Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
0
Helpful
3
Replies

Netflow Configurations

julito4589
Level 1
Level 1

‎03-15-2016 04:07 PM - edited ‎03-08-2019 04:58 AM

Hi,

I'm trying to configure Netflow on a Cisco 3925 runing IOS  Version 15.0(1r)M8.

These are the Netflow commands I'm using

flow record NFRECORD
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
match transport source-port
match transport destintation-port
match ipv4 tos
match interface input
collect interface output
collect counter bytes
collect counter packets


flow exporter NFEXPORT
destination x.x.x.x
transport udp 9991
export-protocol netflow-v9
source gigabitEthernet 0/0


flow monitor NFMONITOR
record NTARecord
exporter NTAExport
cache timeout active 60
cache timeout inactive 15

int gig 0/0
ip flow monitor NFMONITOR input

And here's how I'm associating them with each interface

int g0/0

 ip flow monitor NFMONITOR input
 ip flow egress

int g0/1

ip flow monitor NFMONITOR input
ip flow ingress

int g0/2

ip flow monitor NFMONITOR input
ip flow ingress

Interface g0/0 is on the LAN. The other two are WAN interfaces.

When I check the cache, I get a message that there are no cache entries. What am I missing?

Tower_3925_1#sh flow monitor NFMONITOR cache
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                               0
  High Watermark:                                0

  Flows added:                                   0
  Flows aged:                                    0
    - Active timeout      (    60 secs)          0
    - Inactive timeout    (    15 secs)          0
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

There are no cache entries to display.

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎03-15-2016 04:36 PM

Perhaps I am confused and missed something in your post. But it seems inconsistent to configure this

flow monitor NFMONITOR
record NTARecord
exporter NTAExport

when your configuration calls the record NFRECORD and calls the exporter NFEXPORT

HTH

Rick

HTH

Rick
0 Helpful

julito4589
Level 1
Level 1
In response to Richard Burts

‎03-15-2016 05:40 PM

Sorry for the inconsistent info. I probably attempted to change the names in the post. Here's the output from the device

Tower_3925_1#sh flow exporter
Flow Exporter NTAEXPORT:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: x.x.x.x
    Source IP address:      y.y.y.y
    Source Interface:       GigabitEthernet0/0
    Transport Protocol:     UDP
    Destination Port:       9991
    Source Port:            59315
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used


Tower_3925_1#sh flow moni
Tower_3925_1#sh flow monitor
Flow Monitor NTAMONITOR:
  Description:       User defined
  Flow Record:       NTARECORD
  Flow Exporter:     NTAEXPORT
  Cache:
    Type:              normal
    Status:            allocated
    Size:              4096 entries / 262160 bytes
    Inactive Timeout:  15 secs
    Active Timeout:    60 secs
    Update Timeout:    1800 secs


Tower_3925_1#sh flow reco
Tower_3925_1#sh flow record
flow record NTARECORD:
  Description:        User defined
  No. of users:       1
  Total field space:  30 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    match interface input
    collect interface output
    collect counter bytes
    collect counter packets

Tower_3925_1#sh flow int
Tower_3925_1#sh flow interface
Interface GigabitEthernet0/0
  FNF:  monitor:          NTAMONITOR
        direction:        Input
        traffic(ip):      on
Interface GigabitEthernet0/1
  FNF:  monitor:          NTAMONITOR
        direction:        Input
        traffic(ip):      on
Interface GigabitEthernet0/2
  FNF:  monitor:          NTAMONITOR
        direction:        Input
        traffic(ip):      on

And here is the input from the monitor

Tower_3925_1#sh flow monitor NTAMONITOR cache
  Cache type:                               Normal
  Cache size:                                 4096
  Current entries:                               0
  High Watermark:                                0

  Flows added:                                   0
  Flows aged:                                    0
    - Active timeout      (    60 secs)          0
    - Inactive timeout    (    15 secs)          0
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

There are no cache entries to display.

(Edit: added output of monitor)

0 Helpful

julito4589
Level 1
Level 1

‎03-16-2016 12:26 PM

Does anyone have any input on this? Is the IOS I'm running an issue?

I tried a simpler config below, and my cache still shows empty

ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export version 5
ip flow-export destination x.x.x.x 9991
ip flow-top-talkers
 top 20
 sort-by bytes
 cache-timeout 1

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card