cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2295
Views
5
Helpful
4
Replies

NetFlow Lite Configuration Cisco IOS Release 15.2(2)E6 (Catalyst 2960-X Switch)

Edward.B
Level 1
Level 1

Para habilitar NetFlow Lite en un switch 2960-X se requiere habilitar algo adicional a configurar el Flow Record, Flow Exporter, Flow Monitor, Flow Sampler y aplicar el Flow Monitor and Sampler sobre la SVI?

 

Tengo todo lo anterior configurado pero no recibo flujos en el StealthWatch.

 

SW2_PRUEBA_ISE#show sampler
Sampler FLOW-SAMPLER-1:
ID: 2608974056
export ID: 6
Description: User defined
Type: random
Rate: 1 out of 100
Samples: 0
Requests: 0
Users (2):
flow monitor FLOW-MONITOR-1 (ip,Vl9,Input) 0 out of 0
flow monitor FLOW-MONITOR-1 (ip,Gi1/0/48,Input) 0 out of 0

 

El servidor StealthWatch y el switch están localmente no hay un firewall intermedio.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

As per your configuration Vlan9 is SVI but no IP address ? in the switch all the traffic use vlan 9 ?

 

look at the below guide for reference. 

https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/netflow/config-trouble-netflow-stealth.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

As per your configuration Vlan9 is SVI but no IP address ?

he realizado la prueba sin IP y configurándole IP.

in the switch all the traffic use vlan 9 ?

La vlan 9 corresponde a Datos, un 80% del trafico es generado por este segmento.

 

Estuve revisando la guía compartida

Netflow configuration on a Cisco device consists of four steps:

  • Define a Flow Record
  • Configure a Flow Exporter
  • Configure a Flow Monitor
  • Apply the Flow Monitor on an interface

 

El paso #4 lo realice en mis equipos de L3 (RT), donde no tengo ningún problema, pero en los L2 (SW) al intentar aplicar el Flow monitor sobre la SVI o interface; me pide asociar el flow monitor a un sampler:

 

SW2_PRUEBA_ISE(config-if)#ip flow monitor FLOW-MONITOR-1 input

% Flow Monitor: Flow Monitor 'FLOW-MONITOR-1' couldn't be added. Please associate a sampler with the monitor

 

Atualmente:

interface Vlan9

 ip flow monitor FLOW-MONITOR-1 sampler FLOW-SAMPLER-1 input

 ip address 192.168.88.252 255.255.255.0

 no ip route-cache

end

If it english i can able to help you.

 

or wait for any local person understand to help you here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ok,

As per your configuration Vlan9 is SVI but no IP address?

I have done the test without IP and configuring IP.

in the switch to the traffic use vlan 9?

Vlan 9 corresponds to Data, 80% of the traffic is generated by this segment.

 

I was reviewing the shared guide

Netflow configuration on a Cisco device consists of four steps:

Define Flow Record
Configure Flow Exporter
Configure Flow Monitor
Apply the Flow Monitor on an interface
 

Step # 4, i did it on my L3 (RT) equipment, where I have no problem, but on the L2 (SW) when trying to apply the Flow monitor on the SVI or interface; asks me to associate the flow monitor with a sampler:

 

SW2_PRUEBA_ISE (config-if) #ip flow monitor FLOW-MONITOR-1 input

% Flow Monitor: Flow Monitor 'FLOW-MONITOR-1' could not be added. Please associate a sampler with the monitor

 

at present:

Vlan9 interface

 ip flow monitor FLOW-MONITOR-1 sampler FLOW-SAMPLER-1 input

 ip address 192.168.88.252 255.255.255.0

 no ip route-cache