12 Replies Latest reply on Jun 16, 2016 10:25 AM by jxchappell

    Cisco 4500X switch & Flexible Netflow

    sdawson35

      Hi,

       

      We have 2 x Cisco 4500X switches running in VRRP mode , we think we have flexible netflow  configured properly but NTA is not receiving any flows. Has anybody had or got a similar issue ?

       

      Config on the switch looks like this.

       

      flow record FR1

      match ipv4 source address

      match ipv4 destination address

      collect counter bytes long

      collect counter packets long

      collect timestamp sys-uptime first

      collect timestamp sys-uptime last

      !

      !

      flow exporter FE1

      destination 10.71.4.115

      source Vlan7

      transport udp 2055

      !

      !

      flow monitor FM1

      exporter FE1

      cache timeout inactive 30

      cache timeout active 60

      cache entries 1000

      record FR1

       

      interface TenGigabitEthernet2/1/21

      description router_x 5/0/1

      no switchport

      ip flow monitor FM1 input

      ip address x.x.x.x 255.255.255.252

      ip pim sparse-mode

        • Re: Cisco 4500X switch & Flexible Netflow
          jeff.stewart

          Here is the recommend configuration for the 4500; Example NetFlow Config - Cisco 4500 Sup7 - SolarWinds Worldwide, LLC. Help and Support

           

          Also, have you verified with a packet capture that the data is actually reaching the Orion server?

           

          !

          flow record ipv4

          ! match ipv4 tos

          match ipv4 protocol

          match ipv4 destination address

          match transport source-port

          match transport destination-port

          match interface input

          collect interface output

          collect counter bytes

          collect counter packets

          !

          flow exporter NetFlow-to-Orion

          destination 10.10.10.10

          source vlan254 (interface with which Orion is managing the device)

          transport udp 2055 (Orion’s collection port)

          export-protocol netflow-v5

          !

          flow monitor NetFlow-Monitor

          description Original Netflow captures

          record ipv4

          exporter NetFlow-to-Orion

          cache timeout inact 10

          cache timeout act 5

          !

          interface vlan254

          ip flow monitor NetFlow-Monitor input

          !

          2 of 2 people found this helpful
            • Re: Cisco 4500X switch & Flexible Netflow
              gdminnis

              I used this configuration on my 4507's.  I modified the vlan, interface and IP to reflect my network.   I get the following from sh flow exporter command

               

              Flow Exporter NetFlow-to-Orion:

                Description:              User defined

                Export protocol:          NetFlow Version 5

                Transport Configuration:

                  Destination IP address: 10.67.41.232

                  Source IP address:      10.67.40.1

                  Source Interface:       Vlan1

                  Transport Protocol:     UDP

                  Destination Port:       6343

                  Source Port:            51809

                  DSCP:                   0x0

                  TTL:                    255

                  Output Features:        Not Used

               

               

              and this from sh flow monitor

               

              Flow Monitor NetFlow-Monitor:

                Description:       Original Netflow captures

                Flow Record:       ipv4

                Flow Exporter:     NetFlow-to-Orion (inactive)

                Cache:

                  Type:                 normal

                  Status:               allocated

                  Size:                 4096 entries / 245776 bytes

                  Inactive Timeout:     10 secs

                  Active Timeout:       5 secs

                  Update Timeout:       1800 secs

                  Synchronized Timeout: 600 secs

               

              I am still not seeing anything on the server.

              1 of 1 people found this helpful
              • Re: Cisco 4500X switch & Flexible Netflow
                sdawson35

                Cheers, Working well now  - Thank you.

              • Re: Cisco 4500X switch & Flexible Netflow
                zoomxzoom

                I posted the same last week. This has been killing me. I've engaged Cisco TAC and our SE just to make sure everything looks good on the Cisco end. Hoping someone here has an answer for us.

                • Re: Cisco 4500X switch & Flexible Netflow
                  hblum@lifewatch.com

                  I am running my core on a pair of 4500-x's in VSS mode and am getting the netflow to my Orion server. Mine are running cat4500e-universalk9.SPA.03.06.03.E.152-2.E3.bin, and the netfow config is as following:

                   

                  flow record ipv4

                  match ipv4 protocol

                  match ipv4 source address

                  match ipv4 destination address

                  match transport source-port

                  match transport destination-port

                  match interface input

                  collect interface output

                  collect counter bytes

                  collect counter packets

                  !        

                  !        

                  flow exporter Orion

                  destination 172.x.x.x

                  source Vlan250

                  transport udp 2055

                  export-protocol netflow-v5

                  !        

                  !        

                  flow monitor NetFlow-Mon

                  exporter Orion

                  cache timeout inactive 10

                  cache timeout active 5

                  record ipv4

                   

                  vlan configuration 5,10,15,100

                  ip flow monitor NetFlow-Mon input

                  1 of 1 people found this helpful
                  • Re: Cisco 4500X switch & Flexible Netflow
                    johnny ringo

                    do you have an ip address on your source interface (vlan7)?  I would verify the switch has reachability from this interface to orion.

                     

                    Also for giggles I would check to make sure the Orion server's firewall and any network firewall in the way is not blocking udp 2055.

                     

                    HTH

                    • Re: Cisco 4500X switch & Flexible Netflow
                      zoomxzoom

                      OK, I've finally got this working. It required a code upgrade and the config below. The code version I am using is the current recommended: cat4500e-universal.SPA.03.06.04.E.152-2.E4.bin. A little background on my setup... This is a pair of 4500X switches running in VSS mode. They are the edge of a small office and connect over a WAN to reach the Orion server.

                       

                      Here is the full config:

                       

                      flow record NTArecord

                      match ipv4 tos

                      match ipv4 protocol

                      match ipv4 source address

                      match ipv4 destination address

                      match transport source-port

                      match transport destination-port

                      match interface input

                      collect interface output

                      collect counter bytes

                      collect counter packets

                      collect timestamp sys-uptime first

                      collect timestamp sys-uptime last

                      !

                      !

                      flow exporter NTAexport

                      destination x.x.x.x (Orion Server)

                      source Loopback0

                      transport udp 2055

                      export-protocol netflow-v5

                      !

                      !

                      flow monitor NTAmonitor

                      description NetflowToOrion

                      exporter NTAexport

                      cache timeout inactive 10

                      cache timeout active 5

                      record NTArecord

                       

                      (I went back and forth adding and removing these lines. Cisco says it wasn't required because I was trying to collect flow on my WAN interface but if I remove them I get no flow data).

                      vlan configuration 227

                      ip flow monitor NTAmonitor input

                       

                      On my WAN interface:

                      interface TenGigabitEthernet2/1/3

                      ip flow monitor NTAmonitor input

                      2 of 2 people found this helpful
                      • Re: Cisco 4500X switch & Flexible Netflow
                        sdawson35

                        Cheers, Working well now  - Thank you