Cisco Switching/Routing :: NetFlow / 6500 / Export Packets Were Dropped Due To No Fib?
Mar 13, 2012
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) xxx.xxx.83.253 (Unknown)
[code]....
View 7 Replies
ADVERTISEMENT
Mar 7, 2012
I am using a Thrid party NetFlow tool, Enabled NetFlow on the Cisco 6500 as per recommendations and getting only half amout of traffic passing thorugh the interfaces. I have verified with 3 different NetFlow based tools, everything showing the same value. Is there any bug in my Cisco 6500.
View 2 Replies
View Related
Nov 3, 2011
To enable netflow export on ASR1001, do i need the firewall feaure license or not ?Docs are not really clear, NBAR requires FW license, but i am unsure about Netflow?
View 1 Replies
View Related
Aug 28, 2012
Is it possible to have one netflow export profile (may not be the right word...) to send all the flow information to one collector and another profile to only send traffic to and from centain IP addresses to another collector? If it is possible on the hardware and software, any quick sample config?
#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH4,
#sho module 7
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
7 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1115LJBR
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
7 0017.9444.9814 to 0017.9444.9817 5.3 8.4(2) 12.2(33)SXH4 Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ ----------- ------- -------
7 Policy Feature Card 3 WS-F6K-PFC3B SAL1115L2NH 2.3 Ok
7 MSFC3 Daughterboard WS-SUP720 SAL1115LH7W 2.6 Ok
Mod Online Diag Status
---- -------------------
7 Pass
View 2 Replies
View Related
Jul 23, 2012
router 7200 (12.2(33)SRE1)
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
[code]...
View 2 Replies
View Related
Oct 31, 2011
i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3. on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets. can i do this on this 3825 another way
View 1 Replies
View Related
Mar 13, 2012
On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
what traffic is dropped by the policy ? Is there any logging possible ?
View 2 Replies
View Related
Feb 5, 2012
Basically I have netflow which i'm trying to use to export to a netflow collector. I'm pretty sure that the 3750-X does support netflow. I've recently updated IOS on the 3750-X to support flexi netflow.For some reason the netflow packets are not being exported to the server. I'm using Opmanager which should present the netflow stats in the form of a graph. I'm using a universal IOS image. (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2 3750-X WS-C3750X-24T-S
View 12 Replies
View Related
Jun 9, 2013
I'm trying to configure a egress netflow in a 6500 (VSS) with VS-S720-10G supervisor. I foud some old posts and understood that netflow wasn't supported on 6500 but i found a new document and it seems that netflow is supported in Supervisor Engine 2T:[URL] Does the netflow still not supported in VS-S720-10G? It's weird because the command is supported:
#sh run int vlan 4
Building configuration...
Current configuration : 353 bytes
!
interface Vlan4
ip address X.X.X.X 255.255.0.0
[cod]....
View 1 Replies
View Related
Nov 27, 2011
We are getting log messages like
%EARL-DFC4-4-NF_USAGE: Current Netflow Table Utilization is 95%
%EARL-DFC4-4-NF_USAGE: Current Netflow Table Utilization is 99%
What this messages really means and how to get rid of these messages. We are using IOS version 12.2(33)SXJ in Catalyst 6500.
View 3 Replies
View Related
May 31, 2012
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
View 1 Replies
View Related
Apr 17, 2012
i have several cisco 6500 switches, and user switched connected to them.in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.
now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.
But i can see other unicast traffic with different source/destination mac than mine.It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP.
View 4 Replies
View Related
Mar 21, 2013
I have three ASA5505, two firewalls connected to central VPN hub. the central inside network is 192.168.0.0/24,Network A is 192.168.1.0/24,Network B is 192.168.2.0/24,In one of this site (central), I have server with NetFlow collector.,I will collect the traffic information from all ASA at the my one serverCan I configure source IP address (or source interface - inside) for NetFlow packet, originate from ASA? (for example from site A)If it is not possible I think, I can rewrite my access lists and permit udp traffic from outside interface to server IP like this:access-list VPNACL permit udp host <Outside IP site A> host <Inside IP the Server> eq 9996,But I do not understand, what port I must be use in access list on Central site ASA. ,access-list VPNACL_A permit udp host <Inside IP the Server> host <Outside IP site A> eq 9996 ? or, in this place, must be source port in the udp netflow packet?
View 2 Replies
View Related
Mar 13, 2012
Any major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
View 2 Replies
View Related
Aug 20, 2012
I am using WAP4410N access point to connect 5 computer to the network. Recently the wireless network is very bad; pakets are often being droped, very high reply times. I have upgraded to the latest firmware tried to change configuration with no use i even tried the default configuration. I assumed that there's interference. I tried another AP ( linksys one) and things seems to be okay. what would be the problem with AP?
