Encrypted Traffic Analyzer(ETA) feature dont work after switch upgrade

dima.ostapenko · ‎09-14-2022

After Catalyst C9500-24Y4C Switch upgrade from Gibraltar-16.12.4 to Bengaluru-17.6.3 this ETA commands don't available in configuration:

et-analytics
ip flow-export destination X.X.X.X 2055

vlan configuration XXX
ip flow monitor IPv4_NETFLOW input
et-analytics enable

Output of show platform software et-analytics global:
ET-Analytics Global state
=========================
All Interfaces : Off
IP Flow-record Destination : 0.0.0.0 : 0
Inactive timer : 0
Active timer : 0

ET-Analytics interfaces
No interface has ET-Analytics

ET-Analytics VLANs

How can I enable ETA feature in this release?

Thanks.

balaji.bandi · ‎09-14-2022

AFter upgrade i would check the License again :

i will also re-apply the config on 17.6.3

the flow desitnation show all 0.0.0.0

IP Flow-record Destination : 0.0.0.0 : 0

also is this SDA ?

Restrictions for Encrypted Traffic Analytics

ETA is supported only on access ports and wireless VLAN on SDA deployment. It is not supported on management, trunk, port-channel, SVI, and loopback interfaces.
ETA and transmit (Tx) Switched Port Analyzer (SPAN) is not supported on the same interface.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dima.ostapenko · ‎09-14-2022

No, it isn't SDA deployment.

dima.ostapenko · ‎09-14-2022

Licenses is ok and the same as previouse version IOS-XE:

C9500 Network Advantage and C9500 24Y4C DNA Advantage