Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2150
Views
0
Helpful
3
Replies

Netflow in 3850

niterid3r
Level 1
Level 1

‎10-01-2013 07:51 PM - edited ‎03-07-2019 03:47 PM

Just wondering if anyone has configured netflow on 3850 switch?

We have a client running stack of 2 3850 switches with Whats up Gold v 16.01

For some reason WUG is unable to Receive netflow stats from the switch. I have uploaded new MIBS and at this point not sure if the problem is on switch or monitoring tool itself.

Netflow on WUG works fine for other network devicesd such as 2821 and 6500

Configuration is below

flow record RECORD-1

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match interface output

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp absolute first

!

!

flow record RECORD-INPUT

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match interface input

collect transport tcp flags

collect interface output

collect counter bytes long

collect counter packets long

collect timestamp absolute first

!

!

flow exporter EXPORT-WUG

destination X.X.X.X

source Loopback0

transport udp 9999

option interface-table timeout 30

option exporter-stats timeout 30

!

!

flow monitor MONITOR-UPLINK

exporter EXPORT-WUG

record RECORD-1

!

!

flow monitor MONITOR-INPUT

exporter EXPORT-WUG

record RECORD-INPUT

interface GigabitEthernet1/0/23

ip address x.x.x.x 255.255.255.252

no switchport

ip flow monitor MONITOR-INPUT input

ip flow monitor MONITOR-UPLINK output

Labels:
0 Helpful
3 Replies 3

jakewilson
Level 1
Level 1

‎10-02-2013 01:50 AM

Hello,

I compared your configuration to the setup shown in this video and found some entries missing:

http://www.youtube.com/watch?v=g4x8rLB-OMQ

flow record RECORD-1 (RECORD-INPUT)

! below is optional

match ipv4 tos

! below could very well be necessary

match transport source-port

match transport destination-port

! below (NBAR) is great for layer 7 visibility. 

match application name

! MAC addresses are helpful sometimes

collect datalink mac source address input

collect datalink mac destination address input

! necessary depending on the collector. 

! i noticed your different records are collecting ingress/egress

collect flow direction

flow exporter EXPORT-WUG

! below tells how often the v9 template is exported in seconds

tempate data timout 60 

! below is necessary for NBAR support

option application-table

flow monitor MONITOR-UPLINK

! below sends a template to the collector every 60 seconds

! definately helpful if changes are made to the FnF config

cache active timeout 60

Please vote on my post if the above helps. Here is a great blog that talks about the Catalyst 3850 NetFlow capabilities.

0 Helpful

niterid3r
Level 1
Level 1
In response to jakewilson

‎10-14-2013 10:07 PM

Thanks Jake,

It end up working with my configuration, What i need was patience and allow our monitoring tool to collect data before it could display. Anyhow very well pointed things in your response specially regarding NBAR. I will try to configure that for us.

Cheers.

0 Helpful

joey.tenney@hsr.ca.gov
Level 1
Level 1

‎10-17-2017 12:26 PM

Hi niterid3r

I am trying to setup the exact same thing and I am wondering if you put an IP address on your loopback interface? Also are you only getting Netflow from one interface on the switch or all of the interfaces? Any help would be greatly appreciated.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card