cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1820
Views
0
Helpful
3
Replies

netflow showing inbound traffic only

unixadmin
Level 1
Level 1

Hi,

I have enabled netflow on a Cisco 1800 router. All the interfaces are showing inbound and outbound traffic apart from Fastethernet 0. It is showing Traffic for inbound only.

when I run show ip flow interface, I noticed that it created a subinterface for fastethernet0 even though I did not create it manually. Also sh ip cache flow is reporting traffic to be Local (not sure if this is of any relevance)

Some output:

ittcrt03-perurt01#sh ip cache flow | inc Fa

Fa0 192.168.254.100 Local 192.168.254.26 2F 0000 0000 1

Fa0 192.168.254.100 Local 192.168.254.26 2F 0000 0000 145

Fa0 192.168.254.100 Local 192.168.254.26 2F 0000 0000 2

ittcrt03-perurt01#

ittcrt03-perurt01#sh ip flow interface

FastEthernet0

ip route-cache flow

ip flow ingress

ip flow egress

FastEthernet0.1

ip flow ingress

ip flow egress

Thanks

Anwar

3 Replies 3

Jan Nejman
Level 3
Level 3

Hello,

I recommend not using 'ip flow egress' and using 'ip flow ingress' on all interfaces on your router. Using netflow on egress is used only for several special cases, but normal configuration is 'ip route-cache flow' (deprecated command) or 'ip flow ingess' on all L3 interfaces. Do you using NAT?

Kind regards,

Jan Nejman

Caligare, Co.

http://www.caligare.com/

Jan

Thanks for the info.

I enabled egress for testing purposes only. I took it out of the config. We do not use any NAT. I still do not see any output traffic on netflow. Any suugestions?

Thanks

Anwar

Hello,

did you enable 'ip flow ingess' on all interfaces? i.e Fast 0/1, 0/2 ... Could you send me output of the:

show ip interface brief

show runn | inc flow

Kind regards,

Jan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco