1. Creating a flow exporter and a flow record
2. Creating a flow monitor and associating the exporter and record to this monitor
3. Associating the flow monitor to an interface.
The Flexible NetFlow in Cisco 4500 requires you to configure your own “record” since there are no predefined ones available like in some other IOS. The creating of a flow record involves the below:
flow record nfa-record
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
collect interface output
collect counter bytes
collect counter packets
Note the bold, we will get to that soon. After you have created this record and associated it to the monitor, the monitor has to be attached to every L3 interface which needs to be monitored. This is where the limitation and the bug pops up. When trying to associate the monitor to an interface, lets see what happens:
switch(config-if)# flow monitor NFAmonitor input
“intf output: cannot be supported as match field. Flow record fields can’t be supported with the monitor type“
What does this mean? Simply that the statement collect interface output used when creating the record is not supported. This is a serious limitation as it is this line which helps capture the output interface for a traffic conversation. You need to remove that line from the flow record configuration and then attach the flow record to the interface. Result: Only the IN traffic across the interface is captured and not the OUT traffic.
Now, let us have a look at the bug. I would not call it a bug actually, but an issue of providing a clearer statement. The scenario is:
switch(config-if)# flow monitor NFAmonitor output
“could not be added to interface due to invalid sub-traffic type: 0”
Makes no sense? This, I hope Cisco will change to a show the same error as with input monitor. But more than that, I hope Cisco will arrange to get records with collect interface output statement working on Cisco 4500 as the lack of support for this takes away the capability to view OUT traffic for an interface. Let us hope for the best.
Regards.
Praveen Manohar.
Download | Interactive Demo | Product overview video | Twitter | Customers
Cisco removes the basic netflow function and forces you to upgrade your license and after youve paid them extra for what was intgrated, its STILL crippled. I’ll do whatever it takes to avoid Cisco.
Hi Terry,
We tried calling you to try and assist you with the NetFlow configuration. However, we reached your voice mail. Please mail us at netflowanalyzer-support@manageengine.com with your convenient timing that we can call you.
Praveen Manohar.
I was wondering if there were any updatre on this. I am the customer you were working with. It sure would be nice to get usable Netflow information from my 4506 again.