Solved: Config Netflow NX-OS

tiredes2015 · ‎02-01-2016

Hello,

I am trying to configure Netflow on my Nexus 5624 Switch, Nx-os 7.2(1)N1(1)

Here are the steps that i followed:

switch(config)# feature netflow
switch(config)# flow timeout active 60
switch(config)# flow timeout inactive 15

switch(config)# flow exporter netflow_to_Nfsen
switch(config-flow-exporter)# description Export NetFlow to Nfsen
switch(config-flow-exporter)# destination 10.10.5.33
switch(config-flow-exporter)# source Vlan1010
switch(config-flow-exporter)# transport udp 9995
switch(config-flow-exporter)# version 9

switch(config)# flow monitor standard_v9netflow
switch(config-flow-monitor)# record netflow-original
switch(config-flow-monitor)# exporter netflow_to_Nfsen

switch(config)# interface Ethernet2/3
switch(config-if)# ip flow monitor standard_v9netflow input

switch(config)# interface Ethernet2/1
switch(config-if)# ip flow monitor standard_v9netflow input

My problem is with the bold lines above.

When i reach the interface settings part, i am not able to find the IP FLOW command within the needed interfaces.

Find below current ports config and resulte of the IP command.

interface Ethernet2/1
description "UP 9K-02"
switchport
switchport mode trunk
switchport trunk native vlan 1010
switchport trunk allowed vlan 2-4,24-26,100,166,172,199,666,1010,1012

interface Ethernet2/3
description "UP 9K-01"
switchport
switchport mode trunk
switchport trunk native vlan 1010
switchport trunk allowed vlan 2-4,24-26,100,166,172,199,666,1010,1012

CORE5K-02(config)# interface ethernet 2/3
CORE5K-02(config-if)# ip ?
access-group Specify access control for packets
port Port policy

If i select any empty port, for example Ethernet 2/4, i can find the IP FLOW option.

CORE5K-02(config-if)# interface ethernet 2/4
CORE5K-02(config-if)# ip ?
access-group Specify access control for packets
address Configure IP address on interface
arp Configure ARP parameters
directed-broadcast IP directed-broadcast
flow NetFlow related commands
forward Enable ip forwarding on interface
igmp IGMP interface configuration commands
load-sharing Style of load sharing
local-proxy-arp Configure local proxy ARP
port Port policy
port-unreachable Enable sending ICMP port-unreachable
proxy-arp Configure proxy ARP
redirects Send ICMP Redirect messages
unreachables Enable sending ICMP unreachables (other than
port-unreachable)
verify Configure Unicast Reverse Path Forwarding or IP Source
Guard

Why the IP FLOW option does not appear in all interfaces?

I need to capture the flow of these 2 interfaces because all the Client-Server traffic passes through these 2 ports.

Any clue what i am doing wrong?

Thx

Fouad

AllertGen · ‎02-01-2016

Hello, tiredes2015.

I think it is because you set this port to work only as L2 port by a "switchport" command. So there is not much commands that starts with "ip .." line. For a L2 netflow at the NX OS you can try this: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_15netflow.html#wp1094178

Best Regards.

View solution in original post

AllertGen · ‎02-01-2016

Hello, tiredes2015.

I think it is because you set this port to work only as L2 port by a "switchport" command. So there is not much commands that starts with "ip .." line. For a L2 netflow at the NX OS you can try this: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_15netflow.html#wp1094178

Best Regards.

tiredes2015 · ‎02-01-2016

Thank you AllertGen,

This is really what was happening,

I applied the netflow at Vlan INterface L3, and everythign went fine.

I tried to activate the L2 netflow as well and worked fine.

Thank you for thr hint.

Cheers