2 Replies Latest reply on Jun 19, 2009 8:59 AM by kweise

    Orion NPM and Netflow on Cisco 2811

      We have quite a few Cisco 2811 routers. We enabled netflow on one of the routers using the loopback as the source and only enabling the flow on fa0/0. However, Orion is receiving flow from multiple interfaces on the router. Has anyone had this occur? I thought it would only pass information on the interface on which it was enabled.

      Here are the commands:

      ip flow-export source Loopback0
      ip flow-export version 5
      ip flow-export destination <"Orion NPM server IP"> 2055

      int fa0/0
      ip route-cache flow

       

       Thanks for any input you can provide.

        • Re: Orion NPM and Netflow on Cisco 2811
          r0berth1

          it does the same thing on my 6509s, 2811s, and 1841s. I have a post asking about this and the answer from SW was to just not add the ports that i didnt want to NPM and it will not monitor them. They you just have to filter out the event messages saying that there is an unmonitored NTA port that is not added to NPM.

            • Re: Orion NPM and Netflow on Cisco 2811
              kweise

              I see the same thing in our implementation.  I think its the lesser of two evils.  When we first implemented the NTA module, once you configured Netflow on your device, you had to go into the Orion admin site and actively select the interfaces on the nodes you had configured for Netflow.  It does that automagically for you now, but you also get emails about interfaces not monitored.  It's really only a pain after the Netflow service restarts and we get an event or two from all of the Netflow enabled devices we have (we've got a couple hundred we're receiving Netflow from.)  At that point, I just go into system manager, select Events | Event Monitor and delete all of the Netflow missing whatever events.  Or, if I'm feeling lazy I just ignore the events. :)