Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
0
Helpful
4
Replies

Allow only Netflow Traffic through Ethernet Interface Via ACL

adamdaviddoyle
Level 1
Level 1

‎11-03-2006 06:06 AM - edited ‎03-03-2019 02:34 PM

Hello All,

I'm trying to allow ONLY netflow traffic to be passed from one particular ethernet interface on a router to my netflow collection server.

here is what I have so far:

ip access-list extended netflow

permit tcp host 10.1.1.99 host 100.1.1.21 eq 9996

ip access-group netflow out

interface FastEthernet0/1

description Internal 100mbps connection

ip address 10.1.1.99 255.255.0.0

ip access-group netflow out

ip route-cache flow

speed auto

full-duplex

This however doesn't seem to be stopping any traffic.

Labels:
0 Helpful
4 Replies 4

tdrais
Level 7
Level 7

‎11-03-2006 06:25 AM

Depends on what you are trying to stop. Any traffic that comes in on another interface should be blocked. Traffic that the router itself creates cannot be blocked with a access list. You must use local policy routing and route the traffic to a null interface.

0 Helpful

adamdaviddoyle
Level 1
Level 1
In response to tdrais

‎11-03-2006 07:15 AM

So if this were on my internet router and i had 2 ethernet interfaces and 1 serial.

The Ethernet1 interface would not allow any traffic to go out of it from the other 2 interfaces (Serial & Ethernet0)

If that is the case that is fine.

0 Helpful

tdrais
Level 7
Level 7
In response to adamdaviddoyle

‎11-03-2006 07:38 AM

yes that is how it works.

It is just one of those strange things about outbound access lists.

If you want to confirm it put in a statement like deny ip any any log and ping some address past the router from 100.1.1.21. You should see the reply packets being dropped.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to tdrais

‎11-03-2006 12:13 PM

Tim is quite right that an outbound access list can not block traffic that is generated by the router itself but will block traffic that comes in some other interface and is being forwarded out the interface with the outbound access list.

I am curious about the statement that the access list as applied did not seem to be stopping any traffic. The access list as written would deny pretty much any transit traffic. Can the original poster clarify what traffic is sent out which interface.

One other note is that the access list as given is looking for tcp traffic but netflow uses udp transport.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card