cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3568
Views
15
Helpful
14
Replies

Supervisor 8 e and NetFlow

Travis LaRose
Level 1
Level 1

I'm hoping this will be an easy question.

I have a 4506e enclosure in which we've upgraded to a Supervisor 8e card. Is a separate NetFlow hardware module required in order to use NetFlow?

 

I have configured the switch based on what I've found online.

 

flow record RECORD1
 match ipv4 source address
 match ipv4 destination address
 collect counter bytes
 collect counter packets
!
!
flow exporter EXPORT1
 destination 10.10.3.104
 source Vlan10
 transport udp 2055
!
!
flow monitor MONITOR1
 exporter EXPORT1
 cache timeout active 300
 record RECORD1

 

However, when I open the NetFlow analyzer the device does not show up.

1 Accepted Solution

Accepted Solutions

What I meant was, device might have to be in and monitoring via SNMP, and the Node IP should be interface VLAN 10. Perhaps just simple ICMP might work? - I haven't tried that though.

Well what does the NTA say? Normally it says it on the web page in orion if it doesn't like something. I have found that the NTA does not like it when it receives data from an unknown source (I have all my devices for SNMP monitoring), unless there is a way where you can configure Orion to just accept and not to ignore. Also its not instant, I had to wait a good 5 mins for things to start working.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

14 Replies 14

Bilal Nawaz
VIP Alumni
VIP Alumni

Have you applied ip flow monitor MONITOR1 input or output under an interface?

Also i noticed you are trying to export on udp 2055 is this to Solarwinds Orion Netflow? if so then you need to do this at a minimum:

flow record RECORD1

match ipv4 tos

match ipv4 protocol

match ipv4 source address
match ipv4 destination address

match ipv4 transport source-port

match ipv4 transport destination-port

collect interface input snmp

collect interface output snmp

collect counter bytes 

collect counter packets

 

Hope this helps.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Thank you for responding. I have applied MONITOR1 to vlan 10. It IS the solar winds analyzer.
 

I tried to put in the additional commands for RECORD1 but got "invalid input detected" for the following commands:

match ipv4 transport source-port

match ipv4 transport destination-port

collect interface input snmp

collect interface output snmp

 

 

Okay - i am also using solarwinds, apologies i made a mistake here is correction... One requirement in solarwinds is to monitor this device from VLAN 10. And add the interfaces for monitoring. Hopefully it should start working!

match transport source-port

match transport destination-port

collect interface input snmp

collect interface output snmp

collect counter bytes

collect counter packets

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Still not showing up in the analyzer. Do I have to configure SNMP on the switch? I really do not want to.

 

What do you mean by this:
 

One requirement in solarwinds is to monitor this device from VLAN 10. And add the interfaces for monitoring.

What I meant was, device might have to be in and monitoring via SNMP, and the Node IP should be interface VLAN 10. Perhaps just simple ICMP might work? - I haven't tried that though.

Well what does the NTA say? Normally it says it on the web page in orion if it doesn't like something. I have found that the NTA does not like it when it receives data from an unknown source (I have all my devices for SNMP monitoring), unless there is a way where you can configure Orion to just accept and not to ignore. Also its not instant, I had to wait a good 5 mins for things to start working.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

OK, I've made some progress.

I briefly turned on snmp with:
 snmp-server community public

When I did this, I was able to add the device to the SolarWinds analyzer. I then turned the snmp server off:

 no snmp-server

Closed the SolarWinds analyzer and opened it back up, and the device is still there.

However, I still not get vlan 10 to report NetFlow data. My config is pretty much the same as above:

 

flow record RECORD1
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect counter bytes
 collect counter packets
!
!
flow exporter EXPORT1
 destination xxx.xxx.xxx.xxx
 source Vlan10
 transport udp 2055
!
!
flow monitor MONITOR1
 exporter EXPORT1
 cache timeout active 300
 record RECORD1
!
!
!
output omitted
!
!
!
vlan configuration 10
ip flow monitor MONITOR1 input
vlan internal allocation policy ascending

 

Not exactly sure what I could be missing. Any Ideas?