View 4 Replies
View Related
Apr 27, 2013
I am truly struggling with the changes after 8.21. I am trying to get a VPN up between two sites. This is the B end, I am sure there are a bunch of problems in the other end too. Eg. the tunnel NAT does not have the right priority 1.when I establish the tunnel I get this:
3 Sep 01 2008 11:23:37 Tunnel Manager has failed to establish an L2L SA. All configured IKE versions failed to establish the tunnel. Map Tag= outside_map. Map Sequence Number = 1.
# packet-tracer input inside tcp 10.2.32.11 80 10.1.1.10 80
Phase: 1
Type: ACCESS-LIST
Subtype:
[code]....
View 1 Replies
View Related
Jun 9, 2013
I happen to noticed the FWSM was dropping packets at about 387 packets every 5 minutes. My outside FWSM is WAN facing and has a 1gig link (35% utilized) my inside facing has about 100 downstream switches to the closets. I do not see my 6509's back plane is being over utilized and my understanding of the FWSM show be go for 5 gig so it isn't oversubscribe. Why i am seeing packets dropped?
[Code] ......
View 2 Replies
View Related
Jul 11, 2012
I have P router (7206VXR) and I need to export netflow from its MPLS interfaces to the netflow software.
View 2 Replies
View Related
Jan 27, 2012
I notice that I have TX Packets Dropped only under the wireless section.This occurs when the wireless network is not in use also.I have tried many different channels, almost all of them.Im using wpa2-tkip+aes, mixed g and n network, auto 20/40, wps disabled.I understand about wireless interference also.wireless devices dont seem to have any issues though, not dropping from network.I usually get 4000 wireless TX drops a day. LAN and WAN show No TX drops
View 11 Replies
View Related
Dec 5, 2012
Our Cisco ASA 5510 running 8.4(4)1 just started dropping packets and our AnyConnect clients are seeing horrible performance. The system is extremely slow compared to just a couple days ago.Nothing has changed on the system. I can post the configs if needed.
firewall# sho int
Interface Ethernet0/0 "outside", is up, line protocol is up
Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
Full-Duplex(Full-duplex), 1000 Mbps(1000 Mbps)
Input flow control is unsupported, output flow control is off
Description: == WAN Interface ==
[code]....
I have done a "sho vpn-sessiondb detail svc" and I can see the dropped packets of the individual users, but cannot see why the packets are still dropping.how I can correct this and restore speeds?
View 1 Replies
View Related
Nov 4, 2012
Have a Cat 4507 with Supervisor 7-E, setup configuration to send NetFLow information to an external server, everything worked great but after 2 weeks, the exporter is showing zero packets sent and the following error is at the console:
[code]...
View 3 Replies
View Related
Jun 25, 2012
I have a couple of Switches Blade 3120, working as active-standby model (HSRP) on a new site deployment. There are other 20 sites more or less, working on the same model, without issues. But in this one, we are seeing a high cpu usage. The traffic going through the platform is 600Mbps (on peaks), and in this case we have 40% of CPU usage. Traffic should be close to 3 Gbps. When we tried to send the whole traffic through the platform, active switch began to drop packets on the majority of interfaces.
When we analyze the CPU usage, there is a special process called "HL3U bkgrd proce" always have the most CPU use, but we do not know what concerns. We do not know if it is caused because there are PBRs configured. It should not matter. How I mentioned, there are other sites working fine and have had always the same PBR number.
What is causing the high usage?. Is there a special debug we could to perform to diagnose the issue?. Also, we have seen a high interrupt CPU usage (9% in this case).
bog-sib-INT-rtr-1#show processes cpu sorted 5sec
CPU utilization for five seconds: 30%/9%; one minute: 25%; five minutes: 23%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
View 3 Replies
View Related
Jan 19, 2012
Does the Cisco WS-C3560X-24P-S switch supports ip flow export?
View 1 Replies
View Related
Jan 8, 2013
I am working on Cisco 3550 switch on a certain requirement. I have got an access point connected to the switch and few mobile phones connected to the access point. I get the list of mac addresses connected to the switch ( Both access point's mac address & the clients addresses) by "show mac-address table dynamic" command. However, i am unable/confused to get the output of the following scenarios:
1. I would require to export the mac address from the switch to the local machine in any format (May be by using an SNMP tool, if available) so that the same needs to be used in my C# for development.What would be the way for the same ?
