10-16-2019 12:08 PM
Good day all - please see what i used to attempt to gather netflow from a switch; my question here is - why do i see traffic from all my other branches from this one location?
flow record record1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter export1
destination 172.24.5.25
transport udp 2055
template data timeout 60
!
!
flow monitor monitor1
exporter export1
cache timeout inactive 120
cache timeout active 300
record record1
Solved! Go to Solution.
10-17-2019 07:58 AM
10-17-2019 09:38 AM
10-16-2019 12:53 PM
10-16-2019 02:26 PM
yes an no - its a weird design, all branches connect to MPLS service provider (CE) using access port, so in theory yes. I was under the impression this would not work since it's a layer 3 service but i guess not. not as great as running on router but every bit counts.
MR.
10-17-2019 06:03 AM
Hi there here is the conifg; applied to vlan 1 - still seeing traffic from multiple locations, normal?
interface Vlan1
description old-data
ip flow monitor monitor1 sampler SampleTest input
ip address 192.168.3.9 255.255.255.0
no ip redirects
end
10-17-2019 07:58 AM
10-17-2019 08:40 AM
Thanks for the info Jaderson - its working fine now, after some research i notice that some of the other locations were also using the same UDP port (go figure....always over look easy!) i made changes and added some of your suggestions.
thanks.
10-17-2019 09:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide