Robert137
asked on
Netflow not exporting
Hi,
I'm trying to get Netflow configured for a Cisco 881 and am not having much luck getting any flows exported.
I have used the following:
ip route-cache flow - on two layer3 Interfaces vlan1 and fastethernet4
ip flow-export destination 192.168.80.16 9996
ip flow-export source fastethernet3
ip flow-export version 5 peer-as
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
I am getting the result below with show ip flow export
C881#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.80.1 (Vlan1)
Destination(1) 192.168.80.16 (9996)
Version 5 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
Any help would be greatly appreciated.
-Vik
I'm trying to get Netflow configured for a Cisco 881 and am not having much luck getting any flows exported.
I have used the following:
ip route-cache flow - on two layer3 Interfaces vlan1 and fastethernet4
ip flow-export destination 192.168.80.16 9996
ip flow-export source fastethernet3
ip flow-export version 5 peer-as
ip flow-cache timeout active 1
ip flow-cache timeout inactive 15
I am getting the result below with show ip flow export
C881#show ip flow export
Flow export v5 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.80.1 (Vlan1)
Destination(1) 192.168.80.16 (9996)
Version 5 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
Any help would be greatly appreciated.
-Vik
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only thing I can think of is - you did not configure snmp on router. I guess that netflow will not work without snmp configured.
# en
# conf t
# snmp-server community <name> ro
# en
# conf t
# snmp-server community <name> ro
Previous post was guess (what can be configuration difference between routers). SNMP should be configured - Cisco article.
(config)# snmp-server community private rw
should be configured, but I don't have it configured on my router (IOS is v 15.2.x).
Prerequisites for Configuring SNMP and the NetFlow MIB to Monitor NetFlow DataIn article is suggested that
Before you enable NetFlow you must:
Configure the router for IP routing
Ensure that one of the following is enabled on your router, and on the interfaces that you want to configure NetFlow on: Cisco Express Forwarding (CEF), distributed CEF, or fast switching
Understand the resources required on your router because NetFlow consumes additional memory and CPU resources
Configure SNMP on the router on which the NetFlow MIB feature is to be used. Refer to the Configuring the Router to use SNMP for more information. For more information on configuring an SNMP server, refer to the Configuring SNMP Support in the Cisco IOS Network Management Configuration Guide .
Restrictions for Configuring SNMP and the NetFlow MIB to Monitor NetFlow Data
Cisco IOS Releases 12.2(14)S, 12.0(22)S, or 12.2(15)T
If your router is running a version of Cisco IOS prior to releases 12.2(14)S, 12.0(22)S, or 12.2(15)T the ip route-cache flow command is used to enable NetFlow on an interface.
If your router is running Cisco IOS release 12.2(14)S, 12.0(22)S, 12.2(15)T, or later the ip flow ingress command is used to enable NetFlow on an interface.
(config)# snmp-server community private rw
should be configured, but I don't have it configured on my router (IOS is v 15.2.x).
ASKER
Thank you for the response
Getting somewhere,
I am at least now getting flows exporting! Although they are getting dropped due to no fib.
I re-issued the ip cef command globally. That started the flows.
C881#sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.80.1 (Vlan1)
Destination(1) 192.168.80.16 (9996)
Version 9 flow records
181 flows exported in 58 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
58 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
Getting somewhere,
I am at least now getting flows exporting! Although they are getting dropped due to no fib.
I re-issued the ip cef command globally. That started the flows.
C881#sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 192.168.80.1 (Vlan1)
Destination(1) 192.168.80.16 (9996)
Version 9 flow records
181 flows exported in 58 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
58 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
I guess your source interface can't reach destination for some reason. Wrong destination IP address? Can you ping destination address from that source interface by using extended ping?
Try to remove source address (router will chose itself source).
Also you can check output from
# sh ip cef 192.168.80.16 detail
general show commands to check IP CEF table
# sh ip cef
# sh adjacency
Try to remove source address (router will chose itself source).
Also you can check output from
# sh ip cef 192.168.80.16 detail
general show commands to check IP CEF table
# sh ip cef
# sh adjacency
ASKER
I was able to successfully ping the destination.
Although when I do the # sh ip cef 192.168.80.16 detail I am getting %IPv4 CEF not running even though i had previously run the ip cef command which to my understanding would enable cef on all interfaces.
Also when i do a show interface on VLAN1 it is showing the linew: IP CEF switching is disabled
I've also attempted to ip cef at interface level. Still the same result
Although when I do the # sh ip cef 192.168.80.16 detail I am getting %IPv4 CEF not running even though i had previously run the ip cef command which to my understanding would enable cef on all interfaces.
Also when i do a show interface on VLAN1 it is showing the linew: IP CEF switching is disabled
I've also attempted to ip cef at interface level. Still the same result
Under interface you should use
#interface vlan 1
# ip route-cache cef
#interface vlan 1
# ip route-cache cef
ASKER
Tried: ip route-cache cef
unfortunately it is still showing as CEF enabled but not running (Please see below)
sh cef state
output is:
KARD-C881#sh cef state
CEF Status:
RP instance
common CEF enabled
IPv4 CEF Status:
CEF enabled/not running
dCEF disabled/not running
CEF switching enabled/not running
universal per-destination load sharing algorithm, id B65C71EA
IPv6 CEF Status:
CEF disabled/not running
dCEF disabled/not running
universal per-destination load sharing algorithm, id B65C71EA
unfortunately it is still showing as CEF enabled but not running (Please see below)
sh cef state
output is:
KARD-C881#sh cef state
CEF Status:
RP instance
common CEF enabled
IPv4 CEF Status:
CEF enabled/not running
dCEF disabled/not running
CEF switching enabled/not running
universal per-destination load sharing algorithm, id B65C71EA
IPv6 CEF Status:
CEF disabled/not running
dCEF disabled/not running
universal per-destination load sharing algorithm, id B65C71EA
You can try issue #ip route-cache or #ip route-cache distributed under interface and see what happens. Either of those should work.
Enabling or Disabling CEF or dCEF
Enabling or Disabling CEF or dCEF
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you have 256MB of RAM and IOS 15.x only 10MB or so (if I remember correctly) is left free after booting of router. Max memory expansion is 512MB RAM - I used Samsung memory M470T6554EZ3-EC6 on my router and it works perfectly.
You can read more in article.
You can read more in article.
ASKER
It's the solution that worked granted it was a not a straightforward case of configuring netflow (Memory Errors)
ASKER
I have now switched to version 9 and set ip flow ingress on Fastethernet4 port and ip flow egress on vlan1.
Unfortunately I'm still getting zero flows exported.
I also have IP Flow export debugging turned on, but am getting no output.