Newbie Here.
I configured NetFlow on our C9500 switch and Wireshark on the Orion app server shows flows received...but NTA is not showing flows received.
It would seem so. See if this helps.
https://thwack.solarwinds.com/product-forums/netflow-traffic-analyzer-nta/f/forum/25720/netlfow-configuration-for-cisco-c9500-40x
Look at this as well.
https://documentation.solarwinds.com/en/success_center/nta/content/nta-no-template-error-sw1469.htm
Do you see any events on the NTA Summary page that mention the device name?
Hi Borgan,
I do see the device, but "Last Received Flow" shows "never" for the device itself and for the VLAN interface I applied the configuration on on the switch.
Good, but I was referring to the Last 25 Traffic Analyzer Events widget. Do you see mention of the device name and what might have been done with any data received at the server?
Good point. I do see it with two recurring messages.....
"The NetFlow Receiver Service received NetFlow V9 flows without any template for decoding them. Configure the device 172.16.128.1 to export an appropriate NetFlow V9 template at 1-minute intervals. See help for details."
"The NetFlow Receiver Service received an invalid V9 template with ID 256 from device 172.16.128.1."
Misconfigured Netflow on the device??
Got it. I added some fields to the flow record on the device. Giving it a bit to see if it corrects the issue.
Perfect. I added the following to the record and that seems to have done the trick! Thank you for the assistance.
match interface input collect transport tcp flags collect interface output
On other question...what is best practice for using either ip flow monitor INPUT vs. OUTPUT on the source interface?
I do not claim to be an expert on that question, so I will defer to anyone else with expertise on that aspect of things. Glad I could help.
