Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
0
Helpful
2
Replies

Cannot add Netflow Monitor to outbound interface?

mbaldwin@epsilon-inc.com
Level 1
Level 1

‎04-05-2022 12:46 PM

I'm trying to configure Netflow to our Auvik collector on a C2960X but cannot get the interface(s) connected to the upstream router to add the Flow Monitor.  The customer router is a 3750G so that isn't an option for us to use.  Net flow configuration below.  Interfaces are configured as a port-channel.  I've tried the individual interfaces as well as the channel-group with a sampler but nothing will accept.  The SVI for the VLAN in question does not reside on the switch.  What am I doing wrong?  I see examples on here of L2 switch ports with net flow configured.  The commands exist and do not complain about anythingSwitching until I add the monitor to the interface.  Running v15.2(2r).  New territory for me so I'm lost at this point.  

 

flow record UNIFIrecord
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destination-port
match ipv4 tos

collect counter bytes permanent
collect counter packets permanent
collect timestamp sys-uptime first
collect timestamp sys-uptime last

!

flow exporter UNIFIexport
destination 192.168.23.100
source vlan 21 (MGMT vlan)
transport udp 2055
export-protocol netflow-v9
template data timeout 60

!

flow monitor UNIFImonitor
record UNIFIrecord
exporter UNIFIexport
cache timeout active 60
cache timeout inactive 30
exit

!

 

Labels:
0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎04-05-2022 04:05 PM

 

NetFlow Lite is only supported on switches running the LAN Base image. Switches running the LAN Lite image do not support NetFlow Lite.

 

Port—Monitor attachment is only supported on physical interfaces and not on logical interfaces, such as EtherChannels.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_consolidated_152ex_2960-X_cg/b_consolidated_152ex_2960-X_cg_chapter_010110.html 

0 Helpful

mbaldwin@epsilon-inc.com
Level 1
Level 1
In response to Flavio Miranda

‎04-06-2022 05:37 AM

I believe I'm running LAN based image.  Show license and Show version information below. 

 

I've tried it on the physical interfaces as well as the channel-group and get the same error message. I can't do it on the VLAN interface as the SVI lives on the adjacent core switch.  

 

 

-AccessPoint-Access#sh lic
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Index 2 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted

 


FSH-AccessPoint-Access#sh ver
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 21-Feb-14 05:54 by prod_rel_team

ROM: Bootstrap program is C2960X boot loader
BOOTLDR: C2960X Boot Loader (C2960X-HBOOT-M) Version 15.2(2r)E1, RELEASE SOFTWARE (fc1)

FSH-AccessPoint-Access uptime is 4 years, 49 weeks, 1 day, 12 hours, 52 minutes
System returned to ROM by power-on
System restarted at 21:05:33 UTC Thu Apr 27 2017
System image file is "flash:/c2960x-universalk9-mz.150-2.EX5/c2960x-universalk9-mz.150-2.EX5.bin"

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card