Cisco 3650 + Netflow configuration not working

vinayjaiswal · ‎02-26-2018

Hi Guys,

We are trying to configure netflow on Cisco 3650 switches with below configuration.

Version: WS-C3650-48PD --- >03.07.04.E-----> cat3k_caa-universalk9 BUNDLE.

source vlan: 201------> Gi1/0/4

Netflow Configuration:

flow record record_1

match ipv4 protocol
match ipv4 source address
match ipv4 destination address

end

flow exporter exporter_1

destination 10.240.22.110

dscp 0

source vlan 201

transport udp 9999

end

flow monitor monitor_1

exporter exporter_1

record record_1

cache timeout active 60

end

sampler sampler_1

mode random 1 out-of 2 1024

end

int Gi1/0/4

ip flow monitor monitor_1 input

We have whatsapp gold application to featch this data but we are unable to see any data...

Pls suggest.

Regards,

Vijay

Mark Malone · ‎02-26-2018

is int Gi1/0/4 an ip enabled interface ? it needs to be if not

vinayjaiswal · ‎02-27-2018

Hi Mark,

Here is the configuration of Gi 1/0/4 inteface.

interface GigabitEthernet1/0/4
switchport access vlan 201
switchport mode access
end

So as per your statement, we need to enable ip for this interface. ???

Mark Malone · ‎02-27-2018

Yes it will not collect on a layer 2 interface it must be layer 3 , its an IP command so works ta L3 , if you want to collect mac flows you still can but you need slightly different flow config , or else apply it to SVI 201 interface

vinayjaiswal · ‎02-27-2018

Hi Mark,

I applied below configuration but I am getting below error whenever i tried to apply it on vlan 201.

WAN-SW01#show flow record record_1
flow record record_1:
Description:        User defined
No. of users:       0
Total field space: 38 bytes
Fields:
    match ipv4 source address
    match ipv4 destination address
    match flow direction
    collect transport tcp flags
    collect interface output
    collect counter bytes long
    collect timestamp absolute first
    collect counter bytes layer2 long

WAN-SW01#show flow exporter exporter_1
Flow Exporter exporter_1:
Description:              User defined
Export protocol:          NetFlow Version 9
Transport Configuration:
    Destination IP address: 10.240.22.110
    Source IP address:      172.34.29.110
    Source Interface:       Vlan201
    Transport Protocol:     UDP
    Destination Port:       9999
    Source Port:            49639
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Used

WAN-SW01#show flow monitor monitor_1
Flow Monitor monitor_1:
Description:       User defined
Flow Record:       record_1
Flow Exporter:     exporter_1
Cache:
    Type:                 normal (Platform cache)
    Status:               not allocated
    Size:                 Unknown
    Inactive Timeout:     15 secs
    Active Timeout:       15000 secs
    Update Timeout:       1800 secs
    Synchronized Timeout: 600 secs

WAN-SW01(config)#int vlan 201
WAN-SW01(config-if)#ip flow monitor monitor_1 input
% Flow Monitor: Flow Monitor 'monitor_1' flexible netflow not supported on vlan interfaces

Vlan 201 configuration:

interface Vlan201
ip address 172.34.29.110 255.255.255.252
no ip redirects
no ip proxy-arp
load-interval 30
end

Pls suggest.

Regards,

Vijay

Mark Malone · ‎02-27-2018

Must be the platform is restricting it , it can be done on 6509 for vlan interfaces , you will be restricted then just to ip based physical interfaces only if it wont take on the SVI, could also be the license is it ipbase or ipservices you have ?

interface Vlan159
ip address x.x.x.x 255.255.255.0
ip flow monitor xxxxxx input
ip flow monitor xxxxxxx output
ip pim dense-mode
load-interval 30
!

vinayjaiswal · ‎02-27-2018

Hi Mark,

I really appreciate your support.

Here is current version:

System image file is "flash:cat3k_caa-universalk9.SPA.03.07.04.E.152-3.E4.bin"

I will ask end customer to configure ip based physical interfaces and then we will check.

I will update you.

Thank you.

Regards,

Vijay

Mark Malone · ‎02-27-2018

please check sh license right-to-use