I've got an issue with SNMP and netflow tools. They are displaying different data for the same (sub)interfaces.I've got metroethernet link which connects root A (Cisco 7606, 12.2(18)SXF8) and root B (Cisco 2811, 12.3(11)TS). MPLS is configured on the link (behind root B there is no more MPLS). I'm attaching root configurations (I've ommited parts of config).Interfaces are:
Root A - gi2/6.2144 Root B - fa0/1
I've configured SNMP and netflow on both devices. I'm using two SNMP tools (CA Spectrum and eHealth) and two netflow tools (CA NetQoS Reporter Analyzer and Fluke Networks NetFlow Tracker) to collect the data. SNMP tools show the same info for defined (sub)interface.Netflow tools also show the same info for defined (sub)interface. I'm attaching reports from one SNMP tool and one netflow tool for the same time period.
1. Looking at SNMP tool, it can be seen quite amount of that data in both in and out direction. 2. Looking at netflow tool, it can be seen quite amount of that data in out direction, while in direction shows small amount of data.
I'm aware that Cisco has difficulties with SNMP counters on subinterfaces. I'm also aware that MPLS netflow has its own difficulties.Root B netflow configuration is quite simple as it has just 2 interfaces to configure netflow on (Fa0/0 and Fa0/1). So I would guess SNMP and netflow data should match, but they don't. When you look at SNMP tool reports for roots A and B, it can be seen that traffic volume is practically mirrored.
I have a SR520 just deployed at a remote site with Internet Access.
Working Environment: Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.
Non-Working: I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security. I am not able to get my netflow traffic out. VPN is up and running. Internet is a dialer0 interface. I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.
Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP. The Destination ip is the same too (through the VPN tunnel).
I am trying to figure out the Flexible Net-flow on Cat 4510R+E Switch running IOS-XE code. My Neflow flow software is manageengine 7.X. I am able to see the netflow interfaces but the traffic itself is not displayed. On the Switch I can see the netflow exporter statistics counter being incremented thereby confirming as being exported.
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
I have 4506 with below sup, my requirement is to enable netfolw , but as i came to know that it is not supported in this sup, is there any additional option which can be explored to get the netflow working without replacing sup.
Card Type Model -------------------------------------------------------------+----------------------- Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E
Ive tried to configure NetFlow on layer 2 without success. I configured the recondmonitorexporter like the configuration guide said. but still i dont receive any netflow traffic. I checked the firewall on the VM and it looks fine.
i have done the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.
I have a 3750E stackable swtch and I need to configure neflow on it. Are there any IOS versions that support netflow on the 3750E? Is there any possible to configure netflow on a 3750E? I do not see any netflow commands available on the switch?
I have customer that we have configured netflow on the 2821 router that their traffic is on. Currently the company they have contracted with for the analysis is seeing data duplication. Below is the configuration for the interface and the router
interface GigabitEthernet0/0 description TVC-FI-Ethernet-Fiber-Ethernet link ip address 22.214.171.124 255.255.255.248 secondary ip address 192.168.5.1 255.255.255.0 secondary ip address 126.96.36.199 255.255.255.128 secondary
I'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.Will Netflow still work in that scenario?
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export Flow export v5 is enabled for main cache Export source and destination details : VRF ID : Default Source(1) xxx.xxx.83.253 (Unknown)
I have a router cisco 3825, it is configured with netflow for monitoring traffic with WhatsUpGold, but I can't monitor this router I don't know what is the problem.Device: Router Cisco 3825 IOS: C3825-ADVENTERPRISEK9-M 12.4. [code]
I have a switch4500 12.2 and a router 2801 IOS 15.1 and this device work well with the WhatsUp but these devices have the same configuration.I see diferents ouputs when I use show ip flow export, this output is for a router that work well with WhatsUp. [code]
I am working with a Catalyst 4503-E with a Sup7-E. I'm trying to enable Netflow, and I have read the following guides: Catalyst 4500 Series Switch SW Configuration Guide, Release IOS ...
I have also enabled Netflow in IOS 12.1/12.2 and figured the process was similar (It seems to be). CEF is enabled, and I have all the pre-reqs according to the document above, however, the flow commands don't exist, they simply say "command unrecognized". I have included my sh version below.
sh version (edited): Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)
I've already found this kinds of cases, in this community. So, It seems that Changing the current configuration to 'mls aging fast threshold ## time ## ' is most suitable in our situation.But, I don't know how to calculate the apt threshold value and time value.
 sh run | in mls mls ip multicast flow-stat-timer 9 mls flow ip interface-full no mls flow ipv6 no mls acl tcam share-global mls cef error action freeze
Is it possible to have one netflow export profile (may not be the right word...) to send all the flow information to one collector and another profile to only send traffic to and from centain IP addresses to another collector? If it is possible on the hardware and software, any quick sample config?
#sh ver Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH4,
#sho module 7 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 7 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1115LJBR
Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 7 0017.9444.9814 to 0017.9444.9817 5.3 8.4(2) 12.2(33)SXH4 Ok
Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 7 Policy Feature Card 3 WS-F6K-PFC3B SAL1115L2NH 2.3 Ok 7 MSFC3 Daughterboard WS-SUP720 SAL1115LH7W 2.6 Ok
Mod Online Diag Status ---- ------------------- 7 Pass
I want to choose a pair of switches for our data center.What I need: 48 x 1GE access ports, 2 x 10GE uplink ports.Nice feature of 3750-X is stacking. So what features has 4948-10GE? Why I should prefer that switch?
Basically I have netflow which i'm trying to use to export to a netflow collector. I'm pretty sure that the 3750-X does support netflow. I've recently updated IOS on the 3750-X to support flexi netflow.For some reason the netflow packets are not being exported to the server. I'm using Opmanager which should present the netflow stats in the form of a graph. I'm using a universal IOS image. (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2 3750-X WS-C3750X-24T-S
I am aware that the 3750 switches are not able to support Netflows, so I have created a SPAN port and spanning traffic from a specific port. I would like to create a seperate VLAN and trunk the traffic from the SPAN port down to the 6509 switch and then capture all the traffic for that VLAN on the 6509.
I'm trying to configure a egress netflow in a 6500 (VSS) with VS-S720-10G supervisor. I foud some old posts and understood that netflow wasn't supported on 6500 but i found a new document and it seems that netflow is supported in Supervisor Engine 2T:[URL] Does the netflow still not supported in VS-S720-10G? It's weird because the command is supported:
#sh run int vlan 4 Building configuration... Current configuration : 353 bytes ! interface Vlan4 ip address X.X.X.X 255.255.0.0