Solved: Error when configuring Netflow on NX-OSv "Record TEST has IP fields. L2 fields are not allowed"

CiscoBrownBelt · ‎02-09-2020

I am following the Cisco doc below however I keep receiving "ERROR: Record TEST has IP fields. L2 fields are not allowed" when attempting to configure a Flow Record with "match datalink ethertype" however I only have the following configured for the record so far. I am using a NX-OSv in VIRL. The document does not state anything about configuring Netflow for L2 and L3 traffic. Any help?

flow record TEST
description IPv4Flow
match ip protocol
match transport destination-port
collect counter packets

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_...

ChuckMcF · ‎04-27-2020

This error shows up when you're attempting to configure L2 commands on a L3 interface. You can only configure L2 Netflow on L2 interfaces, L3 on L3 interfaces. Here is an example for L3 interfaces.

feature netflow
flow timeout active 60
flow exporter NETFLOW_EXP
description \\Netflow Export//
destination <IP ADDRESS>
transport udp 2055
source <SOURCE VLAN>
version 9
flow record FLOW_RECORD
description \\NetFlow record//
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port !***Whatever you'd like to match on***
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor IPv4_NETFLOW
record FLOW_RECORD
exporter NETFLOW_EXP
!
int X

ip address <IP> <MASK>
ip flow monitor IPv4_NETFLOW input sampler NF-Sampler

This link may be helpful as well:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/system_management/configuration/guide/sm_nx_os_cli/sm_15netflow.html

HTH,

Chuck McFadden

--please mark helpful posts as helpful--

View solution in original post

ChuckMcF · ‎04-27-2020

This error shows up when you're attempting to configure L2 commands on a L3 interface. You can only configure L2 Netflow on L2 interfaces, L3 on L3 interfaces. Here is an example for L3 interfaces.

feature netflow
flow timeout active 60
flow exporter NETFLOW_EXP
description \\Netflow Export//
destination <IP ADDRESS>
transport udp 2055
source <SOURCE VLAN>
version 9
flow record FLOW_RECORD
description \\NetFlow record//
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port !***Whatever you'd like to match on***
collect transport tcp flags
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor IPv4_NETFLOW
record FLOW_RECORD
exporter NETFLOW_EXP
!
int X

ip address <IP> <MASK>
ip flow monitor IPv4_NETFLOW input sampler NF-Sampler

This link may be helpful as well:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/system_management/configuration/guide/sm_nx_os_cli/sm_15netflow.html

HTH,

Chuck McFadden

--please mark helpful posts as helpful--

CiscoBrownBelt · ‎04-27-2020

Thanks! I resolved this but can't really remember what i did but I believe this was it.