I am running into a road block getting Netflow up and running on a Cisco 871W. First the setup:
Cisco 871W running IPSEC VPN to an ASA 5510.
Netflow should be going to Solarwinds. (Their free tool).
871 is running 12.4 (15)T7.
I have added ip-route cache flow to VLAN1 (I also had it on interface FA04, but seeing conflicting reports that it should not be there?).
For Netflow also have the following:
ip flow-export source VLAN1
ip flow-export version 5
ip flow-export destination (server IP) 2055
sh ip flow export advises that 45009 flows have been exported in 4931 udp datagrams, 0 failures. However my graphical NetFlow tool shows nothing. At this point I am not sure if I am missing something. I had thought it might be VPN related (i.e. ASA is blocking) but other Solarwinds tools can connect and pull stats from the router in question.
I have never really used Netflow, so some help would be great.
NOTE: I see this command being recommended - ip nbar protocol-discovery. But when I try it in config, I get unrecognized command.
Since the 871W reports exporting udp datagrams, I think you'd want to start with verifying on the Solarwinds end if it's seeing those exports, say with a sniffer, then move towards the 871W end along the way. Since there's an ASA in the path, it could very well be where the flow exports hit the "road block", unless udp port 2055 is already open in the right direction by previous happenstance. The fact other Solarwinds tools can get their data does not have much bearing on ruling out an ASA blockage unless those tools communicate utilize udp port 2055 as well.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...