Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
2
Replies

Intravlan netflow on 3850

itinfrastructure3
Level 1
Level 1

‎01-19-2017 10:12 AM - edited ‎03-08-2019 08:59 AM

Hello,

We've set up netflow on our core switch and it works, we are capturing all inter-vlan traffic.

We are also trying to get traffic that flows inside a vlan on an edge switch (that traffic does not reach the core switch).

We are running 3850 with  03.07.04E

We cannot get the flow record applied to the vlan it errors out.

Here is our config:

flow exporter AWSSplunk
 description test
 destination x.x.13.245
 transport udp 2055
 template data timeout 60
 option interface-table timeout 60
 option application-table timeout 60

flow monitor MONITOR1
 exporter AWSSplunk
 cache timeout inactive 30
 cache timeout active 60

flow record RECORD1
 match datalink mac source address input
 match datalink mac source address output
 match datalink mac destination address input
 match ipv4 source address
 match ipv4 destination address
 match flow direction

When applying to vlan 10:

sw(config)#vlan configuration 10
sw(config-vlan-config)#ip flow monitor MONITOR1 input
% Flow Monitor: Flow Monitor 'MONITOR1' cannot be added as this monitor does not have a valid Flow Record.

What are we missing?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-19-2017 10:40 AM

Hi,

Your flow record is named "'RECORD1" can you change it to "MONITOR1" and test again?

HTH

0 Helpful

itinfrastructure3
Level 1
Level 1
In response to Reza Sharifi

‎01-19-2017 11:18 AM

Thank you!

I forgot to add RECORD1 to MONITOR1

It works now

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card