3 Replies Latest reply on Aug 28, 2017 1:11 PM by rschroeder

    Vlan Netflow data from Cisco 4500R+E with 7L-E sup

    lostngone

      Help!

      I am working with a Cisco 4500R+E with 7L-E supervisors running IOS 03.07.00.E.152-3.E. with the IP Base license. Also I am running NTA 3.11.


      I did get FNF working on the switch and I am seeing some flow data populate Orion. I am seeing flow data from the routed port that is the up-link to the rest of the network but no data for any routed vlan to vlan traffic within the switch.

      Here is what I have in my config in reference to the flow config.

      --------------------------

      flow record r1

      match ipv4 protocol

      match ipv4 source address

      match ipv4 destination address

      match transport source-port

      match transport destination-port

      match interface input

      collect routing forwarding-status

      collect transport tcp flags

      collect interface output

      collect counter bytes long

      collect counter packets long

      collect timestamp sys-uptime first

      collect timestamp sys-uptime last

      --------------       

      flow exporter e1

      destination 192.168.99.4

      source GigabitEthernet5/48

      transport udp 2055

      template data timeout 60

      -------------       

      flow monitor m1

      exporter e1

      cache timeout inactive 30

      cache timeout active 60

      cache entries 1000

      record r1

      -------------

      vlan configuration 5,30-31,77

      ip flow monitor m1 input

      -------------

      interface GigabitEthernet5/48

      no switchport

      ip flow monitor m1 input

      ip address 192.168.254.10 255.255.255.252

      speed 1000

      duplex full

      --------------------------

       

      When I do a show flow interface on the routed port I see the FNF monitor information but when I do the same for the vlans I see nothing listed. However I do have "ip flow monitor m1 input" under "vlan configuration 5,30-31,77". It will not let me attach the ip flow statement under the vlan SVIs.

       

      sw1#show flow interface GigabitEthernet 5/48

      Interface GigabitEthernet5/48

        FNF:  monitor:          m1

              direction:        Input

              traffic(ip):      on

       

      -------------

      sw1#show flow interface vlan 5

      sw1#

       

       

      Any ideas?

      I am sorry if this a stupid problem but I have very little experience with Flexible Netflow or the 4500.

        • Re: Vlan Netflow data from Cisco 4500R+E with 7L-E sup
          choly

          Not really sure about that, but I would try removing "collect transport tcp flags" and "collect interface output" from the flow record and re-apply on vlan interfaces.

          • Re: Vlan Netflow data from Cisco 4500R+E with 7L-E sup
            rschroeder

            Version 7 45xx switches (and earlier hardware platforms) needed NetFlow modules purchased and installed.

             

            That is not the case for Version 8 4510 and 4507 chassis switches.

             

            However, the switch must be licensed for IP Base or Enterprise before NetFlow commands will work.  A plain 4510 running LAN Base cannot do NetFlow until its license is upgrade to at least IP Base.  The cost is about $5K.

             

            But I got this working on a 4510 V8 Enterprise Licensed switch today, and it's looking good.

             

             

            Cisco confirmed this with a TAC case I opened today.  Here are their instructions and links:

             

            Cisco Switch 4000 NetFlow configuration are supported for an IP base license level not support LAN base license level. Once that requirement is met, we can then move on to configuring Flexible NetFlow.

             

            Note- IOS XE supports the flexible netflow and not the original netflow format.

             

            Please find below the link for your reference:

            http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book/fnf-fnetflow.html#GUID-741D4DE7-B349-4B76-BB7A-2F64A0915C1F

             

             

            To see how to configure flexible netflow, please check the below link:

            http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book/fnf-fnetflow.html#d4759e5817a1635

             

             

            The old Netflow CLI is not supported. Only the FNF CLI is available.

