Cisco Flow vs IP Flow – Key Differences

ciscocisco-iosnetflow

Using a 2900 series router and I encounter the following issue:

hostname#show flow monitor
  Flow Monitor TESTFLOW:
  Description:       User defined
  Flow Record:       TESTFLOW
  Flow Exporter:     TESTFLOW (inactive)
  Cache:
    Type:              normal
    Status:            allocated
    Size:              4096 entries / 10404496 bytes
    Inactive Timeout:  15 secs
    Active Timeout:    1800 secs
    Update Timeout:    1800 secs


hostname#show flow exporter
Flow Exporter TESTFLOW:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 192.168.x.x
    Source IP address:      172.16.x.x
    Source Interface:       GigabitEthernet0/0
    Transport Protocol:     UDP
    Destination Port:       3008
    Source Port:            61496
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Used
  Options Configuration:
    exporter-stats (timeout 100 seconds)

Why does the Flow Exporter: TESTFLOW (inactive) appear?

How can I set it to active?

Best Answer

Solved: netflow record size was too big.

Related Solutions

How to Disable Flow-Control on Cisco ISR 4431 Router GigabitEthernet

I will start by saying that you should not be disabling auto-negotiation with Gigabit connections. This is what the standard has to say (from 802.3-2012 Section Three, which you can reference here):

37.1.4.4 User Configuration with Auto-Negotiation

Rather than disabling Auto-Negotiation, the following behavior is suggested in order to improve interoperability with other Auto-Negotiation devices. When a device is configured for one specific mode of operation (e.g. 1000BASE-X Full Duplex), it is recommended to continue using Auto-Negotiation but only advertise the specifically selected ability or abilities. This can be done by the Management agent only setting the bits in the advertisement registers that correspond to the selected abilities.

This means you should never use speed 1000 on Gigabit links. You could instead speed auto 1000, but your expressed need has a better solution.

The real problem is the following command on interface Gigabit0/0/0:

  no negotiation auto

Remove the speed 1000, the duplex full, and the no negotiation auto commands from the interface and instead use negotiation forced so your interface looks like so:

 interface GigabitEthernet0/0/0
  description WAN Metro Ethernet Circuit
  ! ...
  negotiation forced

From Cisco documentation, the forced keyword has the following effect (and I believe also adheres to the standard's recommendation):

Disables flow control and configures the Gigabit Ethernet interface in 1000/full-duplex mode.

This should meet your requirement of 1000/full with no flow control.

In re-reading your question, I realized you noted you did not seem to have the force command available.

In your case, I will still recommend removing the no negotiation auto command and have your interface look like so:

 interface GigabitEthernet0/0/0
  description WAN Metro Ethernet Circuit
  ! ...
  speed auto 1000
  duplex full

Cisco ASA 5505 stop passing traffic randomly

The issue has been resolved! I have tried to analyze non-working hosts ARP tables and found ASA's MAC address change. Decreased ASA's log verbosity to Warning level, rebooted it and got a message during boot

IP address collision detected between host 192.168.0.1 at f80f.4197.a18d and interface inside

So found host with the MAC noted. Despite it has different IP address and it is separate point to investigate, host's disconnection immediately resolves the issue.

Best Answer

Related Solutions

How to Disable Flow-Control on Cisco ISR 4431 Router GigabitEthernet

Cisco ASA 5505 stop passing traffic randomly

Related Topic