4500x netflow configuration

Moudar · ‎07-13-2023

Hi,

I am trying to configure 4500x switch to send flow to PRTG but with no success!

flow record PRTG-Record
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter PRTG-Exporter
 destination 10.32.0.7
 source TenGigabitEthernet1/8
 transport udp 2055
!
!
flow monitor PRTG-Monitor
 record PRTG-Record
 exporter PRTG-Exporter
 cache timeout inactive 30
 cache timeout active 60
!

interface TenGigabitEthernet1/8
 switchport mode trunk
 ip flow monitor PRTG-Monitor input
 logging event link-status

What am getting from PRTG is:

Last Message:
PRTG could not open port 2055. The reason might be that another process is using the port on the machine that PRTG is running on. To resolve this issue, see https://kb.paessler.com/en/topic/71371. (code: PE245) (Could not bind socket. Address and port are already in use.)

From the switch i could not directly ping 10.32.0.7 but only if I include ping vrf...., the problem is that i could not include the vrf to the exporter!

No Firewall between these devices

I am getting Netflow from other switches like 9200 to PRTG but not from 4500x

What do I miss here?

Flavio Miranda · ‎07-13-2023

Hi @Moudar

The configuration seems to be ok. The error message stands out as if the PRTG can not listen on that port. The port 9995 is also use and alternatively you can use TCP 9996

On the switch do you have source-interface for logging?

logging source-interface <interface>

Moudar · ‎07-13-2023

What is the purpose of source-interface for logging? Which port suits that purpose? physical or logical port?

Flavio Miranda · ‎07-14-2023

Physical. The purpose is determine the exit for the loggin

M02@rt37 · ‎07-13-2023

Hello @Moudar,

use the other commonly used Netflow port, e.g. udp 9996.

Ping PRTG Ip add. [10.32.0.7] from your 4500 with source-address and add this source-address as @Flavio Miranda suggest!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Moudar · ‎07-13-2023

Ping to 10.32.0.7 is not going from the switch!

What port should I use as a source-address to get the ping to be successful?

M02@rt37 · ‎07-14-2023

Hello @Moudar,

Do you have vrf command here ?

Flow exporter PRTG-Exporter

Destination 10.32.0.7 ?

And please do #sh int des and #sh int status. Share the outputs.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Moudar · ‎07-14-2023

That is the problem, i don't have vrf command on Flow exporter PRTG-Exporter

4500-R(config-flow-exporter)#?
  default          Set a command to its defaults
  description      Provide a description for this Flow Exporter
  destination      Export destination configuration
  dscp             Optional DSCP
  exit             Exit from Flow Exporter configuration mode
  export-protocol  Export protocol version
  no               Negate a command or set its defaults
  option           Select an option for exporting
  source           Originating interface
  template         Flow Exporter template configuration
  transport        Transport protocol
  ttl              Optional TTL or hop limit

So i took the vrf under destination

flow record PRTG-Record
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter PRTG-Exporter
 destination 10.32.0.7 vrf ADM-KIS
 source vlan419
 transport udp 2055
!
!
flow monitor PRTG-Monitor
 record PRTG-Record
 exporter PRTG-Exporter
 cache timeout inactive 30
 cache timeout active 60
!

What should the source be if i want all physical and logical ports and interfaces to be included?

Still not working, back to udp 2055 PRTG is not complaining about port but still nothing comming in

I have the source vlan419 because I could not choose an SVI as source, and I do this because the ping:

ping vrf ADM-KIS ip 10.32.0.7 source 10.34.0.2

was successful, but 10.34.0.2 is an SVI! which is interface vlan 419

What am missing here?

Moudar · ‎07-14-2023

Show int status

Port      Name               Status       Vlan       Duplex  Speed Type
Te1/1     		         connected    trunk        full a-1000 1000BaseLH
Te1/2                        notconnect   1            full   auto No XCVR
Te1/3       	         connected    trunk        full    10G 10GBase-LR
Te1/4                        connected    trunk        full    10G 10GBase-LR
Te1/5                        connected    trunk        full a-1000 1000BaseLH
Te1/6                        connected    trunk        full a-1000 1000BaseLH
Te1/7                        connected    trunk        full a-1000 1000BaseLH
Te1/8                        connected    trunk        full    10G 10GBase-ER-*
Te1/9     Nexus-port 1/46    connected    trunk        full    10G 10GBase-LR
Te1/10    Nexus-port 1/46    connected    trunk        full    10G 10GBase-LR
Te1/11                       connected    trunk        full a-1000 1000BaseLH
Te1/12                       disabled     1            full   auto 1000BaseLH
Te1/13    Controller .147    connected    trunk        full    10G 10GBase-LR
Te1/14                       connected    trunk        full a-1000 1000BaseLH
Te1/15            connected    trunk        full    10G 10GBase-LR
Te1/16    Controller .148    connected    trunk        full    10G 10GBase-LR
Po4       WLC                connected    trunk      a-full    10G
Po5       WLC                connected    trunk      a-full    10G
Po10      Nexus              connected    trunk      a-full    10G
Po40                         notconnect   0            auto   auto
Po50                         notconnect   0            auto   auto

Moudar · ‎07-17-2023

Any suggestions?