Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
4
Replies

what the prob if we can't see flow from netflow enabled devices?

ranidalal
Level 1
Level 1

‎10-15-2007 11:39 AM

I've enabled netflow on sevral switches. out of which I cannot see flow from couple of switches. I checked all config, cpu statistics, flow statistics, show ip flow export & sh ip cache flow, but evrything seems right.

what may be the reason I cannot see flow from few switches.??????

I checked firewall & accesslist, but nothing is there which is blocking that devices..

Aspiring help from expert.

Labels:
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎10-15-2007 02:11 PM

What app are you using? Is the port configured correctly? Are you seeing netflow stats on the router?

0 Helpful

ranidalal
Level 1
Level 1
In response to Collin Clark

‎10-16-2007 04:39 AM

Ports are configured properly. There is not much cpu utlization.'show ip flow export' indicates that netflow has been enabled on device.

Everything seems correct. what could be reason for not seeing flow????I 've configured highest version 9.

0 Helpful

ranidalal
Level 1
Level 1
In response to Collin Clark

‎10-16-2007 04:48 AM

This is what I get output after enabling Netflow.

#sh ip flow export

Flow export is enabled

Exporting flows to 10.152.4.48 (2003)

Exporting using source interface Loopback100

Version 6 flow records

14911 flows exported in 4156 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

#sh ip cache flow

IP packet size distribution (384619 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .732 .239 .002 .000 .000 .007 .014 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes

7 active, 65529 inactive, 14913 added

467580 ager polls, 0 flow alloc failures

last clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 15 0.0 73 40 0.0 21.1 11.4

TCP-other 7320 0.0 2 42 0.0 0.0 5.8

UDP-DNS 112 0.0 2710 62 0.0 1244.5 5.4

UDP-other 5448 0.0 2 199 0.0 1.3 15.4

ICMP 717 0.0 3 98 0.0 13.7 15.5

IP-other 1294 0.0 29 59 0.0 110.8 14.7

Total: 14906 0.0 25 65 0.0 20.1 10.6

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Fa1/0 10.152.4.7 Local 10.217.255.19 06 BAC9 0017 34

Fa1/0 10.152.4.51 Local 192.168.127.73 06 0031 7849 4

Fa1/0 10.152.4.51 Local 192.168.127.73 06 0031 784A 4

Fa1/0 192.168.144.33 Null 224.0.0.10 58 0000 0000 48

Fa1/1 192.168.144.37 Null 224.0.0.10 58 0000 0000 46

Fa1/0 10.128.0.77 Ch2/0 10.217.255.20 11 040F 0035 3855

Fa1/0 10.128.0.76 Ch2/0 10.217.255.20 11 040F 0035 869

Can you tell me what could be the reason 'm unable to see flow?

0 Helpful

paitken
Level 1
Level 1
In response to ranidalal

‎11-27-2007 06:12 AM

The box certainly is certainly exporting netflow traffic:

14911 flows exported in 4156 udp datagrams

So check that the collector address 10.152.4.48 is reachable from here, and verify whether the collector address or port (2003) is being firewalled somewhere along the way (eg, at an intermediate node).

You might want to put a traffic sniffer on your wire to verify where netflow export packets are seen.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents