NetFlow on a 2600 series

Discussion in 'Cisco' started by Darragh Delaney, Sep 25, 2006.

  1. Hi,
    I am trying to get a NetFlow collector set up to receive NetFlow data
    from a Cisco 2600 series router. As you can see from the config below
    I have it set up to send to a NetFlow collector on port 2056. However
    there is very little NetFlow coming through to the collector, I did a
    tcpdump on its interface and a small numer of NetFlow packets are
    comming through.

    I have read in places that the ip flow-export source should be set to
    loopback. Could this make a difference.

    I have also enabled ip cef since I captured this config but it has
    made no difference.

    Any suggestions greatly appreciated.

    Thanks,
    Darragh

    Current configuration:
    !
    version 12.0
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname myrouter
    !
    boot system flash c2600-i-mz_120-5_T1.bin

    !
    ip subnet-zero
    ip flow-cache timeout active 1
    !
    !
    !
    process-max-time 200
    !
    interface FastEthernet0/0
    ip address 172.21.16.1 255.255.255.0
    ip helper-address 172.20.1.3
    ip helper-address 172.16.1.12
    no ip directed-broadcast
    ip route-cache flow
    !
    interface Serial0/0
    description Serial0/0 fr dlci! : (bs657657)
    ip address 192.168.127.46 255.255.255.252
    no ip directed-broadcast
    encapsulation frame-relay
    ip route-cache flow
    no ip mroute-cache
    no keepalive
    no fair-queue
    cdp enable
    frame-relay class ToRemote


    frame-relay interface-dlci 21
    !
    router bgp 65500
    bgp log-neighbor-changes
    network 192.168.128.0 mask 255.255.255.0
    redistribute static route-map cpe-static
    neighbor 192.168.127.45 remote-as 5466
    no auto-summary
    !
    ip flow-export source FastEthernet0/0
    ip flow-export version 5 peer-as
    ip flow-export destination 172.16.1.11 2056
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.22.16.1
    no ip http server
    !
    !
    mgt-lan seq 5 permit 192.168.128.0/24 le 32
    !
    map-class frame-relay Connection
    frame-relay end-to-end keepalive mode passive-reply
    frame-relay traffic-rate 256000 256000
    no frame-relay adaptive-shaping
    route-map cpe-static permit 10
    match tag 1024
    !
    route-map cpe-static deny 20
    !
    route-map block-mgt-lan deny 10
    match ip address prefix-list mgt-lan
     
    Darragh Delaney, Sep 25, 2006
    #1
    1. Advertising

  2. Darragh Delaney

    Guest

    Darragh Delaney wrote:
    > Hi,
    > I am trying to get a NetFlow collector set up to receive NetFlow data
    > from a Cisco 2600 series router. As you can see from the config below
    > I have it set up to send to a NetFlow collector on port 2056. However
    > there is very little NetFlow coming through to the collector, I did a
    > tcpdump on its interface and a small numer of NetFlow packets are
    > comming through.
    >
    > I have read in places that the ip flow-export source should be set to
    > loopback. Could this make a difference.
    >
    > I have also enabled ip cef since I captured this config but it has
    > made no difference.
    >
    > ip flow-cache timeout active 1
    >
    > interface FastEthernet0/0
    > ip route-cache flow
    >
    > interface Serial0/0
    > ip route-cache flow
    >
    > ip flow-export source FastEthernet0/0
    > ip flow-export version 5 peer-as
    > ip flow-export destination 172.16.1.11 2056


    I have had this working with a very similar configuration
    to this exept that I was missing the "peer-as" bit.

    As I understand it on a router such as a 2600
    you /either/ have net-flow switching or CEF. If it is not
    working I would not turn on CEF.
    Having CEF on globally though may or may not affect
    netflow but I am pretty sure it will if you enable
    ip route-cache cef on the interfaces too.

    I seem to recall that the data was not available as soon as I
    expected and it was only after I came back a
    bit later that I realised that it really was working. Give it
    some hours.

    I fancy another look at this. I will give it a go.
     
    , Sep 25, 2006
    #2
    1. Advertising

  3. Darragh Delaney

    paul_duffany

    Joined:
    May 18, 2010
    Messages:
    1
    My experience

    I always use a loopback for this. Also, I did not notice a route statement with a valid next hop.
    ip route 0.0.0.0 0.0.0.0 172.22.16.1

    Not sure how you are seeing anything, but this next hop is not in the same subnet as your interfaces. I assume that you have a bgp route pointing to your collector.

    Make sure you advertise the new Loopback ip address or place a static route statement downstream to get there.
    Try this, and note the timeout is 5 minutes:

    ip flow-cache timeout active 5
    ip flow-export source Loopback0
    ip flow-export version 5
    ip flow-export destination xxxxx 2056
    int Fastethernet 0/0
    ip route-cache flow
    int Serial0/0
    ip route-cache flow

    Hope this helps,
    Paul

     
    paul_duffany, May 18, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guan Yang
    Replies:
    5
    Views:
    2,164
    Guan Yang
    Feb 2, 2004
  2. godwill

    2600 series and 1700 series

    godwill, Apr 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    2,256
    Hansang Bae
    Apr 9, 2004
  3. Replies:
    0
    Views:
    950
  4. zxcvar
    Replies:
    3
    Views:
    3,721
    Dave Martindale
    Sep 9, 2003
  5. Replies:
    2
    Views:
    839
Loading...

Share This Page