Cisco 871W - Netflow

Unanswered Question
Apr 28th, 2010

Hi Everyone,


I am running into a road block getting Netflow up and running on a Cisco 871W.  First the setup:

  • Cisco 871W running IPSEC VPN to an ASA 5510.
  • Netflow should be going to Solarwinds. (Their free tool).
  • 871 is running 12.4 (15)T7.


I have added ip-route cache flow to VLAN1 (I also had it on interface FA04, but seeing conflicting reports that it should not be there?).

For Netflow also have the following:


ip flow-export source VLAN1

ip flow-export version 5

ip flow-export destination (server IP) 2055


sh ip flow export advises that 45009 flows have been exported in 4931 udp datagrams, 0 failures.  However my graphical NetFlow tool shows nothing.  At this point I am not sure if I am missing something.  I had thought it might be VPN related (i.e. ASA is blocking) but other Solarwinds tools can connect and pull stats from the router in question.


I have never really used Netflow, so some help would be great.


NOTE:  I see this command being recommended - ip nbar protocol-discovery.  But when I try it in config, I get unrecognized command.


Thanks in advance.


Hutch

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
yjdabear Wed, 04/28/2010 - 15:21

Since the 871W reports exporting udp datagrams, I think you'd want to start with verifying on the Solarwinds end if it's seeing those exports, say with a sniffer, then move towards the 871W end along the way. Since there's an ASA in the path, it could very well be where the flow exports hit the "road block", unless udp port 2055 is already open in the right direction by previous happenstance. The fact other Solarwinds tools can get their data does not have much bearing on ruling out an ASA blockage unless those tools communicate utilize udp port 2055 as well.

Actions

This Discussion