03-22-2013 12:36 AM - edited 03-07-2019 12:25 PM
We have installed "FRULink 10G SM Module" in our 3560X switch and have configured Netflow 9.
But we are not getting the flows to the netflow server, except 1 or 2 multicast packets.
IOS:c3560e-universalk9-mz.150-1.SE3.bin (IP SERVICES)
Configuration:
flow record fl-record
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
flow exporter fl-export
description netflow_export
destination 10.10.10.10
source Vlan5
transport udp 9996
!
flow monitor fl-mon
record fl-record
exporter fl-export
cache timeout inactive 60
cache timeout active 60
cache timeout update 6
!
Just got the below flow from the show flow monitor fl-mon cache outout
IPV4 SOURCE ADDRESS: 169.254.186.35
IPV4 DESTINATION ADDRESS: 169.254.255.255
TRNS SOURCE PORT: 138
TRNS DESTINATION PORT: 138
counter bytes: 257
counter packets: 1
timestamp first: 10:35:49.639
timestamp last: 10:35:49.639
Solved! Go to Solution.
03-22-2013 08:56 AM
Flexible NetFlow is supported on the Catalyst 3750-X switch if it is running the IP base or IP Base Services feature set and equipped with the network services module. So, ensure you have the required feature set license.
If you do, add the below commands to your existing flow-record configuration and check.
match ipv4 protocol
match ipv4 tos
match interface input
collect interface output
If this too does not work, check if your flow monitoring tool is expecting any more relevant fields to be exported in the flows.
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate posts and close questions if you have found the answer helpful
03-25-2013 08:38 AM
I dont think it is possible. You can enable Flexible NetFlow only on the uplink ports of the "network services module". I guess that means, Layer 2 interfaces are not covered. But you can capture Layer 2 switched traffic by applying the monitor to the interface using the command: "ip flow monitor monitor_name layer2-switched input".
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate posts and close questions if you have found the answers helpful.
03-22-2013 12:46 AM
Hi,
You may need to check if you are able to ping 10.10.10.10 device. And if VLAN 5 is UP/UP and access port is properly configured. Trunk allows VLAN 5. And port UDP 9996 is opened and filtered by a firewall.
Sent from Cisco Technical Support iPhone App
03-22-2013 01:31 AM
I do see the flows of few Multicast and NFT can list all interfaces of Switch.
Routing is perfectly fine.
The problem is not with the export - but in creating the flows.
show flow monitor fl-mon cache - doesn't show me any flows cached.
So, need to confirm whether netflow 9 can capture traffic of a L2 interface.
We tried the following config on the interface.
ip flow monitor fl-mon layer2-switched input
ip flow monitor fl-mon layer2-switched output
ip flow monitor fl-mon input
ip flow monitor fl-mon output
03-22-2013 08:56 AM
Flexible NetFlow is supported on the Catalyst 3750-X switch if it is running the IP base or IP Base Services feature set and equipped with the network services module. So, ensure you have the required feature set license.
If you do, add the below commands to your existing flow-record configuration and check.
match ipv4 protocol
match ipv4 tos
match interface input
collect interface output
If this too does not work, check if your flow monitoring tool is expecting any more relevant fields to be exported in the flows.
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate posts and close questions if you have found the answer helpful
03-25-2013 12:02 AM
Will i be able to capture the traffic from L2 interface.
03-25-2013 08:38 AM
I dont think it is possible. You can enable Flexible NetFlow only on the uplink ports of the "network services module". I guess that means, Layer 2 interfaces are not covered. But you can capture Layer 2 switched traffic by applying the monitor to the interface using the command: "ip flow monitor monitor_name layer2-switched input".
Regards,
Don Thomas Jacob
http://www.solarwinds.com/netflow-traffic-analyzer.aspx
NOTE: Please rate posts and close questions if you have found the answers helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide