Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NDE Export

Greetings,

I'm attempting to configure netflow export to an external collector. The NDE is set to use a particular IP address and port on a workstation. I can see udp traffic coming in but it is not recognized as netflow traffic by the application.

I see this when looking at the status:

cisco1>sh mls nde

Netflow Data Export enabled

Exporting flows to 192.168.1.65 (2055)

Exporting flows from 192.168.1.2 (57754)

Version: 7

Layer2 flow creation is enabled on vlan 1

Layer2 flow export is enabled on vlan 1

Include Filter not configured

Exclude Filter not configured

Total Netflow Data Export Packets are:

0 packets, 0 no packets, 0 records

Total Netflow Data Export Send Errors:

IPWRITE_NO_FIB = 0

IPWRITE_ADJ_FAILED = 0

IPWRITE_PROCESS = 0

IPWRITE_ENQUEUE_FAILED = 0

IPWRITE_IPC_FAILED = 0

IPWRITE_OUTPUT_FAILED = 0

IPWRITE_MTU_FAILED = 0

IPWRITE_ENCAPFIX_FAILED = 0

Netflow Aggregation Disabled

When I look at the flow config, I see:

cisco1>sh ip flow exp

Flow export v1 is enabled for main cache

Exporting flows to 192.168.1.65 (2055)

Exporting using source interface Vlan1

Version 1 flow records

1396 flows exported in 362 udp datagrams

0 flows failed due to lack of export packet

0 export packets were sent up to process level

0 export packets were dropped due to no fib

0 export packets were dropped due to adjacency issues

0 export packets were dropped due to fragmentation failures

0 export packets were dropped due to encapsulation fixup failures

0 export packets were dropped enqueuing for the RP

0 export packets were dropped due to IPC rate limiting

It appears NDE is not exporting the data but netflow is. I do not think this is what I'm looking to accomplish.

2 REPLIES
Hall of Fame Super Gold

Re: NDE Export

Charles

I am not sure that I know the answer, but I notice a couple of things. sh mls nde indicates that it is using version 7. the sh ip flow exp indicates that it is using verions 1. I wonder what version the collector is expecting. And if there is a mismatch that might explain why the collector is not recognizing its input as netflow traffic.

HTH

Rick

Bronze

Re: NDE Export

Hello,

try configure netflow export version 5.

conf t

ip flow-export version 5

mls nde sender 5

The configuration seems OK, so problem will be on the collector part. You can test your configuration with another netflow collector (e.g. noncommercial flow-tools or any commercial). Our company develops netflow tools and it is fully compatible with netflow version 1,5,6,7 and 9. Please, verify that you haven't firewall rule that block incoming udp exports on your collector...

Bye Jan

Caligare co,

http://www.caligare.com

138
Views
0
Helpful
2
Replies
CreatePlease to create content