06-29-2009 08:41 AM - edited 03-06-2019 06:30 AM
Hi,
I'm trying to configure Netflow on 2 router interfaces. I configure the first one, but when I add the commands to configure the second one the command for the first one dissapears. This is the configuration:
!
Interface Fastethernet0/0
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip access-group 14 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
load-interval 30
duplex auto
spped auto
!
Interface Vlan1
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
load-interval 30
!
ip flow-export destination 192.168.4.101 9996
ip flow-export source FastEthernet 0/0
ip flow-export version 5
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
snmp-server ifindex persist
With this configuration I can see Interface Fa0/0 but when I add:
ip flow-export source Vlan1
dessapears:
ip flow-export source FastEthernet 0/0
Is it possible to see both interfaces 'Active' on Netflow Analyzer at a time?
Thanks in advance
06-29-2009 08:50 AM
They are active as soon as you have 'ip route-cache flow' under the interface.
The command you are questioning, it's just changing the source interface that is going to be used to send this information to the collector.
If you don't enter any 'ip flow-export source' it will use the interface that is closest to the NetFlow collector. By entering the command, you are forcing the source to be X interface which is useful if you have FWs in the transit path and just want to allow that IP address in the rules.
HTH,
__
Edison.
06-29-2009 08:54 AM
But if so you can only send traffic from one interface to the collector at a time, is that correct?
06-29-2009 08:58 AM
No, that's not correct.
Per your configuration, both interfaces are collecting NetFlow traffic and storing that information to a local NetFlow database.
After a certain amount of traffic is collected locally, this information is sent to the NetFlow collector and when sending this information to the NetFlow collector an interface will be used. The interface is specified with the command in question. The command is optional and NetFlow will work without it unless you have FWs in the transit path that expect traffic from X sources.
In short, you can send 'NetFlow Information' from a specified interface but all interfaces with 'ip route-cache flow' will be reporting to this collector.
06-29-2009 09:06 AM
Marian
While the answer from Edison is essentially correct I can see that it could be slightly confusing to those who do not already understand what IOS is doing. I would suggest that a slight change in his response would be less confusing. Edison says:"it's just changing the source interface that is going to be used to send this information to the collector." Actually what is specified is not what interface to use but is specifying what source address is to be used in the NetFlow packet. It is quite possible for Cisco to use the address of FastE0/0 and to send the packet out the interface FastE0/1.
So the command that you question is not specifying what interface to use and is specifying what source address to use.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide