Hey Martin,I looked up for

soliver2005 · ‎10-25-2011

Hi,

I have a pair of Cisco 6504's with Sup-720's running 12.2(33)SXH4. I have set up my devices to export netflow records via a VRF which is working but I am only seeing flows for traffic that is software switched by the 6500. All hardware switched traffic appears to show locally on the box but isn't being exported to my netflow collector.

I have seen a view postings online describing similar issues but none of them identify whether there is a solution. Below is an extract of the configuration I have deployed. Any help would be appreciated.

ip flow ingress layer2-switched vlan 480,2601

mls aging fast time 16
mls aging long 64
mls aging normal 64
mls netflow interface
mls flow ip interface-full
no mls flow ipv6
mls nde sender

ip flow-export source Vlan607
ip flow-export version 9
ip flow-export destination 10.20.14.193 2055 vrf Inside

Regards

Stuart

Martin Konov · ‎09-04-2014

Hello Stuart,

Did you find the solution? Please let us know thanks

Rajeev Sharma · ‎09-04-2014

Hey Martin,

I looked up for this issue and would need more information. Do you have L3 interfaces with IP address for vlan for layer 2 vlans?

As I came across a bug for this type of issue, its an external bug CSCsa66683 and you may view it on bug tool kit available at https://tools.cisco.com/bugsearch/bug/CSCsa66683. You would need CCO for accessing this information.

HTH.

Regards,

RS.

Martin Konov · ‎09-04-2014

Hello Rajeevsh,

Thank you for your post!

According to the question I can confirm that I have SVI (ip address) my L2 VLAN and there I have configured

interface Vlan200
description Layer-3 interface Intranet VRF
ip vrf forwarding Intranet
ip address X.x.x.x X.x.x.x

ip flow ingress
standby 10 ip X.X.X.X
standby 10 priority 255
standby 10 preempt

ip flow-export source Loopback2
ip flow-export version 5
ip flow-export destination Y.Y.Y.Y 3000 vrf Intranet

interface Loopback2
ip vrf forwarding Intranet
ip address X.X.X.X 255.255.255.255

I have tried to use interface VLAN200 as a source as well but the result was the same only HSRP traffic was visible at Cisco NAM. Really strange.

I noticed some issue with VRF export functionality but I am not sure if it is exactly my case :

https://supportforums.cisco.com/discussion/10780506/netflow-vrf-export

Rajeev Sharma · ‎09-05-2014

Hey Martin,

Did you add "ip flow ingress layer2-switched vlan 200" as well in the configuration.

Regards,
RS.

Martin Konov · ‎09-06-2014

Sure, I have it

ip flow ingress layer2-switched vlan 200

Martin Konov · ‎09-15-2014

Dear all,

It looks that my current version 12.2(33)SXH4 doesn't support feature called :

Netflow Data Export to a Collector in a VRF

This feature enables export of netflow data to a destination whose route is in a virtual routing table other than the global table.This allows administrators to set up multiple different destinations on different VRFs for their netflow data export. This is ideal when there are different destinations per VRF.

I do think that should be the correct answer to that issue

Rajeev Sharma · ‎09-04-2014

Hey Stuart,

I looked up for this issue and would need more information. Do you have L3 interfaces with IP address for vlan 480 and 2601?

As I came across a bug for this type of issue, its an external bug CSCsa66683 and you may view it on bug tool kit available at https://tools.cisco.com/bugsearch/bug/CSCsa66683. You would need CCO for accessing this information.

HTH.

Regards,

RS.

Netflow Export with VRF Lite