             

            Unfortunately the only kind of netflow that the  4000X supports is the FNF, traditional netflow is not supported on that device, and there is no way to migrate to this one.

            http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-16/fnf-xe-16-book/use-fnflow-redce-cpu.html

             

            Customers with Cisco Traditional NetFlow (TNF) Feature on ASR4000 Platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) Feature on ASR4000 Platform at link below.

            http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html

             

             

             

            Example config:

            ========================================================

            flow record
            <<NAME>>

            match ipv4 tos

            match ipv4 protocol

            match ipv4 source address

            match ipv4 destination address

            match transport source-port

            match transport destination-port

            collect interface input

            collect interface output

            collect counter bytes

            collect counter packets

            flow exporter
            <<NAME>>

            destination <<<ip
            address>>

            source <<interface
            id>>

            transport udp 9996

            flow monitor
            <<NAME>>

            record <<NAME>>

            exporter <<NAME>>

             

            “show flow monitor name <<<monitor-name>>>
            cache format table”

            “show flow exporter <<name>>
            statistic>>>

             

            OR

             

            flow record
            FNF-input

             

            description IPv4 NetFlow

            match ipv4 source address

            match ipv4 destination address

            match transport source-port

            match transport destination-port

            match ipv4 protocol

            match interface input

            match ipv4 tos

            match flow direction

             

            collect interface output

            collect counter bytes long

            collect counter packets long

            collect transport tcp flags

            collect timestamp absolute first

            collect timestamp absolute last

            end

            show flow record FNF-input

             

            flow record
            FNF-output

             

            description IPv4 NetFlow

            match ipv4 source address

            match ipv4 destination address

            match transport source-port

            match transport destination-port

            match ipv4 protocol

            match interface output

            match ipv4 tos

            match flow direction

             

            collect interface input

            collect counter bytes long

            collect counter packets long

            collect transport tcp flags

            collect timestamp absolute first

            collect timestamp absolute last

            end

            show flow record FNF-output

             

            flow exporter
            FNF-exporter

             

            description Export to
            FNF-exporter

            destination 10.1.1.10

            source gigabitEthernet1/0/1

            transport udp 2055

            end

            show flow exporter
            FNF-exporter

             

             

            flow monitor
            FNF_mon_input

             

            description IPv4 FNF ingress
            exports

            exporter FNF-exporter

            record FNF-input

            cache timeout active 60

            end

            show flow monitor
            FNF_mon_input

             

            flow monitor
            FNF_mon_output

             

            description IPv4 FNF egress exports

            exporter FNF-exporter

            record FNF-output

            cache timeout active 60

            end

            show flow monitor
            FNF_mon_output

             

            interface
            GigabitEthernet1/0/1


            ip flow monitor FNF_mon_input input

            ip flow monitor FNF_mon_output output

            end

            show flow interface
            [interface-type number]

             

            show flow record FNF-input

            show flow record FNF-output

            show flow exporter FNF-exporter

            show flow monitor FNF_mon_input

            show flow monitor FNF_mon_output

            show flow interface
            <interface>

             

            Flexible NetFlow Configuration Guide, Cisco IOS XE Release
            3S (ASR 4000)

            http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/xe-3s/fnf-xe-3s-book.html

             

            For IOS-XE netflow configuration, Netflow-v5 and Traditional netflow has been discontinued on latest releases. There are various formats for the export packet and these are commonly called the export version. The export versions are well documented formats including version 5, 7, and 9. The most common format used is NetFlow export version 5, but version 9 is the latest Cisco invented format and has
            some advantages for key technologies such as security, traffic analysis and multicast. Without version 9 export format, Flexible NetFlow would not be possible. Sup6L-E doesn't support netflow with any IOS.

            Flexible netflow version 9 is supported on 4500 device using supervisor 7-E. This depends on supervisor and not IOS versions.

             

            Here is the link which states the same:

            http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/prod_white_paper0900aecd804be1cc.html

             

             

            Here is the link which shows configuration assistance of
            flexible netflow:

            http://www.cisco.com/en/US/docs/ios/fnetflow/configuration/guide/get_start_cfg_fnflow.html#wp1057363