netflow to source from a vrf

cfajardo1_2 · ‎08-05-2008

-nms is running on another core which is not part of a VRF

-a core switch is to be configured for netflow which is on a VRF instance

-normal ping is working from the NMS to the loopback of the core switch

-normal ping is not working from the core switch to the NMS. Ping VRF is working from core to NMS.

how do i configure netflow to use VRF to reach my NMS.

Thanks

Giuseppe Larosa · ‎08-05-2008

Hello Celso,

try to use the following:

Router(config)# ip flow-export destination ip_address udp_port_number [vrf vrf_name]

see the link

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/nde.html#wp1140433

this is for cat6500 with 12.2SXH

Hope to help

Giuseppe

cfajardo1_2 · ‎08-05-2008

make sense..ill check the os..

- any idea how my switch netflow config should be? ive config it without specifying any vrf actually

int vlan 20

ip flow ingress

ip flow-export source vlan 20

ip flow-export destination 1.1.1.1 2222

mls netflow

mls nde sender version 5

Giuseppe Larosa · ‎08-05-2008

Hello Celso,

I'm not sure to have understood your needs.

I thought you wanted to reach the collector via a VRF, if you haven't any VRF defined in your switch you should omit the vrf option

If instead you have multiple VRFs on the core switch the right VRF name to be used is the same that allows you to ping the collector workstation.

Just to say something :

one thing is the source interface for export

Vlan 20 is fine.

Then, on all the L3 interfaces you want to monitor you need to add something like

ip route-cache flow

There are some specific commands if you want to monitor L2 switched traffic but this isn't possible on all platforms/OS combination.

Hope to help

Giuseppe

cfajardo1_2 · ‎08-05-2008

what i mean is i have the above current config. do i have to modify only the ip flow-export destination command and the rest will remain?

thanks

Giuseppe Larosa · ‎08-06-2008

Hello Celso,

>> what i mean is i have the above current config. do i have to modify only the ip flow-export destination command and the rest will remain?

Yes I agree you just to need to change the export destination command

Hope to help

Giuseppe

cfajardo1_2 · ‎08-06-2008

any idea if this is supported in the newer ios? how will i know which ios supports this feature.

thanks

Giuseppe Larosa · ‎08-06-2008

Hello Celso,

you can try to enter the command without typing enter at the end.

you can use feature navigator

www.cisco.com - support - tools - all tools

- feature navigator

you do a search by feature

type netflow

select Netflow Data Export (NDE)

select NDE for VRF interfaces (but this is for monitoring traffic on VRF interfaces)

I expect that this implies to be able to export in VRF

Hope to help

Giuseppe

fajardo2007 · ‎08-09-2008

from one of the docus ive found, this vrf option at destination is available on the 12.2(18)SXH. Mine is SXF

Giuseppe Larosa · ‎08-10-2008

Hello Celso,

if you need it you should think to upgrade.

I would suggest 12.2(33)SXH because we updated from 12.2(18)SXH to that to support 10GE modules.

Hope to help

Giuseppe