3750-X Netflow

Carl Williams · ‎02-06-2012

I need Serious help, basically I have netflow which i'm trying to use to export to a netflow collector. I'm pretty sure that the 3750-X does support netflow. I've recently updated IOS on the 3750-X to support flexi netflow.

For some reason the netflow packets are not being exported to the server.

I'm using Opmanager which should present the netflow stats in the form of a graph.

I'm using a universal IOS image.

(C3750E-UNIVERSALK9-M), Version 12.2(58)SE2

3750-X WS-C3750X-24T-S

(config-if)#$itor PERIVALE_NETFLOW_MONITORING input

% Flow Monitor: Flow Monitor 'PERIVALE_NETFLOW_MONITORING' This image doesn't support Flexible Netflow!

UB6-G40-PV102-3750CX(config-if)#$itor PERIVALE_NETFLOW_MONITORING output

% Flow Monitor: Flow Monitor 'PERIVALE_NETFLOW_MONITORING' This image doesn't support Flexible Netflow!

Which IOS supports netflow, baring in mind that I need a full feature set.

##########

configs below

###########

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet1/0/21

ip flow-export version 9

ip flow-export destination 10.173.66.143 9996

----------------------------------------

No packets being exported to my server

show ip flow export

Flow export v9 is enabled for main cache

Export source and destination details :

VRF ID : Default

Source(1) 10.118.0.106 (GigabitEthernet1/0/21)

Destination(1) 10.173.66.143 (9996)

Version 9 flow records

0 flows exported in 0 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

Any ideas?

Dan-Ciprian Cicioiu · ‎02-06-2012

Hi,

You will need to add :

ip flow ingress

ip flow egress

on the interfaces/SVI that you want.

example :

int vlan 53

ip flow in

ip flow eg

Dan

Carl Williams · ‎02-06-2012

Can you add it to a physical interfaces.

What should the total command output be.

Ports I want to export netflow from.//

GigabitEthernet1/0/21

GigabitEthernet2/0/21

TenGigabitEthernet1/1/2

TenGigabitEthernet2/1/2

Dan-Ciprian Cicioiu · ‎02-06-2012

Yes you can add it to a physical interface. You will add "ip flow ingres" "ip flow egress" on all ports that you what to export.

interface rang gi1/0/21 , gi2/0/21

ip flow eg

ip flow in

interface rang ten1/1/2 , te2/1/2

ip flow eg

ip flow in

If you have traffic on those ports, you can check with :

show ip cache flow | b Src

Dan

Carl Williams · ‎02-06-2012

show ip cache flow

IP packet size distribution (0 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

0 active, 4096 inactive, 0 added

0 ager polls, 0 flow alloc failures

Active flows timeout in 1 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 33608 bytes

0 active, 1024 inactive, 0 added, 0 added to flow

0 alloc failures, 0 force free

1 chunk, 1 chunk added

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

-

-------

Inactive flows mate i'm getting./////

Carl Williams · ‎02-06-2012

Still not exporting..//

show ip flow export

Flow export v9 is enabled for main cache

Export source and destination details :

VRF ID : Default

Source(1) 10.118.0.106 (GigabitEthernet1/0/21)

Destination(1) 10.173.66.143 (9996)

Version 9 flow records

0 flows exported in 0 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

Dan-Ciprian Cicioiu · ‎02-06-2012

Could you paste the relevant config.

Later edit : also show licence

In order to use netflow you must have IP base or IP services licence . Not lan base.

Dan

Carl Williams · ‎02-06-2012

//// This is applied but not used

flow exporter export-to-Perivale-Comvault_Server

destination 10.173.66.143

transport udp 9996

!

flow record PERIVALE_MONITORING

match datalink mac source address input

match datalink mac source address output

match datalink mac destination address input

match datalink mac destination address output

match ipv4 version

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect counter bytes

collect counter packets

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

flow monitor PERIVALE_NETFLOW_MONITORING

record PERIVALE_MONITORING

exporter export-to-Perivale-Comvault_Server

###################

netflow version 9 config

int GigabitEthernet1/0/21

ip flow ingress

ip flow egress

int GigabitEthernet2/0/21

ip flow ingress

ip flow egress

interface TenGigabitEthernet1/1/2

ip flow ingress

ip flow egress

interface TenGigabitEthernet2/1/2

ip flow ingress

ip flow egress

ip flow-cache timeout active 1

ip flow-export source GigabitEthernet1/0/21

ip flow-export version 9

ip flow-export destination 10.173.66.143 9996

Carl Williams · ‎02-06-2012

license in use.

show license

Index 1 Feature: ipservices

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Priority: Medium

License Count: Non-Counted

Index 2 Feature: ipbase

Period left: Life time

License Type: Permanent

License State: Active, Not in Use

License Priority: Medium

License Count: Non-Counted

Index 3 Feature: lanbase

Period left: 0 minute 0 second

jakewilson · ‎02-06-2012

Hi Carl,

We posted a blog on configuring NetFlow on the 3750X with the 3KX module. Without the 3KX module the only NetFlow you can get from the switch is Smart Logging Telemetry exports. I hope this helps.

Scrutinizer NetFlow Analyzer supports both.

Good luck.

Carl Williams · ‎02-06-2012

C3KX-NM-10G thats the module i'm using. Using opmanager netflow to gather stats.

Dan-Ciprian Cicioiu · ‎02-07-2012

Hi,

I think that the problem netflow support on this platform.

URL_1 :

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html

Device	Supported
Cisco 800, 1700, 2600	Yes
Cisco 1800, 2800, 3800	Yes
Cisco 4500	Yes
Cisco 6500	Yes
Cisco7200, 7300, 7500	Yes
Cisco 7600	Yes
Cisco 10000, 12000, CRS-1	Yes
Cisco 2900, 3500, 3660, 3750	No

URL_2 :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_58_se/release/notes/OL24338.html

NetFlow Commands

Unsupported Global Configuration Commands

ip flow-aggregation cache

ip flow-cache entries

ip flow-export

mikek · ‎02-07-2012

You need the Service Module (C3KX-SM-10G). That module contains specific silicon for Netflow and macsec. The nom doesn't.

Sent from Cisco Technical Support iPhone App