3560C-8PC-S NetFlow Export troubleshooting

jtcrawfo · ‎03-17-2016

Hello,

I have a 3560C-8PC-S running IOS 15.2(2)E4 with the ipbase license. From what I read elsewhere, this switch supports NetFlow Lite; however, I'm failing to see any flows exported when issuing a sh ip flow export. Debugging ip flow export has not yielded a single message, which tells me I'm missing something quintessential. I would love for somebody to take a look at my config to see if I have anything missing or why I cannot generate any stats via NetFlow.

The pre-reqs for NetFlow have been satisfied as per my knowledge: IOS version, license, IP routing enabled, and CEF is enabled and running on all my interfaces.

Here's a sanitized and censored snippet of my running configuration minus the PKI crypto junk:

Building configuration...

Current configuration : 3725 bytes
!
! Last configuration change at 16:31:47 UTC Thu Mar 17
2016
! NVRAM config last updated at 15:40:39 UTC Thu Mar 17
2016
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560C
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$1sHw$TEmU3MjP4xI1UKw4yOjLr.
!
no aaa new-model
system mtu routing 1500
ip routing
!
ip flow-cache timeout active 1
ip name-server 10.0.100.1
!
crypto pki trustpoint TP-self-signed-4286392192
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-
4286392192
revocation-check none
rsakeypair TP-self-signed-4286392192
!
!
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
description NAS
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/4
description WANem
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 15
switchport mode access
ip flow egress
!
interface FastEthernet0/6
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 15
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 15
switchport mode access
!
interface GigabitEthernet0/1
description Uplink
switchport access vlan 15
switchport mode access
ip flow egress
!
interface GigabitEthernet0/2
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan 15
ip address 10.0.100.2 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http secure-server
ip flow-export source FastEthernet0/5
ip flow-export version 9
ip flow-export destination 10.0.100.113 9996
!
ip route 0.0.0.0 0.0.0.0 10.0.100.1
!
!
ip sla enable reaction-alerts
snmp-server community public RO
snmp-server community private RW
snmp ifmib ifindex persist
!
!
line con 0
line vty 0 4
password cleartextlol
login
line vty 5 15
login
!
!
end

Thanks in advance!

julijime · ‎03-18-2016

Hi,

Unfortunately only the 3560-CX series supports Netflow Lite (see the following information for further reference):

http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3560-cx-series-switches/q-and-a-c67-733230.html

HTH

Q. How do the new compact switches compare to the existing 3560-C and 2960-C Gigabit Ethernet Series compact switches?

Table 3. Comparison of 3560-CG and 3560-CX Compact Switches

Parameter	Feature	3560-CG	3560-CX
Ports	Uplinks	2 x 1 G Copper or 2 x 1 G SFP	2 x 1 G Copper and 2 x 10 G SFP+ and 2 x 1 G SFP^*
Ports	Downlinks	8 x 1 G Copper	8 x 1 G, 12 x 1 G, 6 x 1 G + 2 x Multigigabit Ethernet Copper
PoE	PoE	124W PoE+	240W PoE+
	Perpetual PoE	NO	YES
	Cisco UPOE-powered and PoE Pass- Through	NO	YES (WS-C3560CX-8PT-S)
Ease of Management	Instant Access	NO	YES (10 G SKUs)
Software	Cisco IOS^® Software	IP Base Only	IP Base, IP Services (upgradable)
Hardware	DRAM, Flash	128 MB, 64 MB	512 MB, 128 MB
Other	Security	802.1x, MACsec	802.1x, MACsec
	AVC	NO	NetFlow Lite
	IPv6	Basic	Enhanced