Netflow errors (is receiving flow data from unmana...

jasonflory · ‎03-22-2016

Hello Everyone

We are deploying NTA and am getting everything fined tuned. So far everything is working great but have been starting to get these errors "is receiving flow data from unmanaged interface '#xxxx and does not support SNMP" . I am getting these errors from our ASAs and our Cisco 3850s. I read online that the fix for most Cisco devices is snmp-server ifindex persist which i have deployed to our 3850s. I also read that the 3850s have this set by default and am still getting these errors. The ASAs are also reporting this error and does not look like they support the above command,

Any help be greatly appreciated

Thanks

silverbacksays · ‎03-24-2016

Hey jasonflory

Are all of the problem devices managed via SolarWinds? Are you receiving other monitoring information from them, and the other interfaces, correctly?

- Jez Marsh

jasonflory · ‎03-24-2016

Yes the devices work for regular snmp information and Netflow. I just get constant alerts stating I am getting Netflow info from unknown interface which is not supported by snmp.

silverbacksays · ‎03-24-2016

What I would check is the device configuration. it could be that every device had NetFlow enabled using a script, and there was a mistake with it which is causing NTA to throw up errors. Any chance you could post a snippet of the config showing just the NetFlow commands? (sanitised to remove sensitive information, natch).

- Jez Marsh

jasonflory · ‎03-24-2016

Hmm i think the change i pushed out via NCM actually fixed this. Took a bit but i am now not getting this error. This was recommendation from another post to change the snmp interface number to persistent.

snmp-server ifindex persist was run on all of our Cisco switches.

Lets see if any of these errors come back. Just to share here is the config we have on our 3850s for netflow. the standard config templates for netflow would not work on the 3850s.

flow record NETFLOW-RECORD-IN

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface input

collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

collect counter bytes layer2 long

!

flow record NETFLOW-RECORD-OUT

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

match interface output

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp absolute first

collect timestamp absolute last

collect counter bytes layer2 long

!

flow exporter NTAexport

destination xxxxx

source Vlan2

transport udp 2055

template data timeout 60

!

flow monitor NETFLOW-MON-IN

exporter NTAexport

cache timeout active 60

record NETFLOW-RECORD-IN

!

flow monitor NETFLOW-MON-OUT

exporter NTAexport

cache timeout active 60

record NETFLOW-RECORD-OUT

Both monitors are assigned to each interface.

SNMP config

snmp-server community xxxxx

snmp-server community xxxxxx

snmp-server location xxx

snmp-server contact xxx

snmp-server chassis-id xxxxxx

snmp-server host xxxx

snmp ifmib ifindex persist

silverbacksays · ‎03-24-2016

Good stuff! Hope that's sorted out your issue, jasonflory!

- Jez Marsh

jasonflory · ‎03-24-2016

The only devices that i could not run that SNMP command on was the ASA which are also reporting these virtual interfaces as well but they seem to have stopped too.

Netflow errors (is receiving flow data from unmanaged interface '#xxxx and does not support SNMP)