Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to configure netflow on 6807

Dear All,

 

Please help me to configure netflow on my new 6807XL VSS, running 15.1(2)SY - IPSERVICESK9.

I have tried to configure it according to the documentations available but getting warning messages while applying to an interface and not getting any flows received at the collector side.

Have created flow record, exporter and monitor. Tried with version 5 and manageengine netflow analyzer.

Is there any working example available ?

Thanks in advance.

Shijo.

17 REPLIES

There's no unique way to

There's no unique way to implement netflow monitoring. Anyway this is the working configuration for monitoring bandwidth usage that we use in our company along with PRTG as collector:

!

ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination <A.B.C.D> <port>

!

interface FastEthernet0/0
 ip address <a.b.c.d> <255.255.255.0>
 ip flow egress
 duplex auto
 speed auto

 

 

New Member

Dear Houten,Thanks for the

Dear Houten,

Thanks for the reply.

But I believe the given configuration steps are belongs to the 'original netflow' configuration, but this has been replaced by Flexible Netflow (FNF) in newer IOS versions.

Regards,

Shijo.

 

You're right, it works for

You're right, it works for version 12.4, but it's not depreciated yet and you can use it for newer IOS.

can you share your current configuration?

VIP Purple

Heres a working flex netflow

Heres a working flex netflow  of one of my devices

check its exporting with

xxxxxxxxxxxxxxxxxxxx#show flow exporter statistics
Flow Exporter NetQos:
  Packet send statistics (last cleared 40w1d ago):
    Successfully sent:         56805572              (70235337725 bytes)
    No destination address:    24                    (30196 bytes)

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

flow record FLOW-RECORD
 description record to monitor network traffic
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 match interface output
 collect routing source as
 collect routing destination as
 collect routing next-hop address ipv4
 collect transport tcp flags
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter NetQos
 description export Netflow traffic to HQ
 destination x.x.x.x
 source Vlan1222
 template data timeout 300
 option interface-table timeout 1000
 option exporter-stats timeout 1000
!
!
flow monitor xilinx_nq
 description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
 record FLOW-RECORD
 exporter NetQos
 statistics packet protocol

interface Vlan159
 ip address x.x.x.x 255.255.255.0
 ip flow monitor xilinx_nq input
 ip flow monitor xilinx_nq output

New Member

Thank you for adding this

Thank you for adding this config.

Looking at your config, I think the only question I have about it is:

flow exporter NetQos
 description export Netflow traffic to HQ
 destination x.x.x.x
 source Vlan1222 (What is this VLan? Why is it a source if you're actually sourcing your monitoring from "interface vlan159"?)
 template data timeout 300
 option interface-table timeout 1000
 option exporter-stats timeout 1000

I also had some questions on a previous comment up above.  The config I commented on above is a bit different from yours.  Might you be able to comment on those questions, as well?

Thank you for your help!

VIP Purple

Hi

Hi

your sourcing it from vlan 222( thats my choice its our MGMT vlan )not vlan 159 , your collecting stats from vlan 159

every ip interface you want to collect from in flex netflow must have the monitor statements applied  , like in netflow 5 just slightly diff syntax

we source every protocol we use from MGMT interfaces through our FWs for security , you don't have too  

VIP Purple

flow exporter NFexporter ----

flow exporter NFexporter ----> name of exporter (can the same exporter be used for multiple interfaces, or does each interface require it's own exporter to be created?)

The exporter is only for the destination application where your sending the flows , so I have multiple collectors , NetQos , Live action etc . I have a specific exporter for each application

reading above if you use my netflow any ip interface you want to see flows from you apply what I have under the vlan 159 as the example , that should be on every IP based interface youw nat flows from , you cn colclect layer 2 as well but I don't have that included in that example , the monitor collects , the exporter send the data to the flow collector , the flow record is what you want recorded what stats if you get me

New Member

Thank you, everyone, for your

Thank you, everyone, for your help.

I've got this working, though I have a few bugs to work out.  In an effort to make the minor changes I need, I've tried changing the config of the record. "% Flow Record: Flow Record is in use. Remove from all clients before editing."

Based on that, I decided to simply create a new record with the modifications I need, figuring I would then remove the current record from the monitor and put in the new record.  Uhhhm, yeah... not so much.

When I try to remove the current record, I get the same "error".  I only have this applied to 10, or so, VLan interfaces and one port... But is there an easier way to make the change without having to remove the monitor from each port individually, then re-add it?

Thanks, again!

VIP Purple

Yes its a pain in the neck

Yes its a pain in the neck trying to change these when in use , I do it all on notepad and copy back in , its a limitation there's no quick fix way really , glad you got sorted anyway

New Member

I had our QRadar guy check

I had our QRadar guy check out the feed.  He's now getting everything!  Thank you for the help.

Is there a way to globally apply the monitor?  Or maybe ply to all active VLan interfaces in one deft swoop?

VIP Purple

yes there one way to do it to

yes there one way to do it to all vlans , no global command available

(config)#int range vlan 1 - 20
(config-if-range)#

New Member

That's pretty amusing... I

That's pretty amusing... I didn't want to just up and try that! ~ was a bit nervous.

Thank... AGAIN!

New Member

Dear Shijomon, You managed to

Dear Shijomon,

 

You managed to configure NetFlow?

 

I have the same question on the same appliance

New Member

Hi, Not yet, what about for

Hi,

 

Not yet, what about for you ??

 

Shijo.

New Member

Hi ShimonTry this basic

Hi Shimon

Try this basic netflow configuration

--------------------------- Create Exporter-------------

flow exporter NFexporter ----> name of exporter
  destination 10.53.4.201
  transport udp 8899
  source Ethernet2/44

------------------------Create Monitor------------------

flow monitor NFmonitor ----> name of Monitor
  record netflow-original
  exporter NFexporter

------------------------- Attach to the interface-------------------------

interface Ethernet2/44
  ip flow monitor NFmonitor input  
  ip flow monitor NFmonitor output

 

Please rate if you find userfull

 

New Member

I'm interpreting each of

I'm interpreting each of these commands in a couple of different ways.  The plan is to capture data from multiple ports. Could someone please clarify? (see notes below):

--------------------------- Create Exporter------------- (Global Config)

flow exporter NFexporter ----> name of exporter (can the same exporter be used for multiple interfaces, or does each interface require it's own exporter to be created?)
  destination 10.53.4.201
  transport udp 8899
  source Ethernet2/44 (If the same can be used, why would you define here if you then need to "attach" it to each individual interface?)

------------------------Create Monitor------------------(Global Config)

flow monitor NFmonitor ----> name of Monitor (Would it be advisable to clarify which port this is monitoring, or can this be shared amongst different ports?)
  record netflow-original
  exporter NFexporter

------------------------- Attach to the interface------------------------- (Interface config)

interface Ethernet2/44
  ip flow monitor NFmonitor input  
  ip flow monitor NFmonitor output

New Member

I am sharing with you How to

I am sharing with you How to configure netflow on 6807

flow exporter NFAexporter
destination {ip address}
Export-protocol version-9
transport udp 9996
template data timeout 60

ip flow monitor NFAmonitor
record netflow-original
exporter NFAexporter
cache timeout active 60
cache timeout inactive 15

I hope this information will helpful. 

1831
Views
0
Helpful
17
Replies