Using Netflow with my Cisco 2811

Salonge
Salonge used Ask the Experts™
on
Hi all

I have been using Scrutinizer to monitor bandwidth of our wan for over a year.  Recently, we purchased an additional T-1 and with that came a new Cisco Router 2811.  We did not change the device IP's but Scrutinizer will not pick up the device.  I went into the router and put in the correct netflow commands in the interface - fastethernet 0/0. I have two interfaces and the software will not see either interface.  

I can even do an IP export-flow cache  and see the flows coming from the interface.  My problem starts when Scrutinizer no longer will see the device.

Also when I try to ping any inside device from the new router, it will not ping.  I can ping the router from any device on my network.

What am I missing here.

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Does the router have an external (public) or internal IP?
Did the IP addressing change when you got the new router, and is there a firewall inbetween that you need to adjust the NAT pass through on?

Author

Commented:
Vanbarsoun - the router has an external IP and not an internal.  Neither did the old one.  The IP did not change from the old interface to the new interface.  Cheever000 - there is a firewall between that and my netflow server, but the only thing that changed in the entire scheme was the router itself.  On my new router.
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Have you checked the firewall log to see if the router traffic is being blocked for some reason?

Author

Commented:
no, I did not.  We have a Unix box and I am not certain of the commands to do that.  I tried to ping the firewall from the router and it will not connect.  I can ping the router from my server, but I cannot ping my server from the router.  When this was initially set up, we set our firewall up to get flows and that is still working fine.
could you post the netflow section of your config here too, you see flows when you do an sho ip cache flow

and sho ip flow export?

Author

Commented:
I can see flows when I do sho ip cache flow and sho ip flow export.

ip flow-cache timeout active 1
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 10.100.90.206 2055
Do the router know where the 10.100.90.206 network is?

Do you have a static route back to the firewall for the 10.100.90.X network?  it may be sending the flows towards the default route which i would assume is the ISP gateway?

Author

Commented:
I don't know how to answer that question.  I can ping the router from that IP, but I can't ping the IP from the router.  Nor can I ping any device from that router.  There seems to be something I am missing in the router itself.  That was the only change, we swapped routers.  The new router has 2 fast ethernet interfaces; 2 serial interfaces; and a multilink interface.  We are using the multilink interface and one of the fast ethernet interfaces.  the device we are using is the fast ethernet and the IP associated with it did not change.
The firewall is natting the IP probably, sending responses back to an outside address

do a sho ip route and see if you see the 10.100.90.X network.

if not just add
ip route 10.100.90.0 255.255.255.0 X.X.X.X

I am of course assuming that 10.100.90.0 is a 24 network and x.x.x.x is the outside of the firewall.

Now that I think about this are you sure your netflow host is correct if the firewall is port forwarding it may be an external address in interface range between the firewall and router?

Author

Commented:
Thank you , in the IP route command, what is the x x x x?
thats the IP of the gateway to the 10 network which would be the firewalls, interface that connects to the router's IP

Author

Commented:
"Now that I think about this are you sure your netflow host is correct if the firewall is port forwarding it may be an external address in interface range between the firewall and router?"  I am not sure.  I will add the IP route to see what happens.  Here is what I receive when I do the IP route.

Router#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile,
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter a
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external typ
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-
       ia - IS-IS inter area, * - candidate default, U - per-user
       o - ODR, P - periodic downloaded static route, + - replicat

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, Multilink1
      63.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        63.161.118.48/29 is directly connected, FastEthernet0/0
L        63.161.118.49/32 is directly connected, FastEthernet0/0
      144.223.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        144.223.82.112/30 is directly connected, Multilink1
L        144.223.82.114/32 is directly connected, Multilink1
there is a good chance that the IP address you need to send it is in the 63.161.118.48/29 range some where.  But try adding the route to the 10.100 network and see if anything starts working?

Author

Commented:
Nothing changed when I added the IP route.

Author

Commented:
I was able to fix the issue by adding a different ip destination to the router.  Thanks for all your help.
If that is the case I believe I was some help with resolving this as my suggestions pointed to changing the host ip that router was forwarding traffic to.

Author

Commented:
Yes, you were.  I will award you the points.  Just for the record though, the IP flow-export destination was one in the range of IP's that I did not know anything about.  I had to go into the  old router, they left it, and I found the old configuration.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial