• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 24 subscribers
  • Views 579 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Netflow doens't work after switch change

Ismo

I changed a core switch from Cisco Catalyst 6509 (Sup 2) to 6509E (T2 sup). A and new IOS doesn't support netflow anymore, it uses flexible netflow. I configured it like it should be (Flexible Netflow Configuration Guide, Cisco IOS Release 12.4T - Getting Started with Configuring Cisco IOS Flexible NetFlow  [Cisco IOS Software Releases 12.4 T] - Cisco Systems) but I cannot see any netflow data graphs on server. It seems like data is coming to server, but somehow server doens't understand it or doens't "want" to show it to me.

For example I get notes like "NetFlow Receiver Service [SERVER999] is receiving a NetFlow data stream from an unmanaged device (10.10.99.1)..." so Orion seems to be getting some data. (I already changed the source setting of exporter to get rid of that error, so that was just an example. If Orion wouldn't see any netflow data, how could it give those errors?). But anyway, why Orion doens't show the data as graphs? I haven't changed anything within Orion server before or after switch change.

  • 0

    I'm getting this event:

    You have not enabled NetFlow data export on 192.168.200.1 device. For more information, see "Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches" in the Support - Product Documentation area of www.solarwinds.com.

    This must be some kind of bug in NTA, because clearly server receives data, but just doesn't understand it. As told, at the beginning netflow was coming from wrong VLAN, but even then, Orion understood that something IS coming in! Then I changed netflow source interface from switch to VLAN 1 (switch management vlan, which is managed by Orion) and that error disappeared. As said, server seems to undestand that netflow is coming in, but it just cannot draw it to graphs?!?

    So, I'll open the ticket now or what?

  • 0

    Solved. I had to create a record. Normally "netflow-original" should do the job, but in Supervisor 2T there is no such a command at all. It's replaced with "platform-original" and I think it doesn't work correctly with NTA. Platform-original configuration sends netflow to NTA but Orion doesn't understand it, I don't know why. But when I replaced this "emulated" netflow with manual record, it started to work ok.

  • FormerMember
    0 FormerMember in reply to Ismo

    Hi,

    We have the exact same issue but i don't think i understand the solution to this problem...

    Can someone explain to me a bit more in details about what needs to be done to make it work?

    Thank you!

    JP

  • 0 in reply to FormerMember

    This comes very late, but didn't see this before. So you need basics? In old netflow you write command after command as normal configuration. But in flex netflow (if you don't use "emulated netflow" which doesn't work in NTA) you have to create a so called "sub-programs" into router configuration and IOS jumps between these programs to know what to do and when. You need 3 netflow elements: Record (here i use word Settings), monitor and exporter.

    Looking from interface side of view:

    1. Interface has netflow command that points to Monitor sub-program.

    2. Monitor tells router what to capture (settings "sub-program") and where to send data (in this case to orion server).

    3. Settings tells router what to capture.

    Sound complicated, but there can be several Monitor and Settings configurations, so the idea is to tell which interface is using which netflow setting. I don't know did that help anything, because of my bad english, but at least I tried. emoticons_silly.png

    Here is the configuration I use:

    flow record SETTINGS

    match datalink vlan input

    match ipv4 version

    match ipv4 tos

    match ipv4 protocol

    match ipv4 source address

    match ipv4 destination address

    match transport source-port

    match transport destination-port

    match interface input

    match flow direction

    collect counter bytes

    collect counter packets

    flow exporter EXPORTER1

    description Netflow exporter 1 to SERVER233

    destination 10.10.100.100

    source Vlan1

    transport udp 9996

    template data timeout 60

    flow monitor MONITOR1

    record SETTINGS

    exporter EXPORTER1

    cache timeout active 1

    interface vlan NN

    ip flow monitor MONITOR1 output

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.