mcbridea

I'm unable to replicate this. The child node did not trigger in my test. Are you evaluating or an existing customer?

I corrected the link

Do you see this when you are viewing ingress flows from the internal interface? Can you send me a pcap?

Bron, Can you post the math the other system is using?

I have pinged the PM - I should have an answer tomorrow, but I'm 99% sure the proper factor is 1024.

TT 15685, "The Acherman Bug"

Eric, Thomas shows the calculations a few posts up from this one. Andy 

Hi Donald, I'll check on the status of this one. We'll get it working again. Andy

Good deal - I'll pass the kudos along to Jamie!

Cool! I'll send this to the Product Manager for IP SLAM to consider as a feature.

Yes - I meant to type PCAP. D'oh! So if these are Adtran routers they're not in the MPLS cloud. I'm really wondering if the traffic is engineered to act hub and spoke and not full mesh. This would explain it.

The ASA exporter does not mark direction as a normal v9 exporter would. This make it impossible for the collector to determine in/out. It is a Cisco bug.

Hi Mike, It is on my roadmap but I can't discuss a timetable at this point. Andy

I see. There is also an issue where the ASA does not properly mark the direction of the flows, but I don't know if this could be causing that behaviour. You may need to work with TAC on this one. Can you take a packet cap on the NTA server and see what the cflow export packets have in them. You can send them to me too,…

Thanks for the update Phil!

I suggest you open a ticket on that.

It has to be the trigger condition then. I'm not seeing the issue but I'll ping an Alert Guru for a second look.

So, I investigated this further and saw that in the dbo.EngineProperties table the property named "Basic Alert - Actions Enabled" was set to false even though the basic alerts ui showed the disable box unchecked. After running the configuration wizard against the database the property was set to true.

Hi and thanks for the feedback. We are looking at releasing this feature set about mid year. Andy

By Que name are you refering to traffic classes?

Wow - That would be a lot of upfront work. I suggest adding the subnets to the IP groups as needed (When you need to find out about 10.10.1.0/24 add thet one) and using Traffic View Bulider, which gives historical views. The report writer won't support this today unless you use the advances SQL reports, which require some…

If you don't want to get alerts for Unknown status you can change the trigger to "Down" or ennumerate the statuses you want by adding them each as a simple condition. Hope this helps - Andy

Here is the group I created for that case.

Thanks for closing the loop on the forum!

Coolio!

That's probabably best answered by CableLabs.

Probably the best way to accomplish this is by adding a custom property. See this paper on how to do this.

I've got this on the roadmap to fix.

The protocol and port are zeros, indication L2 traffic only.

Keep in mind that this ASA configuration is to create an export from the ASA, not to allow the 871 NetFlow traffic to pass through the ASA. Your ASA admin can help you get the NetFlow traffic through the ASA if that is what you need.