I was working with Opmanager software to monitor my network, and i downloaded the Netflow plugin, i tried to enable the netflow on my core switch c3560 but I was surprised that it does not support the NetFlow, after many resersh most of URL's say it does not support until i found another URL from Cisco Says that it support Flexble netflow now, but i think we should update the IOS.
[URL]
I am trying to configure netflow/flexible netflow on some branch site 887 routers which have a IPSec tunnel back to the main office. It is my understanding that the router will not encrypt traffic that it generates itself so the standard netflow will not work. The workaround I have seen is to use flexible netflow rather than standard.
I have tried to configure flexible netflow with the following configuration;
flow exporter EXPORTER-1
destination 192.168.10.1
source Vlan1
transport udp 9996
[Code]...
i want to activate flexible netflow on my WS-X45-SUP7-E with IOS cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG. I've started with a simple configuration like this:
Configuring a Flow Monitor for IPv4/IPv6 Traffic Using the Flexible NetFlow
“NetFlow IPv4 Original Input” Predefined Record
SUMMARY STEPS
i just came to know Assurance feature license doesn't come for free when upgrading from LMS4.2 or NCS1.1. It has to be purchased. Before buying this license, i would like to know if IPv6 netflow is supported.
View 0 Replies View RelatedWe have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
[code]....
Do you know if the following Cisco switches ME3600X ME3800X support Netflow? I need to collect data on interfaces and export it to an external Netflow collector installed on a server. In other word, I need to be sure that those switches support the following command (or similar):
ip flow-export destination <IP> ip flow-export source <Interface> ip flow-export version 5 ip flow-cache timeout active 1 ip flow-cache timeout inactive 15 snmp-server ifindex persist !
[Code].....
What are the limitations of Net flow v9 support on the 7600 platform for the SR code releases?
I know that Flexible Net flow is only available on newer releases with some newer hardware. Flexible Net flow gives you the ability to provide full support for Netflow v9 as well as IPFIX.
However, the documentation indicates that Net flow v9 is still supported in the SR code. So I am just trying to find out what are the limitations in how Net flow v9 is implemented without "Flexible Net flow". The Cisco TAC was unable to provide me any documentation about this.
I currently have Netflow enabled on all of my routers in my network. However, I have a Cat3750, which does not support Netflow. The 3750 is at a larger remote site and I need visibility into the traffic that is traversing internal to that switch. All VLANs are configured on the 3750. I have an extra Cisco router, which I have theorized I could use as a Netflow probe.
The 2811 Router has to FastEthernet ports.F0/0 would be configured with no IP Address and would be connected to the 3750 on G0/1 with no VLANs configured.F0/1 would be configured with a static IP and connected to the 3750 on port G/02 with the appropriate VLAN to ensure network connectivity.
On the 3750, configure a monitor session with a destination of Interface G0/1.On the 2811, configure netflow to sent to the Netflow server and set F0/0 for ip flow ingress.Obviously, it doesn't work. But I cannot figure out why.
I searched around but did not see any valuable info on this so I guess it doesn't. But wanted to get confirmation from you guys.
View 2 Replies View RelatedI am trying to use the following commands on the switch but it is not supported:
ip route-cache flow
ip flow-export destination
Attached is the output for show version and show module commands from the switch.
I need to know if Cisco Switch 2960 support Netflow. If it doesn't, how do I configure the switch to enable Netflow?
View 3 Replies View RelatedI can't seem to find any information on the Nexus 5000 support of netflow. I assume that means it doesn't do netflow.
View 5 Replies View RelatedI'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.Will Netflow still work in that scenario?
View 4 Replies View RelatedI know the Nexus 5548P hardware does not support Netflow.I just need to know that if we introduce the layer 3 Daughter Board N55-D160L3 does this add Netflow support?
View 3 Replies View RelatedI've been researching the 3750-x Netflow support but I'm not 100% sure of how much support it has. From what I've read the only way to get NetFlow support is to install a specific module that provides NetFlow. I also heard about how it might support s-flow but I haven't found out for sure.
View 8 Replies View RelatedAny major difrrence between Netflow v/s Netflow-Lite?
I am trying to understand if Cisco 4948E can do the same job as Cisco 4500E or not and difference between Netflow v/s Netflow-Lite will work for me to select correct product.
Cisco cannot login? Currently i cannot login to the two of my cisco 3560 with the password that i usually used to login. and it is strength to me that its Configuration register is 0xF.
