12-28-2009 08:42 AM - edited 03-06-2019 09:05 AM
mls flow ip full
police flow mask src 1000000 conform-action transmit exceed-action drop
i have also disable the NDE and ip flow-export.
I got the "FLOWMASK_CONFLICT: Features configured on interface " errors
however, when i used:
mls flow ip full
police flow 1000000 conform-action transmit exceed-action drop
without specified the mask, i get no error and the microflow working. Is there any issue with this?
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd803e5017.html does not seem to work
Any advice and thanks.
12-28-2009 09:18 AM
Hi,
Have a look at this document for more info on flow mask conflict
Sampled NetFlow requires the dest-source-interface flow mask (PFC2) or full-interface flow mask (PFC2 and PFC3). This may cause conflict with other flow-based features on the same interface
HTH
Reza
12-28-2009 09:53 AM
Thanks for the reply.
I am using VS-S720-10G running 12.2(33)SXH5 and running "mls flow ip interface-full" :
R1#show run | in flow
ip flow-cache timeout active 5
ip flow ingress layer2-switched vlan 10
mls netflow interface
mls flow ip interface-full
R1#show policy-map
Policy Map CiscoUBRL
Class outward_traffic
police flow mask src-only 1000000 30000 conform-action transmit exceed-action drop
R1#show class-map outward_traffic
Class Map match-all outward_traffic (id 1)
Match access-group 10
Router#show ip access-lists 10
Standard IP access list 10
10 permit 192.168.10.0, wildcard bits 0.0.0.255
interface Vlan10
ip vrf forwarding TEST
ip address 192.168.10.254 255.255.255.0
ip flow ingress
ip flow egress
mls qos bridged
service-policy input CiscoUBRL
Get the followng errors:
%FM-4-FLOWMASK_REDUCED: Features configured on interface Vlan10 have conflicting flowmask requirements, some features may work in software
Please advise and thanks
12-28-2009 10:11 AM
Here is the error message and the workaround:
Error Message %FM-4-FLOWMASK_REDUCED: Features configured on interface [chars] have conflicting flowmask requirements, some features may work in software
Explanation The configured features for this interface have a flow mask conflict. The traffic on this interface and the interfaces sharing the TCAM label with this interface will be sent to the software.
Recommended Action Redefine and reapply or unconfigure one or more features to avoid the conflict.
https://www.cisco.com/en/US/docs/ios/12_2sx/system/messages/sm2sx04.html#wp1020288
HTH
Reza
12-28-2009 10:20 AM
I am aware of this error but still could not figure out what cause it. Based on the earlier code snippet, can advise why is the flow mask conflicting?
12-28-2009 05:47 PM
appreciate anyone to advise and thanks.
12-29-2009 02:01 AM
Hello,
the possible conflicting commands are:
ip flow ingress
ip flow egress
mls qos bridged
service-policy input CiscoUBRL
try to to start without any command under SVI vlan10, then add one per time until the error appears again.
in this way you can find what command is causing the message.
Hope to help
Giuseppe
12-29-2009 04:00 AM
The command that cause the issue is the service policy input ciscoUBRL
This caused problem (with the mask src-only) : police flow mask src-only 1000000 conform-action transmit exceed-action drop
This work (without the mask src-only): police flow 1000000 conform-action transmit exceed-action drop
Understand NDE and QoS cannot be apply to the same interface, I have also disable the nde (PFC and MSFC using):
For PFC to disable the NDE
no ip flow export layer2-switched vlan 10
show mls nde
Netflow Data Export is Disabled
Netflow Aggregation Disabled
For MSFC to disable the NDE
no ip flow-export source
no ip flow-export version 5
If without the mask src-only, for traffic that matched under the access-list 10 be consider as one single microflow.
Appreciate any help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: