Re: About GSR NETFLOW don't export flows !

ccie11851 · ‎04-12-2004

Hi :

My GSR NETFLOW don't export flows ,when i apply a access-list rules.

Can you tell me why ?

Thanks for your support!

GSR#sh ver

Cisco Internetwork Operating System Software

IOS (tm) GS Software (GSR-P-M), Version 12.0(19)ST5, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Compiled Wed 03-Jul-02 10:41 by dchih

preddyi · ‎04-12-2004

Are you applying the access-lists on the interfaces for security/packet filtering purpose ?

Does the flows-export stops only for the intefaces where you apply inbound access-list or globally it stops?

Does it work if you apply outbound access-list / without any access-list ?

ccie11851 · ‎04-13-2004

Are you applying the access-lists on the interfaces for security/packet filtering purpose ?

YES!!!

Does the flows-export stops only for the intefaces where you apply inbound access-list or globally it stops?

The interfaces don't apply "ip route-cache flow samples",when i apply access-list to the interface.

Others interface apply "ip route-cache flow samples" command.

Does it work if you apply outbound access-list / without any access-list ?

It don't work if i apply outbound access-list.

It work very well when i don't apply access-list to any interface.

thank you!

dducamps · ‎05-11-2004

It could depend on the type of line card you use on your GSR.

Typically Engine2 LC (example 3ports Giga Ethernet) use PSA Asic with bundled of functionnality pre-configured on the Asic.

These bundled have name. Vanilla bundle provide to you sampled netflow and a lot of other functionality (but not ACL on interface).

But if you activate ACL on interface, the asic changes the bundled used to one which provide ACL but not Netflow.

On this type of LC, there is no possibility to have netflow and ACl on interface at the same time.

regards.