[BEGIN] 10/4/2011 10:22:57 AMshoTC-NGN-C3560-1>show verTC-NGN-C3560-1>show version Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 18:15 by nachenImage text-base: 0x00003000, data-base: 0x01300000
ROM: Bootstrap program is C3560 boot loaderBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
TC-NGN-C3560-1 uptime is 50 weeks, 6 days, 9 hours, 34 minutesSystem returned to ROM by power-onSystem image file is "flash:c3560-ipservices-mz.122-35.SE5/c3560-ipservices-mz.122-35.SE5.bin"
[code]....
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
View 12 Replies View RelatedI have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M
LOG:
----------------------------------------
.Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
[Code].....
I have some c3560 with system MTU set 1546 with interface VLAN10 whose MTU size is 1546 and there is no possibility to change it to another value. and we have some cisco 2600 where I can't set MTU bigger as 1500. I have a problem in establishing the OSPF adjacency between cisco 2600 abd 3560 , the command "ip ospf mtu-ignore" is set on both side but it doesn't work - the OSPF packets which are sent by c3560 are simply lager as 1500 bytes and are dropped by cisco2600.
the problem is that sometimes c7200 losses their BGP session, I would say in most cases it happens between NPE400 and NPE-G1/G2 whit error message like "session closed by a peer x.x.x.x" after some seconds BGP session goes again UP , and then after some minutes again DOWN .
it can be MTU problem, as the traffic passes those c35660 with MTU1500. The neighbour status showes that "transport tcp path-mtu-discovery" is enabled an all neighbours but it seems doesn't work. if I disable the path-mtu-discovery on the neighbours - the BGP session between them stays stable.
On my study lab I have got 2 switches a c3560 running IOS and a c2948g-ge-tx running CatOS. Both switches has SFP ports, I would like to configure ether channel between them switches using 2 SFP ports on each switch.
My question is if such configuration is possible and how to configure ether channel so that VLANS can travel between both switches running different operating system. I have tried but it's no working,
1.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is slow.
2.Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1) This switch EIGRP coverge is fast
The IOS have effect of the EIGRP coverge ? From which version IOS began ?
I have C3560 switches in my work environment. I want configure ssh on that switch but the IOS what they have 'c3560e-universal-mz.122-58.SE2' not support. As per advised I was triying to upgrade 'c3560e-universalk9-mz.122-58.SE2" for all my access switches.
I successfully upgraded for two switches.
I have two problems now
01. I upgraded the IOS successfully one Switch but the Poe is not working. What is the reason ?
02. After upgrade the IOS, the out put is as follows
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3560E-24PD 12.2(35)SE5 C3560E-UNIVERSAL-M
Cisco#sh boot sys
[Code].....
recently i do some lab about trunking protocol using Layer 3 switch C3560 and layer 2 switch C2960, but i face a problem that i cannot configure trunk port on my C3560 using "switchport mode trunk" command, and after looking for the answer from google i found that i have to "remove" the "auto" mode of C3560 using "switchport mode dynamic desirable" and after that we can enter the "switcport mode trunk" command successfully.
and my question are, whether the "auto" trunk mode in switch layer 3 is a default mode or not? and why i should enter "sw mode dynamic desirable" command before "sw mo trunk" command ?
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
I am unable to login to switch c3560 through Hostname but able to login through IP address. when i am putting the command : login authentication telnetpwd
getting the below message:
AAA: Warning authentication list "telnetpwd" is not defined for LOGIN.
I have below switch and I was interested in configuring GRE on one of the interface. So I tried to create tunnel interface, the tab completes the command. Is GRE supported on this switch and IOS?
Switch#show version
Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
......
cisco WS-C3560-48TS (PowerPC405) processor (revision G0) with 122880K/8184K bytes of memory.
Switch(config)#interface tunnel 0
^% Invalid input detected at '^' marker.
Switch(config)#
IP routing is also enabled.
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]
View 1 Replies View RelatedPrime 1.3 (POC testing), for testing purposes I discovered a class C range (255.255.255.0) containing a bit of everything (AP 1240, C3560 & C3750).When looking in the config archive only the AP's have configs stored, the others failed, snmp & telnet credentials are the same for the whole range, what could I do wrong ?
View 5 Replies View RelatedI have a weird situation with some switches.
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56.
Switch 56 can ssh into Switch 55 and ssh into Switch 57
Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
I am upgrading the network equipment at my place of employment. We use Cisco C3560, 2960, 4506 and I was noticing that IOS 15.0.x is available. After doing some reading it appears that Cisco is going to a pay for the licensing functionality that you want. Do I need to purchase licenses to upgrade from IOS 12.X to 15.0.x to maintain functionality?
View 4 Replies View Relatedhow to configure SLA monitorin for Dual Path default route in Layer 3 switches, like C3560?
View 2 Replies View Related#sh run | inc user
!
username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password
!
#sh run | inc aaa
!
aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common
!
#sh run | begin line vty
!
line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.