10-15-2007 11:39 AM
I've enabled netflow on sevral switches. out of which I cannot see flow from couple of switches. I checked all config, cpu statistics, flow statistics, show ip flow export & sh ip cache flow, but evrything seems right.
what may be the reason I cannot see flow from few switches.??????
I checked firewall & accesslist, but nothing is there which is blocking that devices..
Aspiring help from expert.
10-15-2007 02:11 PM
What app are you using? Is the port configured correctly? Are you seeing netflow stats on the router?
10-16-2007 04:39 AM
Ports are configured properly. There is not much cpu utlization.'show ip flow export' indicates that netflow has been enabled on device.
Everything seems correct. what could be reason for not seeing flow????I 've configured highest version 9.
10-16-2007 04:48 AM
This is what I get output after enabling Netflow.
#sh ip flow export
Flow export is enabled
Exporting flows to 10.152.4.48 (2003)
Exporting using source interface Loopback100
Version 6 flow records
14911 flows exported in 4156 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
#sh ip cache flow
IP packet size distribution (384619 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .732 .239 .002 .000 .000 .007 .014 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
7 active, 65529 inactive, 14913 added
467580 ager polls, 0 flow alloc failures
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 15 0.0 73 40 0.0 21.1 11.4
TCP-other 7320 0.0 2 42 0.0 0.0 5.8
UDP-DNS 112 0.0 2710 62 0.0 1244.5 5.4
UDP-other 5448 0.0 2 199 0.0 1.3 15.4
ICMP 717 0.0 3 98 0.0 13.7 15.5
IP-other 1294 0.0 29 59 0.0 110.8 14.7
Total: 14906 0.0 25 65 0.0 20.1 10.6
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa1/0 10.152.4.7 Local 10.217.255.19 06 BAC9 0017 34
Fa1/0 10.152.4.51 Local 192.168.127.73 06 0031 7849 4
Fa1/0 10.152.4.51 Local 192.168.127.73 06 0031 784A 4
Fa1/0 192.168.144.33 Null 224.0.0.10 58 0000 0000 48
Fa1/1 192.168.144.37 Null 224.0.0.10 58 0000 0000 46
Fa1/0 10.128.0.77 Ch2/0 10.217.255.20 11 040F 0035 3855
Fa1/0 10.128.0.76 Ch2/0 10.217.255.20 11 040F 0035 869
Can you tell me what could be the reason 'm unable to see flow?
11-27-2007 06:12 AM
The box certainly is certainly exporting netflow traffic:
14911 flows exported in 4156 udp datagrams
So check that the collector address 10.152.4.48 is reachable from here, and verify whether the collector address or port (2003) is being firewalled somewhere along the way (eg, at an intermediate node).
You might want to put a traffic sniffer on your wire to verify where netflow export packets are seen.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: