2 Replies Latest reply on Jan 27, 2009 11:56 AM by Craig Norborg

    Trouble getting SOME sites to show traffic in Netflow

    bchernish

      I have Netflow installed and configured and it is showing data (with current "Last Data Received" dates & times), however I have two sites that will not update. One site is a Cisco 3725 runing 12.4 9t IOS --  the other is a Cisco 2821 running 12.4(15)T5 IOS

      I made sure that the routers / interfaces were added to Orion before configuring the routers to sent flow info.  When I try to add the routers to Netflow, they do NOT show up in the current exporters list, but I can add them by chosing "all Cisco".  They simply show Last Data Received = NEVER.

      I have tried both "ip route-cache flow" and "ip flow ingress" / "ip flow egress" on various interfaces and sub-interfaces.  I have tried bother version 5 and version 9 with no change in behavior.  The router seems to be exporting:

      Albany_VPN#sh ip flow exp
      Flow export v5 is enabled for main cache
        Export source and destination details :
        VRF ID : Default
          Source(1)       192.168.18.3 (FastEthernet0/0.1)
          Destination(1)  10.0.1.70 (2055)
        Version 5 flow records
        781785 flows exported in 26185 udp datagrams
        0 flows failed due to lack of export packet
        0 export packets were sent up to process level
        0 export packets were dropped due to no fib
        0 export packets were dropped due to adjacency issues
        0 export packets were dropped due to fragmentation failures
        0 export packets were dropped due to encapsulation fixup failures
      Albany_VPN#

      I know that Netflow is working (since it is showing data from other routers).  I can ping the Orion Server from the router. and I have checked and re-checked the IP addresses and Port etc.

      Here is a "sanitized" config as it is configured today:

      Albany_VPN#sh run
      Building configuration...