Hello, Please see my original post, I believe you are missing some commands there for the flow record.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

see attached Doc. Follow steps for Sup7 - same thing.

Hope it helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

I went ahead and tried to all all of the commands to the flow record and here is what I got:

 

switch(config)#flow record RECORD1
switch(config-flow-record)# match ipv4 tos
switch(config-flow-record)# match ipv4 protocol
switch(config-flow-record)# match ipv4 source address
switch(config-flow-record)# match ipv4 destination address
switch(config-flow-record)# match transport source-port
switch(config-flow-record)# match transport destination-port
switch(config-flow-record)# collect interface input snmp
                                                    ^
% Invalid input detected at '^' marker.

switch(config-flow-record)# collect interface output snmp
                                                     ^
% Invalid input detected at '^' marker.

switch(config-flow-record)# collect counter bytes
switch(config-flow-record)# collect counter packets

 

So I went ahead and tried to enter the "collect interface input" command manually followed by "?" to see the options available. The only thing that was there was "netflow". So I figured "awesome, that must be it". I was then able to add the updated flow record to MONITOR1, but when I applied the updated MONITOR1 to the vlan config I got the following error:


switch(config-vlan-config)#ip flow monitor MONITOR1 in
Warning: Exporter EXPORT1 could not be activated because of the following unsupported fields:
    interface input netflow
    interface output netflow

 

Are you using a hardware NetFlow module in your enclosure, or is it just done in IOS?

I have just IOSXE and IOS, but I haven't got the sup8 - I have the sup7 and c6500 sup2t, ASR & N7K SUP2.

Okay we may need a bit of trial and error because im not 100% sure.

What if you do this....

collect interface input

collect interface output

(without the netflow key word) since I have a feeling this is for netflow v5. Then apply to the interface.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

That didn't work either. I'm trying to set it up with netflow v.9.

I have a different Cisco device that I have set this up on using the SolarWinds analyzer.

It is an 1811 router with the following configuration lines:

int fa0
 ip route-cache flow
!
int vlan 10
 ip route-cache flow
!
ip flow-export source Vlan10
ip flow-export version 9
ip flow-export destination xxx.xxx.xxx.xxx 2055

This set up works perfectly. The vlan10 in the analyzer shows "Netflow" in the "Flow type" field and I can collect statistics on that vlan.

 

So here is my updated settings with the 4506e switch with the SUP 8e card:

flow record RECORD1
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
 collect interface output
 collect counter bytes
 collect counter packets
!
!
flow exporter EXPORT1
 destination 10.10.3.104
 source Vlan10
 transport udp 2055
!
!
flow monitor MONITOR1
 exporter EXPORT1
 cache timeout active 300
 record RECORD1
!
!
!
output omitted
!
!
!
vlan configuration 10
ip flow monitor MONITOR1 input
vlan internal allocation policy ascending

When I look in the analyzer, there is nothing in the "Flow type" field for vlan10. ALSO, whenever I run the "show flow interfaces" command, nothing comes up. Its like it isn't actually being applied to vlan 10.

Hello, after some further reading, and some testing, it seems as though flexible netflow is not supported on the SVI's. Only physical interfaces. Does the same apply to you?

https://supportforums.cisco.com/discussion/11189006/4506-e-sup7-e-and-flexible-netflow

 

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Well, I'm not really sure how this got marked as answered. It most certainly is not.

I am having the same issue. Every piece of research I have done on this shows that I have the correct settings in the switch, however the Solarwinds analyzer does NOT show any netflow traffic.

bbiandov
Level 1
Level 1

Concur with @Bilal Nawaz - SVI not supported; you have to map the thing to physical interfaces, one-by-one :)

So much for a $15k sup...

~B

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: