cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1117
Views
0
Helpful
4
Replies

Netflow Configuration on L3 link for 3850

John.Barbour
Level 1
Level 1

Here is my current configuration for Netflow on my 3850. My question is posted at the bottom.

flow record FNF-input:
  Description:        IPv4 NetFlow
  No. of users:       0
  Total field space:  56 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    match interface input
    match flow direction
    collect transport tcp flags
    collect interface output
    collect counter bytes long
    collect counter packets long
    collect timestamp absolute first
    collect timestamp absolute last

flow record FNF-output:
  Description:        IPv4 NetFlow
  No. of users:       0
  Total field space:  58 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    match interface output
    match flow direction
    match datalink vlan output
    collect transport tcp flags
    collect interface input
    collect counter bytes long
    collect counter packets long
    collect timestamp absolute first
    collect timestamp absolute last

Flow Exporter Solarwinds:
  Description:              Export to Solarwinds
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 10.1.1.109
    Source IP address:      10.1.41.1
    Source Interface:       Vlan141
    Transport Protocol:     UDP
    Destination Port:       2055
    Source Port:            54461
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Used

Flow Monitor Solarwinds_Mon_Input:
  Description:       IPv4 FNF ingress exports
  Flow Record:       FNF-input
  Flow Exporter:     Solarwinds
  Cache:
    Type:              normal (Platform cache)
    Status:            allocated
    Size:              Unknown
    Inactive Timeout:  15 secs
    Active Timeout:    60 secs
    Update Timeout:    1800 secs

Flow Monitor Solarwinds_Mon_Output:
  Description:       IPv4 FNF egress exports
  Flow Record:       FNF-output
  Flow Exporter:     Solarwinds
  Cache:
    Type:              normal (Platform cache)
    Status:            allocated
    Size:              Unknown
    Inactive Timeout:  15 secs
    Active Timeout:    60 secs
    Update Timeout:    1800 secs

!
interface GigabitEthernet1/1/1
 description Uplink-6509VSS-1
 no switchport
 ip flow monitor Solarwinds_Mon_Input input
 ip flow monitor Solarwinds_Mon_Output output
 no ip address
 channel-group 1 mode active

CH-3850-Floor4#sho flow monitor Solarwinds_Mon_Input cache
  Cache type:                               Normal (Platform cache)
  Cache size:                              Unknown
  Current entries:                               0

  Flows added:                                   0
  Flows aged:                                    0

There are no cache entries to display.

CH-3850-Floor4#sho flow monitor Solarwinds_Mon_Output cache
  Cache type:                               Normal (Platform cache)
  Cache size:                              Unknown
  Current entries:                               0

  Flows added:                                   0
  Flows aged:                                    0

There are no cache entries to display.

With this configuration, I am not seeing anything on my Orion Server for NTA traffic. Am I missing something?

4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

Hi

Yes you have applied a layer 3 netflow setup to layer 2 port , this kind of flow needs to go on the ip interface or it wont pull anything

this is layer 2 netflow if that's what you require --match datalink

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_3850_cg_chapter_010.html

Hi mark,

could you provide the detailed info...

Hi

I don't understand the question ? detailed info on what exactly ?

I put it on this link because it is the link back to the MDF. It is a vss connection to the MDF via etherchannel. I cannot put the config on the etherchannel link itself. example.

ip flow monitor Solarwinds_Mon_Input input
 ip flow monitor Solarwinds_Mon_Output output

I have tried putting the netflow config on the interface vlan as well, and I still get no information from SolarWinds. I do see netflow cache on the switch though.

I hope this helps.

Review Cisco Networking for a $25 gift card