7 Replies Latest reply on Jun 24, 2015 8:03 AM by ice

    NetFlow Setup Question(s)


      I apologize since I Know this has been asked.  I've looked through the forums and support and found basic NetFlow setup info, but it doesn't quite seem to be working right.


      I followed the basic instructions from here:


      Re: Netflow not working on cisco site-to-site vpn router


      I have a Cisco 2911 router I am using as a test device.  Following a successful setup, I'll be adding Cisco 3750s and several Nexus 5000 switches.


      After following the basic setup, all I get is this:



      Obviously it is receiving data from the router, but it says "Last received Netflow" = Never.  No other tabs under NetFlow give me any further information.


      What am I missing?


      Thanks all!

        • Re: NetFlow Setup Question(s)

          Hi, that "never" statement on that last received column is one indication if your flow data from your device is reaching the Orion server (where NTA is installed). If it is receiving and correct template, it should show an updated time stamp. To check and isolate it fast, On your Orion server run packet capture (wireshark). filter it to the IP address for that device and let it run for 5 to 8 minutes. check on the live capture if you will get Cflow data.


          If you do not get any CFLOW - then there is something wrong with your configuration or routing issue. It is not important if you have configured your device to send netflow data, the important thing the data (flow data) will reach to the Orion server (where NTA is installed).


          If you did get the Cflow data, check the packets and see what version it is getting? if version 9, make sure it contain the right template as seen on this link below


          SolarWinds Knowledge Base :: Using NetFlow Version 9


          NTA for Cisco supports only netflow 5 and netflow v.9 (with exact template).


          for 3750, check the configs.



          1 of 1 people found this helpful
            • Re: NetFlow Setup Question(s)

              Thank you for the help!  I'm fuzzy (meaning clueless) on the concept of the template. Can you point me in the right direction for that?


              I'll perform the packet capture tomorrow. I know that I configured the router to use version 5, per the earlier Thwack article.


              I have not configured any "templates" in Orion though. I need help with this.


              Thank you for your reply and help!!

                • Re: NetFlow Setup Question(s)

                  No worries. I'll wait on the result on the packet capture and let us see what you are getting.



                  - Open Wireshark

                  - Click on Capture on the tool bar and select Interfaces

                  - Click on Option for the interface used to poll your devices.

                  - In the capture filter type the following: ip.addr==xxx.xxx.xxx.xxx

                  - Please replace the xxx.xxx.xxx.xxx  with the ip address of your router which is having issues

                  - Click on Start to launch the capture.

                  - Reproduce the issue with your device

                  - Once you have captured the data for 8 minutes

                  - Go back to Wireshark and stop the network trace.

                  - Capture > Stop.

                  - sort the column for protocol and see if you are getting any Cflow.

              • Re: NetFlow Setup Question(s)

                is this router a self managed router?


                if so I am more than willing to help you with the config required, as I have done this on our layer 3 core switches

                • Re: NetFlow Setup Question(s)

                  Was a solution ever found for this??  I have a Cisco 4506 that stopped sending NetFlow data a few months back, and I can't see what has changed on my switch to cause this.


                  Any help/suggestion would be most appreciated.



                  John L.

                    • Re: NetFlow Setup Question(s)

                      If you see other devices are showing flow data on the NTA application, then I can say that 99% your NTA application is not the issue. NTA will only listen to port 2055 and it will just collect all flow data that your device is throwing at it. Best way to isolate the issue if the flow from your non-working device is reaching the Solarwinds server (where the NTA is installed) by running the wireshark procedure above. Make sure that before you start the capture, it is filtered to the IP address of the device that is not working. Then let it run for 10 minutes and see if your are getting CFLOW (protocol) on the capture. If there are none, double check your device configuration, check the Port and the IP address of the flow collector (which is the Solarwinds server). also check if there are any firewall in between blocking the traffic or any routing issue to the network.


                      Also check if the interfaces added on netflow data are up (green) and not grey-out or unknown.