cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

Why NTA is showing an old IP address as netflow source address

I checked Orion system notifications and I saw this:
pastedImage_0.png
IP address of this netflow source switch has changed already a half year ago, but still these messages are coming. Why?

I think netflow collection works ok anyway that's why I haven't care of these messages, but it would be nice to get rid of them during my lifetime...


Labels (1)
0 Kudos
3 Replies

Can you look through every single device's config to make sure none of them have 192.168.200.1 listed anywhere in the config?

You could add the device into your network and see what traffic it's sending. It might help track it down.

0 Kudos
Level 9

Hi,

Can you confirm by using WireShark that there is really no traffic incoming from IP 192.168.200.1?

If there is really none... do you remember what flow version was the device sending? I am asking because only think that comes in mind that could cause this would be stored flow templates that are read during service startup.

0 Kudos

We don't have any device in that address in network. That 192xxx IP was our netfow switch before, but that address was changed something like a year ago. So no ping answer. And there is nobody who could install some device in that same address afterwards, and it's even more impossible that someone could have configured netflow to that device. So without checking with packet analyzer, I know there is no 192.168.200.1 in network.

But one thing came to my mind, It's a core switch (Catalyst 6509) so that why it was not rebooted when IP was changed. Normally reboot is not necessary, but could it be necessary in this case? 

It's Cisco Catalyst Supervisor 2T so it doesn't have a traditional netflow at all, only a Flexible Netflow (I don't think there are versions at all, but I know what you mean, this 1, 5, 9...). I remember when I implemented that 5 years ago, support from Solarwinds was not very wide, and I had to solve problems more or less by myself.


0 Kudos