×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Netflow with DstIf null

Unanswered Question
Oct 26th, 2010
User Badges:

Hi!
I have two Catalyse 4507 joined by an interface Giga. I implemented Netflow on the two devices with the commands:


ip flow ingress infer-fields
ip flow ingress layer2-switched
ip flow-export source Vlan111
ip flow-export version 5
ip flow-export destination X.X.X.X 2055
ip flow-aggregation cache destination-prefix
export destination X.X.X.X 2055
enabled



one of the Catalyst (switch1) export the data correctly but not the other, the output of the command "show ip cache flow" is as follows for each:


Catalyst that exports data correctly (switch1)
Switch1#sh ip cache flow


IP Flow Switching Cache, 17826816 bytes
  35451 active, 226693 inactive, 3458800173 added
  2192119154 ager polls, 0 flow alloc failures
  Active flows timeout in 30 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 4227400 bytes
  35451 active, 95621 inactive, 3458800173 added, 3458800173 added to flow
  0 alloc failures, 0 force free
  2 chunks, 3028 chunks added
  last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet     6500127      1.5        17    88     27.0 3806765.5      24.1
TCP-FTP        8793339      2.0        36    65     74.0 3540083.8      20.8
TCP-FTPD      28618853      6.6        66   855    442.9 3893751.7      22.4
TCP-WWW      368569586     85.8        20   552   1741.7 3637226.5      23.2
TCP-SMTP       5036306      1.1         6   180      7.1 3323975.0      20.3
TCP-X          7116725      1.6        21   501     36.3 3677953.5      20.3
TCP-BGP             38      0.0         1    42      0.0 3955884.7      32.7
TCP-NNTP           139      0.0         2    44      0.0 3893273.7      36.5
TCP-Frag         12485      0.0         2   182      0.0 3033828.3      26.9
TCP-other   1675587396    390.1       173   821  67799.5 3779030.7      23.3
UDP-DNS      104429171     24.3         1    68     44.8 4251736.0      25.4
UDP-NTP       10270542      2.3         2    78      5.5 3856321.0      23.7
UDP-TFTP         37927      0.0         6    53      0.0 1533207.4      19.9
UDP-Frag       4419083      1.0      3514  1358   3615.6 3528393.2      21.2
UDP-other    894530949    208.2        18   478   3928.0 4030578.5      25.3
ICMP         327893020     76.3         7    66    608.4 3924877.4      23.4
IGMP           2149578      0.5         1    33      0.8       4.5      19.6
IP-other        724209      0.1       131    61     22.2 2183280.1      19.7
Total:      3444689473    802.0        97   815  78354.4 3854103.6      23.8


SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Vl111         A.B.C.D         Vl111         A.B.C.D     11 0B31 99CD   149
Vl111         A.B.C.D         Vl111         A.B.C.D     11 809D 1220     1
Vl111         A.B.C.D         Vl111         A.B.C.D     11 809D 1225     1
Vl111         A.B.C.D         Vl111         A.B.C.D     11 809D 1229     1
Vl111         A.B.C.D         Vl1           A.B.C.D    06 0AC9 0050     1
Vl111         A.B.C.D         Vl111         A.B.C.D     11 0B31 99A5   273
Vl111         A.B.C.D         Vl1           A.B.C.D    06 0916 0548    11
Vl111         A.B.C.D         Vl111         A.B.C.D     11 99A5 0B38   373
Vl1           A.B.C.D         Vl1           A.B.C.D    06 0548 11EF     3
Vl111         A.B.C.D         Vl111         A.B.C.D     06 0050 1EE5     2



Catalyst that does NOT export data (switch2)
Switch2#sh ip cache flow


IP Flow Switching Cache, 17826816 bytes
  13 active, 262131 inactive, 283145053 added
  2684798631 ager polls, 0 flow alloc failures
  Active flows timeout in 1 minutes
  Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 2130248 bytes
  13 active, 65523 inactive, 283145026 added, 283145026 added to flow
  0 alloc failures, 0 force free
  1 chunk, 0 chunks added
  last clearing of statistics 28w6d
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet       56480      0.0         8    58      0.1 1897750.5      13.7
TCP-FTP           2347      0.0         2    54      0.0 3085341.0      16.3
TCP-FTPD             5      0.0         9  1349      0.0 2576972.3      16.1
TCP-WWW       36672450      8.5        27   463    235.3  912618.3      18.8
TCP-SMTP          3660      0.0         2    51      0.0 2700190.9      16.2
TCP-X             5733      0.0        10   431      0.0 2397325.0      16.1
TCP-NNTP             1      0.0         3    50      0.0       1.0      15.7
TCP-Frag             1      0.0         1   210      0.0 4294957.2      17.9
TCP-other     86636487     20.1     17698   802 357001.8 2007449.3      15.7
UDP-DNS          84944      0.0         2    69      0.0 3868868.7      16.3
UDP-NTP        9695948      2.2         1    76      2.2   78130.3      15.8
UDP-TFTP            47      0.0         8    51      0.0  913841.0      15.6
UDP-Frag        129037      0.0       471   591     14.1 1918571.4      13.0
UDP-other    117227049     27.2         6   228    188.7 3144381.7      16.3
ICMP           2577353      0.6        48    58     29.3 3107174.5      16.5
IGMP           7283088      1.6         1    31      2.1       3.0      15.8
IP-other       2697048      0.6        90    47     57.0     438.7      14.3
Total:       263071678     61.2      5837   801 357531.1 2225531.3      16.4


SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Gi4/4         A.B.C.D          Null          A.B.C.D       02 0000 0011     2
Vl4           A.B.C.D        Local         A.B.C.D      11 007B 007B     1
Gi4/4         A.B.C.D         Null          A.B.C.D       67 0000 0000     1
Gi4/4         A.B.C.D         Null          A.B.C.D       67 0000 0000     1
Vl4           A.B.C.D         Local         A.B.C.D      06 0736 0016    28
Vl4           A.B.C.D         Local         A.B.C.D      11 007B 007B     1
Vl4           A.B.C.D         Local         A.B.C.D      11 007B 007B     1
Vl111         A.B.C.D         Null          A.B.C.D        59 0000 0000     2
Vl111         A.B.C.D         Null          A.B.C.D        59 0000 0000     3
Vl111         A.B.C.D         Null          A.B.C.D        59 0000 0000     3



In this case the Destination interface appears as null and Local,I checked the ACLs and no one is blocking traffic, there is not rate limiting configured... which can be the source of the problem for switch2 not exports data?


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 10/26/2010 - 06:06
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sdurn,


check if the second chassis has the required hardware modules


see

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/50sg/configuration/guide/nfswitch.html#wp1022037


There are some type of supervisors that don't support netflow just to make an example



post show module from both to see if there are differences



Hope to help

Giuseppe

sdurn Wed, 10/27/2010 - 01:31
User Badges:

Thanks for the reply.
The two supervisors are the same model and have the same version...

Actions

This Discussion