      Current configuration : 8509 bytes
      !
      version 12.4
      service timestamps debug datetime msec localtime
      service timestamps log datetime msec localtime
      service password-encryption
      !
      hostname Albany_VPN
      !
      boot-start-marker
      boot-end-marker
      !
      logging count
      logging buffered 16000 debugging
      enable secret {removed}
      !
      aaa new-model
      !
      aaa authentication login TRAuthList group radius local
      !
      aaa session-id common
      !
      resource policy
      !
      clock timezone PST -8
      clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
      no network-clock-participate slot 1
      voice-card 1
       dspfarm
      !
      ip cef
      ip tcp synwait-time 5
      ip telnet source-interface FastEthernet0/0.1
      !
      no ip dhcp use vrf connected
      no ip dhcp conflict logging
      ip dhcp excluded-address 192.168.118.1 192.168.118.10
      ip dhcp excluded-address 192.168.18.1 192.168.18.130
      !
      ip dhcp pool IP-PHONES
         network 192.168.118.0 255.255.255.0
         option 150 ip 192.168.101.88 192.168.101.87
         domain-name wsi.local
         default-router 192.168.118.3
         dns-server 10.1.1.6 10.1.1.2
      !        
      ip dhcp pool Pcs
         network 192.168.18.0 255.255.255.0
         option 150 ip 192.168.101.88 192.168.101.87
         domain-name wsi.local
         default-router 192.168.18.3
         dns-server 10.1.1.2 10.1.1.6
      !
      ip tftp source-interface FastEthernet0/0.1
      ip domain lookup source-interface FastEthernet0/0.1
      ip domain name wsi.local
      ip name-server 10.1.1.6
      ip ssh source-interface FastEthernet0/0.1
      !
      isdn switch-type primary-4ess
      !
      voice call carrier capacity active
      !
      voice translation-rule 100
       rule 1 /4300/ /2412/
       rule 2 /4301/ /2412/
       rule 3 /4302/ /2412/
      !
      voice translation-profile SRST
       translate called 100
      !
      fax interface-type fax-mail
      !
      application
       global
        service alternate DEFAULT
       !       
      username bchernish privilege 15 secret {removed}
      username elomega privilege 15 secret {removed}
      username bnelsonmt privilege 15 secret {removed}
      username ccinoc privilege 15 secret {removed}
      archive
       path tftp://Orion/Albany
       write-memory
      !
      controller T1 1/0
       framing esf
       linecode b8zs
       cablelength short 133
       pri-group timeslots 1-24 service mgcp
      !
      controller T1 1/1
       framing sf
       linecode ami
      !
      crypto isakmp policy 1
       encr 3des
       hash md5
       authentication pre-share
      crypto isakmp key {removed} address {removed}
      crypto isakmp keepalive 15
      !
      crypto ipsec security-association lifetime seconds 28800
      !
      crypto ipsec transform-set {removed} esp-3des esp-md5-hmac
      !
      crypto map Albany_vpn 10 ipsec-isakmp
       set peer {removed}
       set transform-set {removed}
       match address 130
       reverse-route
      !
      interface FastEthernet0/0
       description TRUNKED TO SWITCH
       no ip address
       ip accounting output-packets
       ip route-cache flow
       duplex auto
       speed auto
      !
      interface FastEthernet0/0.1
       description Albany Data / Managemnet VLAN
       encapsulation dot1Q 1 native
       ip address 192.168.18.3 255.255.255.0
       ip flow ingress
       ip flow egress
       ip nat inside
       ip virtual-reassembly
      !
      interface FastEthernet0/0.118
       description IP PHONE VLAN
       encapsulation dot1Q 118
       ip address 192.168.118.3 255.255.255.0
       ip flow ingress
       ip flow egress
       ip nat inside
       ip virtual-reassembly
      !
      interface Serial0/0
       ip address {removed} 255.255.255.252
       ip flow ingress
       ip flow egress
       ip nat outside
       ip virtual-reassembly
       encapsulation ppp
       no fair-queue
       crypto map Albany_vpn
      !
      interface FastEthernet0/1
       ip address {removed} 255.255.255.252
       ip flow ingress
       ip flow egress
       ip nat outside
       ip virtual-reassembly
       duplex auto
       speed auto
      !
      interface Serial0/1
       ip address 192.168.202.1 255.255.255.0
       ip access-group 102 in
       ip nat inside
       ip virtual-reassembly
       encapsulation ppp
      !        
      interface Serial1/0:23
       no ip address
       encapsulation hdlc
       no logging event link-status
       isdn switch-type primary-ni
       isdn incoming-voice voice
       isdn bind-l3 ccm-manager
       no cdp enable
      !
      router eigrp 316
       redistribute static
       network 192.168.18.0
       network 192.168.118.0
       network 192.168.202.0
       no auto-summary
      !
      ip route 0.0.0.0 0.0.0.0 {removed}
      ip route 10.0.0.0 255.255.224.0 {removed}
      ip route 10.1.0.0 255.255.224.0 {removed}
      ip route {removed} 255.255.255.248 {removed}
      ip route 192.168.0.0 255.255.0.0 Serial0/0 12.118.151.217
      ip route 192.168.20.0 255.255.255.0 Serial0/1
      ip route 192.168.101.0 255.255.255.0 Serial0/0 12.118.151.217
      !
      ip flow-cache timeout active 1
      ip flow-export source FastEthernet0/0.1
      ip flow-export version 5
      ip flow-export destination 10.0.1.70 2055
      !
      ip http server
      no ip http secure-server
      ip http path flash
      ip nat inside source route-map nonat interface FastEthernet0/1 overload
      !
      ip radius source-interface FastEthernet0/0.1
      logging source-interface FastEthernet0/0.1
      logging 10.0.1.70
      access-list 14 permit {removed}
      access-list 14 permit {removed}
      access-list 14 permit {removed}
      access-list 14 permit 192.168.0.0 0.0.255.255
      access-list 14 permit 10.125.0.0 0.0.7.255
      access-list 14 permit 10.0.0.0 0.0.7.255
      access-list 14 permit {removed}
      access-list 14 permit {removed}
      access-list 14 permit 10.1.0.0 0.0.7.255
      access-list 102 permit ip any any
      access-list 130 permit ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 130 permit ip 192.168.118.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 130 permit ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 130 permit ip 192.168.118.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 130 permit ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 130 permit ip 192.168.120.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 130 permit ip 192.168.20.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 130 permit ip 192.168.120.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 140 deny   ip 192.168.18.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 140 deny   ip 192.168.118.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 140 deny   ip 192.168.18.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 140 deny   ip 192.168.118.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 140 deny   ip 192.168.20.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 140 deny   ip 192.168.120.0 0.0.0.255 192.168.0.0 0.0.255.255
      access-list 140 deny   ip 192.168.20.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 140 deny   ip 192.168.120.0 0.0.0.255 10.0.0.0 0.255.255.255
      access-list 140 permit ip 192.168.18.0 0.0.0.255 any
      access-list 140 permit ip 192.168.118.0 0.0.0.255 any
      access-list 140 permit ip 192.168.20.0 0.0.0.255 any
      access-list 140 permit ip 192.168.120.0 0.0.0.255 any
      dialer-list 1 protocol ip permit
      dialer-list 1 protocol ipx permit
      snmp-server community wsi RO
      snmp-server community ws1 RW
      !
      route-map nonat permit 10
       match ip address 140
      !
      radius-server host 10.1.1.6 auth-port 1645 acct-port 1646 key {removed}
      !
      control-plane
      !
      voice-port 1/0:23
       echo-cancel coverage 24
      !
      ccm-manager fallback-mgcp
      ccm-manager redundant-host 192.168.101.87
      ccm-manager mgcp
      ccm-manager music-on-hold
      ccm-manager config server 192.168.101.88 192.168.101.87
      ccm-manager config
      !        
      mgcp
      mgcp call-agent 192.168.101.88 2427 service-type mgcp version 0.1
      mgcp dtmf-relay voip codec all mode out-of-band
      mgcp rtp unreachable timeout 1000 action notify
      mgcp modem passthrough voip mode nse
      mgcp package-capability rtp-package
      mgcp package-capability sst-package
      no mgcp package-capability fxr-package
      mgcp package-capability pre-package
      no mgcp timer receive-rtcp
      mgcp sdp simple
      mgcp rtp payload-type g726r16 static
      mgcp bind control source-interface FastEthernet0/0.1
      mgcp bind media source-interface FastEthernet0/0.1
      !
      mgcp profile default
      !
      dial-peer voice 5 pots
       translation-profile incoming SRST
       service mgcpapp
       destination-pattern 9T
       incoming called-number .
       direct-inward-dial
       port 1/0:23
      !
      call-manager-fallback
       max-conferences 8 gain -6
       transfer-system full-consult
       timeouts interdigit 5
       ip source-address 192.168.118.3 port 2000
       max-ephones 30
       max-dn 60
       alias 1 4300 to 2412
       alias 2 4301 to 2412
       alias 3 4302 to 2412
       translate called 100
      !
      line con 0
       exec-timeout 0 0
      line aux 0
       exec-timeout 0 0
      line vty 0 4
       access-class 14 in
       exec-timeout 0 0
       privilege level 15
       login authentication TRAuthList
       transport input ssh
      line vty 5 15
       access-class 14 in
       privilege level 15
       login authentication TRAuthList
       transport input ssh
      !
      ntp clock-period 17180499
      ntp peer 192.168.1.1
      !
      end

      Albany_VPN#

       

      Am I missing something simple here or does anyone have any idea what I should try nexy?

      Thanks,

      Brian