Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
0
Replies

Net-flow , erroneous vlan export

Kevinjamesomahony
Level 1
Level 1

‎12-10-2019 04:29 AM

Hello 

 

I doing a POC with various Netflow collectors and have noticed an odd occurrence across all of them the virtual appliances

for the POC i'm collecting Flows from ASA's some 4500's and a 6509 pair

 

There is one particular vlan I want to collect on our 6509 VSS Switch (Vlan 291) However after configuring the Flex Netflow's Export/Monitor/Record and Applying it to the SVI for 291 somehow the switch also exports records for Vlan 16 . As such the POC appliances recognize  vlan 16 as a new net-flow source . this has been consistent across the appliances we have been POC'ing (Riverbed , ManageEngine and Solarwinds)

 

Vlan 291 has a flow monitor POC-EXPORT input/output on the SVI vlan 16 does not

Im getting flow records id expect to see on both  I just cannot understand how Vlan 16 is getting exported too 

 

====Config Below====

 

#show run flow monitor

flow monitor POC-MONITOR
record POC-RECORD
exporter POC-EXPORT
cache timeout active 60
!
#show run flow export
Current configuration:
!
flow exporter POC-EXPORT
destination 10.*.*.* vrf *vrf name*
source Vlan291
transport udp 9991
!
#show run flow record
!
flow record POC-RECORD
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match flow direction
collect routing next-hop address ipv4
collect interface input
collect interface output
collect counter bytes
collect counter packets
!

!
interface Vlan291
ip vrf forwarding *vrf name*
ip address 172.*.*.* 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor POC-MONITOR input
ip flow monitor POC-MONITOR output

#show run int vlan 16
!
interface Vlan16
ip address 172.*.*.* 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
end

 

====SHOW Commands====

 

#show flow export
Flow Exporter POC-EXPORT:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: 10.*.*.*
VRF label: *vrf name*
Source IP address: 172.*.*.*
Source Interface: Vlan291
Transport Protocol: UDP
Destination Port: 9991
Source Port: 62828
DSCP: 0x0
TTL: 255
Output Features: Not Used


#show flow record
flow record POC-RECORD:
Description: User defined
No. of users: 1
Total field space: 35 bytes
Fields:
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match flow direction
collect routing next-hop address ipv4
collect interface input
collect interface output
collect counter bytes
collect counter packets

#show flow monitor
Flow Monitor POC-MONITOR:
Description: User defined
Flow Record: POC-RECORD
Flow Exporter: POC-EXPORT
Cache:
Type: normal
Status: allocated
Size: 4096 entries / 278544 bytes
Cache:
Type: normal (Platform cache)
Status: allocated
Size: Unknown
Timers:
Local Global
Inactive Timeout: 15 secs 60 secs
Active Timeout: 60 secs 60 secs
Update Timeout: 1800 secs
Fast Timeout: Disabled

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents