is exporting the data.

-- Thanks

for the 2921 specific.  I don't think it would be much different for a 2911.  make sure ip cef is turned on.

global commands

ip flow-cache timeout active 1

ip flow-export source Loopback(x) (create this-routable IP)
ip flow-export version 5
ip flow-export destination xxx.xxx.xxx.xxx 9996 (we use this port with manageengine)

interface commands

 ip flow ingress
 ip flow egress

output should look like this

<hostname>#sh ip flow export
Flow export v5 is enabled for main cache
  Export source and destination details :
  VRF ID : Default
    Source(1)       <ip of loopback> (Loopback(x))
    Destination(1)  xxx.xxx.xxx.xxx (9996) (ip of netflow server) 
  Version 5 flow records
  639724865 flows exported in 164494611 udp datagrams
  0 flows failed due to lack of export packet
  164488626 export packets were sent up to process level
  760 export packets were dropped due to no fib
  0 export packets were dropped due to adjacency issues
  0 export packets were dropped due to fragmentation failures
  0 export packets were dropped due to encapsulation fixup failures
<hostname>#