10-01-2013 07:51 PM - edited 03-07-2019 03:47 PM
Just wondering if anyone has configured netflow on 3850 switch?
We have a client running stack of 2 3850 switches with Whats up Gold v 16.01
For some reason WUG is unable to Receive netflow stats from the switch. I have uploaded new MIBS and at this point not sure if the problem is on switch or monitoring tool itself.
Netflow on WUG works fine for other network devicesd such as 2821 and 6500
Configuration is below
flow record RECORD-1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match interface output
collect transport tcp flags
collect interface input
collect counter bytes long
collect counter packets long
collect timestamp absolute first
!
!
flow record RECORD-INPUT
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match interface input
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp absolute first
!
!
flow exporter EXPORT-WUG
destination X.X.X.X
source Loopback0
transport udp 9999
option interface-table timeout 30
option exporter-stats timeout 30
!
!
flow monitor MONITOR-UPLINK
exporter EXPORT-WUG
record RECORD-1
!
!
flow monitor MONITOR-INPUT
exporter EXPORT-WUG
record RECORD-INPUT
interface GigabitEthernet1/0/23
ip address x.x.x.x 255.255.255.252
no switchport
ip flow monitor MONITOR-INPUT input
ip flow monitor MONITOR-UPLINK output
10-02-2013 01:50 AM
Hello,
I compared your configuration to the setup shown in this video and found some entries missing:
http://www.youtube.com/watch?v=g4x8rLB-OMQ
flow record RECORD-1 (RECORD-INPUT)
! below is optional
match ipv4 tos
! below could very well be necessary
match transport source-port
match transport destination-port
! below (NBAR) is great for layer 7 visibility.
match application name
! MAC addresses are helpful sometimes
collect datalink mac source address input
collect datalink mac destination address input
! necessary depending on the collector.
! i noticed your different records are collecting ingress/egress
collect flow direction
flow exporter EXPORT-WUG
! below tells how often the v9 template is exported in seconds
tempate data timout 60
! below is necessary for NBAR support
option application-table
flow monitor MONITOR-UPLINK
! below sends a template to the collector every 60 seconds
! definately helpful if changes are made to the FnF config
cache active timeout 60
Please vote on my post if the above helps. Here is a great blog that talks about the Catalyst 3850 NetFlow capabilities.
10-14-2013 10:07 PM
Thanks Jake,
It end up working with my configuration, What i need was patience and allow our monitoring tool to collect data before it could display. Anyhow very well pointed things in your response specially regarding NBAR. I will try to configure that for us.
Cheers.
10-17-2017 12:26 PM
Hi niterid3r
I am trying to setup the exact same thing and I am wondering if you put an IP address on your loopback interface? Also are you only getting Netflow from one interface on the switch or all of the interfaces? Any help would be greatly appreciated.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide