01-19-2017 10:12 AM - edited 03-08-2019 08:59 AM
Hello,
We've set up netflow on our core switch and it works, we are capturing all inter-vlan traffic.
We are also trying to get traffic that flows inside a vlan on an edge switch (that traffic does not reach the core switch).
We are running 3850 with 03.07.04E
We cannot get the flow record applied to the vlan it errors out.
Here is our config:
flow exporter AWSSplunk
description test
destination x.x.13.245
transport udp 2055
template data timeout 60
option interface-table timeout 60
option application-table timeout 60
flow monitor MONITOR1
exporter AWSSplunk
cache timeout inactive 30
cache timeout active 60
flow record RECORD1
match datalink mac source address input
match datalink mac source address output
match datalink mac destination address input
match ipv4 source address
match ipv4 destination address
match flow direction
When applying to vlan 10:
sw(config)#vlan configuration 10
sw(config-vlan-config)#ip flow monitor MONITOR1 input
% Flow Monitor: Flow Monitor 'MONITOR1' cannot be added as this monitor does not have a valid Flow Record.
What are we missing?
01-19-2017 10:40 AM
Hi,
Your flow record is named "'RECORD1" can you change it to "MONITOR1" and test again?
HTH
01-19-2017 11:18 AM
Thank you!
I forgot to add RECORD1 to MONITOR1
It works now
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide