10-19-2014 05:47 AM - edited 03-07-2019 09:10 PM
Dear All,
Please help me to configure netflow on my new 6807XL VSS, running 15.1(2)SY - IPSERVICESK9.
I have tried to configure it according to the documentations available but getting warning messages while applying to an interface and not getting any flows received at the collector side.
Have created flow record, exporter and monitor. Tried with version 5 and manageengine netflow analyzer.
Is there any working example available ?
Thanks in advance.
Shijo.
10-19-2014 06:09 AM
There's no unique way to implement netflow monitoring. Anyway this is the working configuration for monitoring bandwidth usage that we use in our company along with PRTG as collector:
!
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination <A.B.C.D> <port>
!
interface FastEthernet0/0
ip address <a.b.c.d> <255.255.255.0>
ip flow egress
duplex auto
speed auto
10-19-2014 06:30 AM
Dear Houten,
Thanks for the reply.
But I believe the given configuration steps are belongs to the 'original netflow' configuration, but this has been replaced by Flexible Netflow (FNF) in newer IOS versions.
Regards,
Shijo.
10-19-2014 07:47 AM
You're right, it works for version 12.4, but it's not depreciated yet and you can use it for newer IOS.
can you share your current configuration?
01-24-2017 05:31 AM
Heres a working flex netflow of one of my devices
check its exporting with
xxxxxxxxxxxxxxxxxxxx#show flow exporter statistics
Flow Exporter NetQos:
Packet send statistics (last cleared 40w1d ago):
Successfully sent: 56805572 (70235337725 bytes)
No destination address: 24 (30196 bytes)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
flow record FLOW-RECORD
description record to monitor network traffic
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter NetQos
description export Netflow traffic to HQ
destination x.x.x.x
source Vlan1222
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
!
!
flow monitor xilinx_nq
description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
record FLOW-RECORD
exporter NetQos
statistics packet protocol
interface Vlan159
ip address x.x.x.x 255.255.255.0
ip flow monitor xilinx_nq input
ip flow monitor xilinx_nq output
01-24-2017 08:00 AM
Thank you for adding this config.
Looking at your config, I think the only question I have about it is:
flow exporter NetQos
description export Netflow traffic to HQ
destination x.x.x.x
source Vlan1222 (What is this VLan? Why is it a source if you're actually sourcing your monitoring from "interface vlan159"?)
template data timeout 300
option interface-table timeout 1000
option exporter-stats timeout 1000
I also had some questions on a previous comment up above. The config I commented on above is a bit different from yours. Might you be able to comment on those questions, as well?
Thank you for your help!
01-24-2017 08:35 AM
Hi
your sourcing it from vlan 222( thats my choice its our MGMT vlan )not vlan 159 , your collecting stats from vlan 159
every ip interface you want to collect from in flex netflow must have the monitor statements applied , like in netflow 5 just slightly diff syntax
we source every protocol we use from MGMT interfaces through our FWs for security , you don't have too
01-24-2017 08:57 AM
flow exporter NFexporter ----> name of exporter (can the same exporter be used for multiple interfaces, or does each interface require it's own exporter to be created?)
The exporter is only for the destination application where your sending the flows , so I have multiple collectors , NetQos , Live action etc . I have a specific exporter for each application
reading above if you use my netflow any ip interface you want to see flows from you apply what I have under the vlan 159 as the example , that should be on every IP based interface youw nat flows from , you cn colclect layer 2 as well but I don't have that included in that example , the monitor collects , the exporter send the data to the flow collector , the flow record is what you want recorded what stats if you get me
02-02-2017 05:35 AM
Thank you, everyone, for your help.
I've got this working, though I have a few bugs to work out. In an effort to make the minor changes I need, I've tried changing the config of the record. "% Flow Record: Flow Record is in use. Remove from all clients before editing."
Based on that, I decided to simply create a new record with the modifications I need, figuring I would then remove the current record from the monitor and put in the new record. Uhhhm, yeah... not so much.
When I try to remove the current record, I get the same "error". I only have this applied to 10, or so, VLan interfaces and one port... But is there an easier way to make the change without having to remove the monitor from each port individually, then re-add it?
Thanks, again!
02-02-2017 05:38 AM
Yes its a pain in the neck trying to change these when in use , I do it all on notepad and copy back in , its a limitation there's no quick fix way really , glad you got sorted anyway
02-02-2017 07:59 AM
I had our QRadar guy check out the feed. He's now getting everything! Thank you for the help.
Is there a way to globally apply the monitor? Or maybe ply to all active VLan interfaces in one deft swoop?
02-02-2017 08:08 AM
yes there one way to do it to all vlans , no global command available
(config)#int range vlan 1 - 20
(config-if-range)#
02-02-2017 09:19 AM
That's pretty amusing... I didn't want to just up and try that! ~ was a bit nervous.
Thank... AGAIN!
05-19-2015 04:36 PM
Dear Shijomon,
You managed to configure NetFlow?
I have the same question on the same appliance
09-21-2015 11:27 PM
Hi,
Not yet, what about for you ??
Shijo.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide