Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
1
Helpful
4
Replies

Netflow doesn't work on old cisco switch

Go to solution
from88
Level 4
Level 4

‎03-30-2023 03:13 AM - edited ‎03-30-2023 03:16 AM

Hello,

Trying to enable Netflow on: WS-C3560X-24 (15.0(2)SE10).

The configuration is like this. Maybe you see anything bad ? It doesn't even populate the cache. My other switches, for examle IOS-XE based works on this configuration. The only difference is that the interface is terminated on Interface vlan 200. Not straight on physical interface.

Also, i noticed that there's configuration on the interface which defines not configured flow monitor, but it starts like this: ip flow egress. What's the goal for that ?

 

 

flow record NETFLOW_IPV4_RECORD
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect counter bytes long
 collect counter packets long

flow exporter NETFLOW_ISP
 destination 152.xxx.xxx.xxx
 source Vlan300
 transport udp 2003
 option interface-table timeout 120
 option exporter-stats timeout 120
 option sampler-table timeout 120

flow monitor ISP_FM
 record NETFLOW_IPV4_RECORD
 exporter NETFLOW_ISP_via_nat
 cache timeout inactive 10
 cache timeout active 10

interface GigabitEthernet1/1
 description ISP#1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 200
 switchport mode trunk
 ip access-group EXTERNAL_IN in
end

interface Vlan200
 description ISP_Nianet_1G
 ip flow monitor ISP_FM input
 ip flow monitor ISP_FM output
 ip address xx.xx.xx.xx 255.255.255.252
 ip access-group EXTERNAL_IN in
 no ip redirects
end

MLS02#show  flow monitor  ISP_FM Cache   
  Cache type:                               Normal
  Cache size:                                  128
  Current entries:                               0
  High Watermark:                                0

  Flows added:                                   0
  Flows aged:                                    0
    - Active timeout      (    10 secs)          0
    - Inactive timeout    (    10 secs)          0
    - Event aged                                 0
    - Watermark aged                             0
    - Emergency aged                             0

There are no cache entries to display. <<<

MLS02#show  flow exporter 
Flow Exporter NETFLOW_ISP_via_nat:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: xx.xx.xx.xx
    Source IP address:      xx.xx.xx.xx
    Source Interface:       Vlan300
    Transport Protocol:     UDP
    Destination Port:       2003
    Source Port:            63395
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used
  Options Configuration:
    interface-table (timeout 120 seconds)
    exporter-stats (timeout 120 seconds)
    sampler-table (timeout 120 seconds)

MLS02#show  flow monitor 
Flow Monitor ISP_FM:
  Description:       User defined
  Flow Record:       NETFLOW_IPV4_RECORD
  Flow Exporter:     NETFLOW
  Cache:
    Type:              normal
    Status:            allocated
    Size:              128 entries / 8708 bytes
  Cache:
    Type:              normal (Platform cache)
    Status:            allocated
    Size:              Unknown
  Timers:
                       Local        Global
    Inactive Timeout:  10 secs
    Active Timeout:    10 secs      1800 secs
    Update Timeout:    1800 secs

MLS02#show  flow record 
flow record NETFLOW_IPV4_RECORD:
  Description:        User defined
  No. of users:       1
  Total field space:  30 bytes
  Fields:
    match ipv4 tos
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    collect counter bytes long
    collect counter packets long

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP
In response to from88

‎03-30-2023 05:37 AM

Yes, that's correct. The Cisco Catalyst 3560X switch does not support NetFlow natively, so you need to install a network services module such as the NME-16ES-1G-P or the SM-ES3G-16-P to enable NetFlow on the switch. Without the network services module, the switch is not able to process NetFlow data and therefore cannot populate the cache.

please do not forget to rate.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
from88
Level 4
Level 4

‎03-30-2023 05:21 AM

i guess the reason is because that switch doesnt have a service module for additional features..

 

#show switch service-modules
Switch/Stack supports service module CPU version: 03.00.80
Temperature CPU
Switch# H/W Status (CPU/FPGA) CPU Link Version
-----------------------------------------------------------------
<no service module in switch>

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP

‎03-30-2023 05:24 AM - edited ‎03-30-2023 05:25 AM

Based on the provided configuration and logs, there are a few things to check and troubleshoot:

Verify that Netflow is supported on your switch model and IOS version. According to Cisco's documentation, NetFlow is supported on the WS-C3560X-24 with IOS 15.0(2)SE or later.

Check that the interface Vlan200 is up and has traffic flowing through it. Netflow will only populate the cache if there is traffic flowing through the monitored interface.

Ensure that the IP addresses and port numbers used in the flow exporter configuration are correct and reachable.

Check the access-lists used in the configuration and ensure that they are allowing the desired traffic to flow through the monitored interface.

Ensure that the flow monitor is correctly associated with the monitored interface, by checking the output of the "show ip interface <interface>" command.

Check if there are any errors or issues with the flow monitor by running the "show flow monitor <monitor-name> statistics" command.

Consider configuring the "ip flow ingress" command on the monitored interface to capture traffic that is received on the interface.
Regarding the "ip flow egress" command on the interface, this command specifies that Netflow should monitor egress traffic (traffic leaving the interface), and it is typically used in combination with the "ip flow ingress" command to capture both ingress and egress traffic.

Try troubleshooting these steps and see if it resolves the issue.

 

please do not forget to rate.

Go to solution
from88
Level 4
Level 4
In response to Sheraz.Salim

‎03-30-2023 05:29 AM

Thank you, i guess the main reason is mentioned above - lack of network services module.. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to from88

‎03-30-2023 05:37 AM

Yes, that's correct. The Cisco Catalyst 3560X switch does not support NetFlow natively, so you need to install a network services module such as the NME-16ES-1G-P or the SM-ES3G-16-P to enable NetFlow on the switch. Without the network services module, the switch is not able to process NetFlow data and therefore cannot populate the cache.

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card