5 Replies Latest reply on Aug 28, 2017 1:10 PM by rschroeder

    How to configure Cisco 4500X to export to NTA?

    zoomxzoom

      We've just purchase NTA. I was able to successfully get some of our Cisco routers to export flow data to NTA but I'm not having any luck with our Cisco 4500X. I've tried using the configuration here Flexible Netflow on 4500X but I'm still not getting anything. That setup also left me with a few questions. I want to monitor the traffic flowing through the only WAN interface on the device. Do I add any "ip flow monitor" statement to my physical WAN interface that I'm trying to monitor? Or do I need to create the "ip flow monitor" statement for each VLAN? Here is my exact config at the moment:

       

      flow record NTArecord

      match ipv4 tos

      match ipv4 protocol

      match ipv4 source address

      match ipv4 destination address

      match transport source-port

      match transport destination-port

      match interface input

      collect interface output

      collect counter bytes

      collect counter packets

      !

      !

      flow exporter NTAexport

      destination <ip address>

      source TenGigabitEthernet2/1/3

      transport udp 2055

      !

      !

      flow monitor NTAmonitor

      exporter NTAexport

      cache timeout inactive 30

      cache timeout active 60

      record NTArecord

       

      Thanks for the assistance.

        • Re: How to configure Cisco 4500X to export to NTA?
          jamesatloop1

          I have encountered these puppies before and i believe they require additional netflow cards to be purchased. Can you confirm that is the case?

            • Re: How to configure Cisco 4500X to export to NTA?
              zoomxzoom

              I'm not sure.

               

              NTA eventually picked up on the device and told me I needed to add in one of my Port Channel interfaces (I'm not sure why). After I added the Port Channel interface to NPM monitoring, some data started to collect in the egress direction only. It's only a few kilobytes being recorded and only between two hosts. No other data.

               

              Will continue to work on it...

              • Re: How to configure Cisco 4500X to export to NTA?
                rschroeder

                Version 7 45xx switches (and earlier hardware platforms) needed NetFlow modules purchased and installed.

                 

                That is not the case for Version 8 4510 and 4507 chassis switches.

                 

                However, the switch must be licensed for IP Base or Enterprise before NetFlow commands will work.  A plain 4510 running LAN Base cannot do NetFlow until its license is upgrade to at least IP Base.  The cost is about $5K.

                 

                But I got this working on a 4510 V8 Enterprise Licensed switch today, and it's looking good.

                 

                 

                Cisco confirmed this with a TAC case I opened today.  Here are their instructions and links:

                 

                Cisco Switch 4000 NetFlow configuration are supported for an IP base license level not support LAN base license level. Once that requirement is met, we can then move on to configuring Flexible NetFlow.

                 

                Note- IOS XE supports the flexible netflow and not the original netflow format.

                 

                Please find below the link for your reference:

                http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book/fnf-fnetflow.html#GUID-741D4DE7-B349-4B76-BB7A-2F64A0915C1F

                 

                 

                To see how to configure flexible netflow, please check the below link:

                http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book/fnf-fnetflow.html#d4759e5817a1635

                 

                 

                The old Netflow CLI is not supported. Only the FNF CLI is available.

                 

                Unfortunately the only kind of netflow that the  4000X supports is the FNF, traditional netflow is not supported on that device, and there is no way to migrate to this one.

                http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-16/fnf-xe-16-book/use-fnflow-redce-cpu.html

                 

                Customers with Cisco Traditional NetFlow (TNF) Feature on ASR4000 Platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) Feature on ASR4000 Platform at link below.

                http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html

                 

                 

                 

                Example config:

                ========================================================

                flow record
                <<NAME>>

                match ipv4 tos

                match ipv4 protocol

                match ipv4 source address

                match ipv4 destination address

                match transport source-port

                match transport destination-port

                collect interface input

                collect interface output

                collect counter bytes

                collect counter packets

                flow exporter
                <<NAME>>

                destination <<<ip
                address>>

                source <<interface
                id>>

                transport udp 9996

                flow monitor
                <<NAME>>

                record <<NAME>>

                exporter <<NAME>>

                 

                “show flow monitor name <<<monitor-name>>>
                cache format table”

                “show flow exporter <<name>>
                statistic>>>

                 

                OR

                 

                flow record
                FNF-input

                 

                description IPv4 NetFlow

                match ipv4 source address

                match ipv4 destination address

                match transport source-port

                match transport destination-port

                match ipv4 protocol

                match interface input

                match ipv4 tos

                match flow direction

                 

                collect interface output

                collect counter bytes long

                collect counter packets long

                collect transport tcp flags

                collect timestamp absolute first

                collect timestamp absolute last

                end

                show flow record FNF-input

                 

                flow record
                FNF-output

                 

                description IPv4 NetFlow

                match ipv4 source address

                match ipv4 destination address

                match transport source-port

                match transport destination-port

                match ipv4 protocol

                match interface output

                match ipv4 tos

                match flow direction

                 

                collect interface input

                collect counter bytes long

                collect counter packets long

                collect transport tcp flags

                collect timestamp absolute first

                collect timestamp absolute last

                end

                show flow record FNF-output

                 

                flow exporter
                FNF-exporter

                 

                description Export to
                FNF-exporter

                destination 10.1.1.10

                source gigabitEthernet1/0/1

                transport udp 2055

                end

                show flow exporter
                FNF-exporter

                 

                 

                flow monitor
                FNF_mon_input

                 

                description IPv4 FNF ingress
                exports

                exporter FNF-exporter

                record FNF-input

                cache timeout active 60

                end

                show flow monitor
                FNF_mon_input

                 

                flow monitor
                FNF_mon_output

                 

                description IPv4 FNF egress exports

                exporter FNF-exporter

                record FNF-output

                cache timeout active 60

                end

                show flow monitor
                FNF_mon_output

                 

                interface
                GigabitEthernet1/0/1


                ip flow monitor FNF_mon_input input

                ip flow monitor FNF_mon_output output

                end

                show flow interface
                [interface-type number]

                 

                show flow record FNF-input

                show flow record FNF-output

                show flow exporter FNF-exporter

                show flow monitor FNF_mon_input

                show flow monitor FNF_mon_output

                show flow interface
                <interface>

                 

                Flexible NetFlow Configuration Guide, Cisco IOS XE Release
                3S (ASR 4000)

                http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book.html

                 

                For IOS-XE netflow configuration, Netflow-v5 and Traditional netflow has been discontinued on latest releases. There are various formats for the export packet and these are commonly called the export version. The export versions are well documented formats including version 5, 7, and 9. The most common format used is NetFlow export version 5, but version 9 is the latest Cisco invented format and has
                some advantages for key technologies such as security, traffic analysis and multicast. Without version 9 export format, Flexible NetFlow would not be possible. Sup6L-E doesn't support netflow with any IOS.

                Flexible netflow version 9 is supported on 4500 device using supervisor 7-E. This depends on supervisor and not IOS versions.

                 

                Here is the link which states the same:

                http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/prod_white_paper0900aecd804be1cc.html

                 

                 

                Here is the link which shows configuration assistance of
                flexible netflow:

                http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/get_start_cfg_fnflow.html#wp1057363

              • Re: How to configure Cisco 4500X to export to NTA?
                zoomxzoom

                Here is a link to what got it working for me Re: Cisco 4500X switch & Flexible Netflow