Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
2
Replies

netflow on SR520

ksrimoungchanh
Level 1
Level 1

‎03-19-2013 12:57 PM - edited ‎03-07-2019 12:21 PM

Hello All,

I have a SR520 just deployed at a remote site with Internet Access.

Working Environment:

Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.

Non-Working:

I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security.  I am not able to get my netflow traffic out.  VPN is up and running.  Internet is a dialer0 interface.  I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.

Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP.  The Destination ip is the same too (through the VPN tunnel).

Snipped:

flow exporter prtg

destination x.x.x.x

source Vlan75

output-features

transport udp 9996

template data timeout 60

flow monitor default-export

record netflow-original

cache timeout active 60

ip flow-cache timeout active 1

ip flow-export source Vlan75

ip flow-export version 5

------------------------------------

sho flow interface

Interface Dialer0

  FNF:  monitor:         default-export

        direction:       Output

        traffic(ip):     on

Interface Vlan75

  FNF:  monitor:         default-export

        direction:       Input

        traffic(ip):     on

-----------------------------------

sho flow exporter

Flow Exporter prtg:

  Description:              User defined

  Tranport Configuration:

    Destination IP address: x.x.x.x (correct IP)

    Source IP address:      x.x.x.x (correct IP)

    Source Interface:       Vlan75

    Transport Protocol:     UDP

    Destination Port:       9996

    Source Port:            60313

    DSCP:                   0x0

    TTL:                    255

    Output Features:        Used

-----------------------------------------

sho flow monitor

Flow Monitor default-export:

  Description:       User defined

  Flow Record:       netflow-original

  Cache:

    Type:              normal

    Status:            allocated

    Size:              4096 entries / 311316 bytes

    Inactive Timeout:  15 secs

    Active Timeout:    60 secs

    Update Timeout:    1800 secs

Any guidance?

Thanks in advance..

Labels:
0 Helpful
2 Replies 2

ksrimoungchanh
Level 1
Level 1

‎03-26-2013 01:49 PM

Update..

I have netflow going, but it keeps sending out V.9.   even with the following:

ip flow-export source Vlan75

ip flow-export version 5

ip flow-export destination x.x.x.x 9996..

I created a flow monitor and a ip exporter and attached to the interface.. when I check via wireshark, i only see version 9 coming in.

I want to only do V5 for now.

Regards,

KS

0 Helpful

jakewilson
Level 1
Level 1

‎03-28-2013 10:57 AM

Try completely removing the flow exporter then configure NetFlow v5. If this doesn't work, verify with PRTG that the version you are running supports NetFlow v9. 

There could be some NetFlow element in the V9 export that PRTG doesn't like.  Use Flexible NetFlow to export a very generic NetFlow export that resembles v5.  

Step 1:

flow record netflowv5

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match ipv4 protocol

match ipv4 tos

match interface input

collect interface output

collect xxxxxxx

collect xxxxxxx

etc. etc.

Other than the template architecture of v9, the export should resemble v5.  I hope this helps. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card