2. The mac address in the mac address table doesn't get updated dynamically. (Eg Scenario: A wifi client gets connected to an access point which inturn is connected to the switch, the mac address of the client shows up in the switch table. However if the client is disconnected, the client's mac address would still be displayed in the switch table )
View 9 Replies
View Related
Apr 22, 2013
I see these errors on my 6500 router which acts as my server farm and has hundreds of servers connecting to it. I have just taken over these routers from another guy and think the errors may have been there for quiet awhile. I have another router which doen't seem to have these errors. Can you tell me how to turn off netflow? Will it cause any problems to my server farm? Is there a risk to the router if I disable something?
I ask this cause the server guys are having problems with certain servers. I am not sure if they are because of this or not. I really would like to clear the logs. [code]
View 4 Replies
View Related
Sep 4, 2011
We have a Cisco 6500 running the following image;
Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.2(33)SXH4, RELEASE SOFTWARE (fc1)
We are attempting to configure Netflow and export to a colloector. We have the following configuration applied to the device, we can ping from within the vrf to the destination of the flow collector
ip flow-cache timeout active 1
ip flow ingress layer2-switched vlan 1,800-801,803,821-823,861-862,871,900,998,1100-1107,1121,1200,1221,1301-1302,1321-1322
mls netflow interface
mls flow ip interface-full
ip flow-export version 5(code)
however we do not receive the flows on the collector. We can see the flow for both hardware and software but cannot see them at the collowctor.
View 2 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
May 26, 2011
Configured 6500 and 4500 to send netflow to a stealthwatch NADS.When visited by the stealthwatch engineer found that because i didnt have NDE configaured.i wasnt actually exporting any but the initial data in the flow.Now if i have got this right the command for this is - mls nde sender version 5
This is confirmed by looking at the following out put -show mls nde.Neither of these command work on my 4500 switch -does this mean that its not outputting all the data or do i not need to configure NDE or do i need another command ?
-4500 Sup V-10GE 10GE
-6500 Supervisor Engine 720 10GE
-or Supervisor Engine 720
View 0 Replies
View Related
Jun 5, 2012
I tried to configure netflow without success.
Setup is the following.
Cisco Catalyst 6509 with Sup720-10GE IOS 12.2(33)SHX7. There are around 30 L3 vlans configured on the switch. I'm only interested for the traffic on one L3 vlan which is the connection to wan cloud.
I wanna see only the traffic that goes to and come from the wan. On other Catalyst where I have routed interfaces i successfully configured netflow. I read a lot in the forums and documentations but i didn't find the right one.
View 1 Replies
View Related
Aug 2, 2011
I have a strange error on my home network that I cannot find a solution to.I have an Huawei SmartAX MT882 from TalkTalk acting as a modem connected to a D-Link DSL-G624T acting as a router/switch. Connected to the D-Link I have a Windows 7 Pro machine (64-bit, SP1) and an XP (home i think) machine (sp 2 i think).The SmartAX modem is set up to perform DHCP and DNS relaying and the D-Link has DHCP turned off and DNS relay turned off.The Win7 machine can access the network, get an IP address and access the internet without problems, regardless as to the status of the XP machine.The XP machine can access the network, get an IP address and access the internet with no problems ONLY of the win7 is powered up. When the win7 machine is off, the XP machine seems to drop about 25% of the ping packets between it and the D-Link router and has no internet access (because of this i assume). [code]
View 8 Replies
View Related
Mar 18, 2013
I have a SR520 just deployed at a remote site with Internet Access.
Working Environment:
Remote sites have SR520 with IPSEC VPN back to HQ and netflow v.5 works through the VPN back to our PRTG server.
Non-Working:
I cannot get Netflow data to our PRTG with this first SR520 implemented with Zone Base Security. I am not able to get my netflow traffic out. VPN is up and running. Internet is a dialer0 interface. I have a Kron job that does the copy run to tftp backup daily to the same PRTG server and it works fine.
Both my source interface and address on the TFTP command and the netflow commands are the same interfaces (VLAN75) and IP. The Destination ip is the same too (through the VPN tunnel).
Snipped:
flow exporter prtg
destination x.x.x.x
source Vlan75
[Code]....
View 2 Replies
View Related
Feb 11, 2012
I am trying to figure out the Flexible Net-flow on Cat 4510R+E Switch running IOS-XE code. My Neflow flow software is manageengine 7.X. I am able to see the netflow interfaces but the traffic itself is not displayed. On the Switch I can see the netflow exporter statistics counter being incremented thereby confirming as being exported.
View 2 Replies
View Related
Aug 22, 2012
I have cisco WS-C2960S-48FPS-L stacked. Weekly twice, my PoE connections are dropped and when the device is restarted, everything starts working normal. This issue happens weekly once or twice. [code] I can see that there is a bug id : CSCtg86211 and no work around for it. Any updates received from Cisco TAC ?
View 7 Replies
View Related
