01-17-2019 02:05 AM - edited 03-08-2019 05:03 PM
Hello,
I want to configure sampled netflow on a L2 3560G Switch and need your help.
My config looks like this:
flow exporter EXPORTER-1 destination 10.10.10.1 source Vlan1 ! ! flow record FLOW-IPv4-L2-RECORD match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input collect transport tcp flags collect interface output collect counter bytes collect counter packets ! ! flow monitor FLOW-MONITOR-1 record FLOW-IPv4-L2-RECORD exporter EXPORTER-1 cache timeout active 60 ! interface vlan 1 ip address 10.10.10.2 255.255.255.0 ! interface GigabitEthernet0/5 switchport access vlan 2 switchport mode access ip flow monitor FLOW-MONITOR-1 input ip flow monitor FLOW-MONITOR-1 output load-interval 30 no cdp enable
But there is no data send to the Destination:
show flow exporter EXPORTER-1 statistics
Flow Exporter EXPORTER-1:
Packet send statistics (last cleared 00:22:41 ago):
Successfully sent: 0 (0 bytes)
Client send statistics:
Client: Flow Monitor FLOW-MONITOR-1
Records added: 0
Bytes added: 0
There is no data in the flow monitor cache:
show flow monitor FLOW-MONITOR-1 cache
Cache type: Normal
Cache size: 4096
Current entries: 0
High Watermark: 0
Flows added: 0
Flows aged: 0
- Active timeout ( 60 secs) 0
- Inactive timeout ( 15 secs) 0
- Event aged 0
- Watermark aged 0
- Emergency aged 0
There are no cache entries to display.
Do you have any idea whats wrong here?
IOS Version is 15.0(2)SE6
Best regards,
Tobias
01-17-2019 02:29 AM - edited 01-17-2019 02:31 AM
Hi
yes you have the flow applied to the layer 2 port it needs to be applied to the vlan interface , if you looking to collect specific stats off netflow on layer 2 port you need to set it up to collect mac stats
Look at this for collecting mac flows in flex netflow
https://www.plixer.com/blog/netflow/getting-mac-addresses-from-netflow-v9/
01-17-2019 03:03 AM
Hi Mark,
thank you for your reply. I want to export data that passes the switch and not data, that is send to or from the switch. So I think the link discribes that what I want.
I updated the flow record but without any improvement.
flow record FLOW-IPv4-L2-RECORD match datalink mac source address input match ipv4 source address match ipv4 source mask collect datalink mac destination address input collect ipv4 id collect ipv4 source prefix collect ipv4 destination address collect ipv4 destination mask collect transport source-port collect transport destination-port collect transport tcp source-port collect transport tcp destination-port collect transport udp source-port collect transport udp destination-port collect interface input collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last
Do you have any additional idea?
Best regards,
Tobias
01-17-2019 03:08 AM
01-17-2019 03:26 AM
Hi Mark,
I just want to export netflow data that is going through one L2 interface and not through the whole switch. How can I specify this, if I apply the flows to the SVI?
In your link from above the flow Monitor is also applied to the relevant Interfaces.
But I gave it a try without any change.
flow exporter EXPORTER-1 destination 10.10.10.1 source Vlan1 ! ! flow record FLOW-IPv4-L2-RECORD match datalink mac source address input match ipv4 source address match ipv4 source mask collect datalink mac destination address input collect ipv4 id collect ipv4 source prefix collect ipv4 destination address collect ipv4 destination mask collect transport source-port collect transport destination-port collect transport tcp source-port collect transport tcp destination-port collect transport udp source-port collect transport udp destination-port collect interface input collect interface output collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last ! ! flow monitor FLOW-MONITOR-1 record FLOW-IPv4-L2-RECORD exporter EXPORTER-1 cache timeout active 60 ! interface GigabitEthernet0/5 switchport access vlan 2 switchport mode access ip flow monitor FLOW-MONITOR-1 input ip flow monitor FLOW-MONITOR-1 output interface vlan1 ip flow monitor FLOW-MONITOR-1 input ip flow monitor FLOW-MONITOR-1 output ip address 10.10.10.2 255.255.255.0
show flow monitor FLOW-MONITOR-1 cache
Cache type: Normal
Cache size: 4096
Current entries: 0
High Watermark: 0
Flows added: 0
Flows aged: 0
- Active timeout ( 60 secs) 0
- Inactive timeout ( 15 secs) 0
- Event aged 0
- Watermark aged 0
- Emergency aged 0
There are no cache entries to display.
show flow exporter EXPORTER-1 statistics
Flow Exporter EXPORTER-1:
Packet send statistics (last cleared 01:45:45 ago):
Successfully sent: 0 (0 bytes)
Client send statistics:
Client: Flow Monitor FLOW-MONITOR-1
Records added: 0
Bytes added: 0
Best regards,
Tobias
01-17-2019 03:41 AM
01-17-2019 04:00 AM
Hi Mark,
I used udp-9995 which seems to be the default and therefore not showing up in the config.
Thanks for the extract. This sounds like that what I want is not supported.
Best regards,
Tobias
01-17-2019 04:13 AM
01-04-2021 06:09 AM
Hello tobiasdreyer ,
I think you should use SPAN instead of Netflow to collect data from L2 Port.
BR,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: