Thanks. Part of the problem was the collector service on the server. I am only getting layer 2 ports and physical layer 3 ports, no SVIs in Scrutinizer. Anyone know why the switch isn't sending or scrutinizer isn't collecting SVI Netflow?

!
flow record NETFLOW_RECORD
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NETFLOW_EXPORTER
destination 10.10.12.103
source Loopback0
transport udp 2055
template data timeout 60
!
!
flow monitor NETFLOW_MONITOR
record NETFLOW_RECORD
exporter NETFLOW_EXPORTER
cache timeout active 60
cache entries 1000
!
!
vlan configuration 50
ip flow monitor NETFLOW_MONITOR input
!
interface GigabitEthernet2/1
ip flow monitor NETFLOW_MONITOR input
!

Would you be willing to try these entries in your NetFlow record?

match ipv4 tos
match ipv4 protocol
match ipv4 source address 
match ipv4 destination address 
match transport source-port 
match transport destination-port 
match interface input 
match application name
collect routing destination as 
collect routing next-hop address ipv4 
collect ipv4 dscp 
collect ipv4 id
collect ipv4 source prefix 
collect ipv4 source mask 
collect ipv4 destination mask 
collect transport tcp source-port 
collect transport tcp destination-port 
collect transport tcp flags 
collect transport udp source-port 
collect transport udp destination-port 
collect interface output 
collect counter bytes 
collect counter packets 
collect timestamp sys-uptime first 
collect timestamp sys-uptime last 
collect datalink mac source address input
collect datalink mac destination address input
collect flow direction

Results of those commands....as you can see not all are supported on the Sup7-E.

JC_Core2(config)#flow record NETFLOW_RECORD
JC_Core2(config-flow-record)#match ipv4 tos
JC_Core2(config-flow-record)#match ipv4 protocol
JC_Core2(config-flow-record)#match ipv4 source address
JC_Core2(config-flow-record)#match ipv4 destination address
JC_Core2(config-flow-record)#match transport source-port
JC_Core2(config-flow-record)#match transport destination-port
JC_Core2(config-flow-record)#match interface input
JC_Core2(config-flow-record)#match application name
                                   ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect routing destination as
                                             ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect routing next-hop address ipv4
                                             ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect ipv4 dscp
JC_Core2(config-flow-record)#collect ipv4 id
                                          ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect ipv4 source prefix
                                                 ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect ipv4 source mask
                                                 ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect ipv4 destination mask
                                                      ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#collect transport tcp source-port
JC_Core2(config-flow-record)#collect transport tcp destination-port
JC_Core2(config-flow-record)#collect transport tcp flags
JC_Core2(config-flow-record)#collect transport udp source-port
JC_Core2(config-flow-record)#collect transport udp destination-port
JC_Core2(config-flow-record)#collect interface output
JC_Core2(config-flow-record)#collect counter bytes
JC_Core2(config-flow-record)#collect counter packets
JC_Core2(config-flow-record)#collect timestamp sys-uptime first
JC_Core2(config-flow-record)#collect timestamp sys-uptime last
JC_Core2(config-flow-record)#collect datalink mac source address input
JC_Core2(config-flow-record)#collect datalink mac destination address input
JC_Core2(config-flow-record)#collect flow direction
                                     ^
% Invalid input detected at '^' marker.

JC_Core2(config-flow-record)#

Applied the Monitor to the interface.

JC_Core2(config-if)#ip flow monitor NETFLOW_MONITOR input
% Flow Monitor: Flow Monitor 'NETFLOW_MONITOR'  : Interface option is not support with Cos,Tos, TTL or Packet length options. Flow record fields can't be supported with the monitor type

OK, it's time to roll up the sleeves on this one.  Can we get a packet capture of this export?  The longer period of time the better as we need to make sure to capture a template.

I'll replay the capture in house and find out what fields we need.  I'm sure we can lick this issue.

Call our support if you own Scrutinizer.  If you don't, call presales support (207)324-8805 x3.    Tell them you have a packet capture for Mike Patterson.

Thanks Michael. I've opened a ticket with TAC just to make sure there isn't some sort of limitation on the Sup7-E with FnF.

According to TAC, the Sup 7-E will NEVER support Flexible Netflow configs on the SVI. You can only configure FnF on physical interfaces (Layer 2 Trunks and Layer 3 Interfaces).Apparently once you configure the vlan-range and add a monitor, any access port assigned to that vlan will show up in your collector, again according to TAC. I haven't seen all of my ports show in the collector. I still have the TAC case open and have sent them some more configs so i will update this as soon as i have some more information. I find this difficult to config and monitor since these are Core switches. FnF is supposed to be very granular but imo Cisco should have allowed SVIs since the 4500 series are used as Core switches in a lot of environments.

Example:

!

interface GigabitEthernet2/1
switchport trunk allowed vlan 35,50,80,90

switchport mode trunk

vlan-range 35,50,80
  ip flow monitor NETFLOW_MONITOR input

!

Did anyone ever get a good answer to this?

I too need this setup and I too get the same errors on the initial config commands that are shown above....the walkthrough of commands several don't seem to be supported on the 4507E with SUP7E that I just installed.

IOS v15.0.1r SG5

I have finally configured FNF on this 4507 w/Sup7E only to be told that it only monitors egress traffic? Hardware limitation? I don't get that.

However, I am waiting on my Cisco engineer contact to get back with me on this. He says

"However, the netflow collector has the ability to deduplicate flows.  So, if you grab inbound netflow on the upstream and downstream ports the collector can present them as a single flow in both directions."

So I am chomping at the bit now to get an example of this in my very simple (for now) setup. And how to maintain when I start finally throwing multiple VLANs in the mix.

Hi cowetacoit,

    I am also facing the same problem while configuring Netflow in the output direction of physical interface in Cisco 4500 with Sup 7e.

Have you got any resolution for this from TAC? Is there any alternate solution for this ?

I am getting below error.

% Flow Monitor: 'Netflow-Monitor' could not be added to interface due to invalid sub-traffic type: 0

Thanks a lot in Advance....

Has anyone made any advances on this subject?

I am also having the same issue. I just worked through this with a Plixer engineer and we are both some what stumped here.

Oh wow....I see I already posted here last year! LOL

Shows how long we have been working toward this.

Ratheesh that is the exact same error I am seeing right now too.