Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 871W - Netflow

Hi Everyone,


I am running into a road block getting Netflow up and running on a Cisco 871W.  First the setup:

  • Cisco 871W running IPSEC VPN to an ASA 5510.
  • Netflow should be going to Solarwinds. (Their free tool).
  • 871 is running 12.4 (15)T7.

I have added ip-route cache flow to VLAN1 (I also had it on interface FA04, but seeing conflicting reports that it should not be there?).

For Netflow also have the following:

ip flow-export source VLAN1

ip flow-export version 5

ip flow-export destination (server IP) 2055

sh ip flow export advises that 45009 flows have been exported in 4931 udp datagrams, 0 failures.  However my graphical NetFlow tool shows nothing.  At this point I am not sure if I am missing something.  I had thought it might be VPN related (i.e. ASA is blocking) but other Solarwinds tools can connect and pull stats from the router in question.

I have never really used Netflow, so some help would be great.

NOTE:  I see this command being recommended - ip nbar protocol-discovery.  But when I try it in config, I get unrecognized command.

Thanks in advance.

Hutch

Everyone's tags (3)
3 REPLIES
Blue

Re: Cisco 871W - Netflow

Since the 871W reports exporting udp datagrams, I think you'd want to start with verifying on the Solarwinds end if it's seeing those exports, say with a sniffer, then move towards the 871W end along the way. Since there's an ASA in the path, it could very well be where the flow exports hit the "road block", unless udp port 2055 is already open in the right direction by previous happenstance. The fact other Solarwinds tools can get their data does not have much bearing on ruling out an ASA blockage unless those tools communicate utilize udp port 2055 as well.

New Member

Re: Cisco 871W - Netflow

To check to see if NetFlow is being received, shut down Solarwinds collector and run Flowalyzer:

http://media.plixer.com/flowalyzer.exe  (8.35MB). 

Also, might want to try Scrutinizer for NetFlow Analysis.

Jake

New Member
2731
Views
0
Helpful
3
Replies
CreatePlease login to create content