I currently have Netflow enabled on all of my routers in my network.
However, I have a Cat3750, which does not support Netflow. The 3750 is at a larger remote site and I need visibility into the traffic that is traversing internal to that switch. All VLANs are configured on the 3750. I have an extra Cisco router, which I have theorized I could use as a Netflow probe.
Here is the idea, please excuse the crudeness of the diagram.
The 2811 Router has to FastEthernet ports.
F0/0 would be configured with no IP Address and would be connected to the 3750 on G0/1 with no VLANs configured.
F0/1 would be configured with a static IP and connected to the 3750 on port G/02 with the appropriate VLAN to ensure network connectivity.
On the 3750, configure a monitor session with a destination of Interface G0/1.
On the 2811, configure netflow to sent to the Netflow server and set F0/0 for ip flow ingress.
Obviously, it doesn't work. But I cannot figure out why.
I'm not sure the Cisco router will send NetFlow for packets it sees unless it routes them. Hopefully someone else can confirm this but, I don't think the router will passively snoop on packets and send out NetFlow datagrams on what it sees.
I suggest an nProbe from ntop.org. It is designed for this type of application and it is the first product I've seen to export URL details:
Sorry to jump on an old thread but after finding libpcap on CentOS dropping too many packets I also thought about using a couple of old 2800's as netflow probes. I realized that the router won't export any information unless it routes the flows but what if we set up the router as the OP designed then added a single static route like:
ip route 0.0.0.0 0.0.0.0 Null0
Turn off all dynamic routing and have only this one static route and one more specific route for the admin interface. Make sure that the admin interface is NOT in a subnet the probe side will ever see to prevent massive routing loops. I'm thinking this should work. I have a 2811 and 2821 sitting on my desk just waiting to try this out. Again, old thread but I'll update anyway with my results.
I'm guessing since all the data is coming IN from the router's view then only ingress netflow is needed on that interface.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...