Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Ip route-cache flow

Hi All,

i want configure netflow on cisco 837 and 877 for the netflow analyzer. my router wouldnt recognise the ip route-cache flow on the router on the interface on fastethernet. please help

Find more posts tagged with

netflow

cisco

Accepted answers

toms003

hi all,

by rebooting the router and removing the node from npm server the data came through. but its not constant though. i have to reboot the router to get the data every time?any idea?

All comments

wrodenbusch

Have you tried the netflow configurator?

http://www.solarwinds.com/products/freetools/netflow_configurator.aspx

Is it responding to the ip flow-cache and ip flow-export commands?

toms003

i am just downloading the configurator. do think i need to do it on vlans as its a site to site vpn...

toms003

it didnt work..comes up with error" a connection couldnt be made to the specified device. ensure you have the network access to the device and credential are correct". all the info is correct still its giving error.

wrodenbusch

Can you connect to the Cisco devices from the machine you installed it on? If you connect in manually, can you run the ip flow-cache command?

mcbridea

This should work on the 877s. The 837 will require NetFlow v9 config using ip flow ingress and ip flow egress commands at the (config-if) level. Make sure to configure netflow at the (config) level with

Router(config)# ip flow-export version 9

Router(config)# ip flow-export destination NTA server ip address 2055

ip flow-cache active 1

toms003

thanks for the replies. i have a doubt now. router is 877 and its a site to site vpn and we have the vlans on the router. so ip route-cache flow command should be excuted on the vlans or on the fastethernet physical interface. on fe0 the ip route-cache command doesnt work. but on the vlan interface the command did work. please advise

deverts

toms003,

Try this...

Global commands:

ip flow-cache timeout active 1
ip flow-export source Loopback1 (or the interface you want reporting to NTA)
ip flow-export version 5
ip flow-export destination <NTA IP> 2055
ip flow-top-talkers
top 20
sort-by bytes

I typically don't use "ip route-cache flow," instead, try using "ip flow ingress" or "ip flow egress" on the physical interfaces. All traffic flows through the physical interfaces, and you can capture all the conversations while limiting the resources necessary for collecting the data.

Here's the Cisco doc for reference, you probably already have this: http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdnfc.html

Hope this helps.

Dwyane

toms003

Hi Dwyane,

thanks.the main problem is my cisco router 877 wouldnt recognise the ip flow ingress or regress or route cache command on fe2 or fe0 which are the 2 physcial interface. the ip commands listed are below.there is no ip route cache or ingress listed.pls see below
interface IP configuration subcommands:
address             Set the IP address of an interface
ddns                Configure dynamic DNS
dhcp                Configure DHCP parameters for this interface
header-compression IPHC options
rsvp                RSVP Interface Commands
rtp                 RTP parameters
vrf                 VPN Routing/Forwarding parameters on the interface

hutcha4113

Hi Toms,

Not sure if you got this working, but I am using a Cisco 871, and can confirm that the Interface will take the ip flow command.

However the interface must also be configured. For example on one of our FA interfaces, it is just setup as a Trunk port to a switch. On that interface, the ip flow command is invalid. On Interface 4, which we have configured as the WAN port via PPPOE, the ip flow command works.

You may want to look at how the interface is configured, to see if it will even report Netflow data.

toms003

Hi hutcha,

Thanks. we have used switch port command on the interfaces,so we have vlan1 configured for the data. .ie fa0 as vlan1. so i have configured the netflow command on vlan1. the command wouldnt recognise on fa0. on vlan1 its taken all the commands and when i look at the show ip flow and cache its giving the desired data but its not reaching the nta server(nothing is blocking the port) so dont know what is happening.

mcbridea

A couple of things you can do at this point.

Do a sho ip flow export on the router and make sure the IP address and port of the NetFlow collector are correct. Also check that the output indicates packets are being exported.

Next take a packet capture (Wireshark) from the Orion/NTA server interface and see if cflow packets are being received from the router. If they are then look at the indicated interface number and see if it is listed as interface 0. That could be an issue. If the sho command indicates that packets are properly being exported but Wireshark sees no cflow then something along the path to the NPM server is eating them.

toms003

HI Mcbridea,

thanks for the reply.

The router is showing its exporting. but analyzing the file capture, cant see anything recieved on the netflow server on that port.nothing is blocking that port though.

router#sh ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.xx.xx.1 (Vlan1)
Destination(1) 10.xx..xx.14 (2055)
Version 5 flow records
151506 flows exported in 20577 udp datagrams
0 flows failed due to lack of export packet
74 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures