7 Replies Latest reply on Aug 9, 2016 6:46 AM by don80061241@gmail.com

    Does NTA work with Cisco 2960X switches?

    brinky

      Hi,

      I'm trying to get NTA working on a 2960X switch. I've configured the switch with flow record, exporter, monitor & sampler and applied the monitor to interfaces. Looking at the flow stats on the switch it seems to be sending packets to the NTA server.

       

      Looking at the NTA server, it's saying it's "Last received netflow - Never" , BUT I am getting random errors from the 2960 saying "invalid v9 template" and "Windows firewall turned on, but not allowing packets" . However, Windows firewall is turned OFF (on the Solarwinds server) and the invalid template error occurs at random, i.e no errors for 3 days, then 2 error msg, then nothing for another day!

       

      As the server is showing some error messages, I presume that the switch is talking to the server, but the server seems to be ignoring the data, or some of the data is missing? 

       

      Any suggestions for what's wrong?

       

      Incidentally I do have NTA working correctly on a couple of Nexus switches, so the NTA server is working ok.

       

      Thanks,

      Mike

        • Re: Does NTA work with Cisco 2960X switches?
          Craig Norborg

          You might want to include your netflow config so we can have an idea of what you're doing. 

           

          2960x's only do "Netflow lite", rather than returning stats on every packet that goes through them, at the most you'll get 1 out of every 32 packets reported on, which is configurable.   You might have to manually set a sampling rate too.  If you go to "Manage Netflow Sources", you should see "Auto-detect: " followed by something like "no sampling" or a sampling rate.   If the sampling rate here doesn't match the sampling rate you chose on your 2960x, you will have to edit it to match.

            • Re: Does NTA work with Cisco 2960X switches?
              brinky

              Hi Craig,

              Thanks for the reply, I was really asking the question whether it worked at all, because I couldn't find any definite answers by Googling.

               

              I gave up on the 2960X and thought I'd configure another Nexus 7K, whilst waiting for a reply to my post. After putting the config on the Nexus, I went back to the Solarwinds NTA webpage and added the Nexus to the Netflow Sources. After doing this, I noticed that the 2960X (in Netflow Sources) was now saying it was receiving Netflow !  (see screenshot)
              I'm beginning to wonder if it's the "last received Netflow" column on the NTA webpage that's not updating correctly?
              Also, am I correct in saying the "Traffic in" and "Traffic out" info is really coming from snmp (rather than Netflow), as i haven't configured Netflow at all on another Nexus, but it's showing traffic in and out?
              Netflow sources screenshot.JPG
              Incidentally, I'm using this version of Solarwinds:  Orion Platform 2013.2.0, NPM 10.6, NTA 3.11.0, IVIM 1.8.1 © 1995-2013 SolarWinds Worldwide, LLC. All Rights Reserved.
              Thanks,
              Mike
                • Re: Does NTA work with Cisco 2960X switches?
                  Craig Norborg

                  I have heard that there seems to be some delay in the 2960x sending out its netflow template to the receiver, maybe you ran in to that.   You're definitely seeing Netflow there, but like I said, its only sampling at most 1:32 packets, so make sure the ratio is set correctly!

                    • Re: Does NTA work with Cisco 2960X switches?
                      brinky

                      Hi Craig,

                      Thanks for the info. As you can probably guess, I'm pretty new to NTA, so please can you have a look at the config I've put on the 2960 and see if I've missed anything, or there's anything that could be done better?    ( Note: real destination IP address replaced with x.x.x.x)

                       

                      flow record NFSWTRecord
                      match ipv4 tos
                      match ipv4 protocol
                      match ipv4 source address
                      match ipv4 destination address
                      match transport source-port
                      match transport destination-port
                      collect interface input
                      collect flow sampler
                      collect counter bytes long
                      collect counter packets long
                      collect timestamp sys-uptime first
                      !
                      flow exporter NFSWExporter
                      description Solarwinds server
                      destination x.x.x.x
                      source Vlan100
                      transport udp 2055
                      template data timeout 60
                      !
                      flow monitor NFSWMonitor
                      record NFSWTRecord
                      exporter NFSWExporter
                      cache timeout inactive 120
                      cache timeout active 120
                      !
                      sampler NFSWSampler
                      mode random 1 out-of 100


                      interface GigabitEthernet1/0/24

                      ip flow monitor NFSWMonitor sampler NFSWSampler input


                      Any suggestions would be greatly appreciated.

                      Thanks,

                      Mike

                        • Re: Does NTA work with Cisco 2960X switches?
                          Craig Norborg

                          Hmm... Unfortunately all the 2960x's we have apparently are lanlite which don't support this, so I can't get in and play and tell you for sure.  I'd be working off this document:

                           

                          http://www.solarwinds.com/documentation/NetFlow/docs/NetFlowDeviceConfiguration.pdf

                           

                          Which is generally a very good guideline.   I don't see a 1:1 match in your config above with any of the examples given in this document.   Might see if you can modify it based on one of these examples.   I'd go for one of the larger switches like the 6500 or 7000 if possible.   Although the 3560/3750 are probably pretty close, but you have to be careful in that they only support it on a single port, so they're doing ingress/egress, and you probably want ingress only like some of the other examples, but it depends on your application what you do want to use.

                            • Re: Does NTA work with Cisco 2960X switches?
                              brinky

                              Hi Craig,

                              I think I need to do some experimentation to see what works best  :-)

                               

                              The reason for getting NTA working was for the scenario when someone says "the network or our UCS is running slow, please can you investigate"  .  NTA would seem to be a pretty good tool for having a quick look to see if there's any traffic congestion problems on the network, so I though I'd have a go at getting it working.

                               

                              Unfortunately there seems to several minor differences between Netflow Lite and flexible Netflow, all of which seem to conspire to stop it working!  And the error messages you get (if you get any) aren't particularly useful either.

                               

                              Anyway, thanks for taking the time to reply, it's been very useful and much appreciated.

                              Regards,

                              Mike

                    • Re: Does NTA work with Cisco 2960X switches?
                      don80061241@gmail.com

                      Hi Mike,

                      I am not sure if you have fixed your issue but we have a similar issue.

                      Our investigation discovered a Thwack message "Support for Cisco Netflow-Lite"  under "NetFlow Feature requests that was updated November 2015 to say that Netflow-lite is now supported in "NTA 4.1.1"

                      I noticed in one of your post's with your setup that you are using version 3.1.x this may be the issue.

                      Regards

                      Don

                      1 of 1 people found this helpful