cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11914
Views
0
Helpful
12
Replies

3750-X Netflow

Carl Williams
Level 1
Level 1

I need Serious help, basically I have netflow which i'm trying to use to export to a netflow collector. I'm pretty sure that the 3750-X does support netflow. I've recently updated IOS on the 3750-X to support flexi netflow.

For some reason the netflow packets are not being exported to the server.

I'm using Opmanager which should present the netflow stats in the form of a graph.

I'm using a universal IOS image.

(C3750E-UNIVERSALK9-M), Version 12.2(58)SE2

3750-X WS-C3750X-24T-S

(config-if)#$itor PERIVALE_NETFLOW_MONITORING input

% Flow Monitor: Flow Monitor 'PERIVALE_NETFLOW_MONITORING' This image doesn't support Flexible Netflow!

UB6-G40-PV102-3750CX(config-if)#$itor PERIVALE_NETFLOW_MONITORING output

% Flow Monitor: Flow Monitor 'PERIVALE_NETFLOW_MONITORING' This image doesn't support Flexible Netflow!

Which IOS supports netflow, baring in mind that I need a full feature set.

##########

configs below

###########

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet1/0/21

ip flow-export version 9

ip flow-export destination 10.173.66.143 9996

----------------------------------------

No packets being exported to my server

show ip flow export

Flow export v9 is enabled for main cache

  Export source and destination details :

  VRF ID : Default

    Source(1)       10.118.0.106 (GigabitEthernet1/0/21)

    Destination(1)  10.173.66.143 (9996)

  Version 9 flow records

  0 flows exported in 0 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

Any ideas?

12 Replies 12

Hi,

You will need to add :

ip flow ingress

ip flow egress

on the interfaces/SVI that you want.

example :

int vlan 53

ip flow in

ip flow eg

Dan

Can you add it to a physical interfaces.

What should the total command output be.

Ports I want to export netflow from.//

GigabitEthernet1/0/21

GigabitEthernet2/0/21

TenGigabitEthernet1/1/2

TenGigabitEthernet2/1/2

Yes you can add it to a physical interface. You will add "ip flow ingres" "ip flow egress" on all ports that you what to export.

interface rang gi1/0/21 , gi2/0/21

ip flow eg

ip flow in

interface rang ten1/1/2 , te2/1/2

ip flow eg

ip flow in

If you have traffic on those ports, you can check with :

show ip cache flow | b Src

Dan

show ip cache flow

IP packet size distribution (0 total packets):

   1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

    512  544  576 1024 1536 2048 2560 3072 3584 4096 4608

   .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

  0 active, 4096 inactive, 0 added

  0 ager polls, 0 flow alloc failures

  Active flows timeout in 1 minutes

  Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 33608 bytes

  0 active, 1024 inactive, 0 added, 0 added to flow

  0 alloc failures, 0 force free

  1 chunk, 1 chunk added

  last clearing of statistics never

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts

-

-------

Inactive flows mate i'm getting./////

Still not exporting..//

show ip flow export

Flow export v9 is enabled for main cache

  Export source and destination details :

  VRF ID : Default

    Source(1)       10.118.0.106 (GigabitEthernet1/0/21)

    Destination(1)  10.173.66.143 (9996)

  Version 9 flow records

  0 flows exported in 0 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

Could you paste the relevant config.

Later edit :  also show licence

In order to use netflow you must have IP base or IP services licence . Not lan base.

Dan

//// This is applied but not used

flow exporter export-to-Perivale-Comvault_Server

destination 10.173.66.143

transport udp 9996

!

!

flow record PERIVALE_MONITORING

match datalink mac source address input

match datalink mac source address output

match datalink mac destination address input

match datalink mac destination address output

match ipv4 version

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

!

flow monitor PERIVALE_NETFLOW_MONITORING

record PERIVALE_MONITORING

exporter export-to-Perivale-Comvault_Server

###################

netflow version 9 config

int GigabitEthernet1/0/21

ip flow ingress

ip flow egress

int GigabitEthernet2/0/21

ip flow ingress

ip flow egress

interface TenGigabitEthernet1/1/2

ip flow ingress

ip flow egress

interface TenGigabitEthernet2/1/2

ip flow ingress

ip flow egress

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet1/0/21

ip flow-export version 9

ip flow-export destination 10.173.66.143 9996

license in use.

show license

Index 1 Feature: ipservices

        Period left: Life time

        License Type: Permanent

        License State: Active, In Use

        License Priority: Medium

        License Count: Non-Counted

Index 2 Feature: ipbase

        Period left: Life time

        License Type: Permanent

        License State: Active, Not in Use

        License Priority: Medium

        License Count: Non-Counted

Index 3 Feature: lanbase

        Period left: 0  minute  0  second

jakewilson
Level 1
Level 1

Hi Carl,

We posted a blog on configuring NetFlow on the 3750X with the 3KX module.  Without the 3KX module the only NetFlow you can get from the switch is Smart Logging Telemetry exports. I hope this helps.

Scrutinizer NetFlow Analyzer supports both.

Good luck.

C3KX-NM-10G thats the module i'm using. Using opmanager netflow to gather stats.

Hi,

I think that the problem netflow support on this platform.

URL_1 :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html

Device

Supported

Cisco 800, 1700, 2600

Yes

Cisco 1800, 2800, 3800

Yes

Cisco 4500

Yes

Cisco 6500

Yes

Cisco7200, 7300, 7500

Yes

Cisco 7600

Yes

Cisco 10000, 12000, CRS-1

Yes

Cisco 2900, 3500, 3660, 3750

No

URL_2 :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_58_se/release/notes/OL24338.html

NetFlow Commands

Unsupported Global Configuration Commands

ip flow-aggregation cache

ip flow-cache entries

ip flow-export

mikek
Level 1
Level 1

You need the Service Module (C3KX-SM-10G). That module contains specific silicon for Netflow and macsec. The nom doesn't.

Sent from Cisco Technical Support iPhone App

Review Cisco Networking for a $25 gift card