I am using 2 Cisco Catalyst 2960X as a stacked switch and I am trying to set up Netflow on them with PRTG as network monitor but it seems that I'm stuck somewhere, below are the config I'm using:
flow record toPRTG
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
!
!
flow record toPRTG1
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
!
!
flow exporter toPRTG
destination 172.18.145.xxx
transport udp 9995
!
!
flow monitor toPRTG
exporter toPRTG
cache timeout active 15000
record toPRTG
!
!
sampler toPRTG
mode random 1 out-of 32
!
!
interface GigabitEthernet2/0/10
switchport access vlan xxx
switchport mode access
ip flow monitor toPRTG sampler toPRTG input
spanning-tree portfast
!
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995
And the settings on PRTG
PRTG Settings 1
PRTG Settings 2
I can see that the Flow Exporter is sending data, but PRTG does not receive any thing on the UDP port I have configured. There is a firewall between 2 devices but I have allowed the flow to go through. Also there are no firewall on PRTG.
LBN-STACK-SW#show flow exporter statistics
Flow Exporter toPRTG:
Packet send statistics (last cleared 2d00h ago):
Successfully sent: 6489 (4907448 bytes)
Client send statistics:
Client: Flow Monitor toPRTG
Records added: 195422
- sent: 195422
Bytes added: 3126752
- sent: 3126752
May I know what I might have configured wrong?
Thanks in advance.
Edited: Added more information
Flow Exporter toPRTG:
Description: User defined
Export protocol: NetFlow Version 9
Transport Configuration:
Destination IP address: 172.18.145.203
Source IP address: 172.18.148.13
Source Interface: Vlan148
Transport Protocol: UDP
Destination Port: 9995
Source Port: 49334
DSCP: 0x0
TTL: 255
Output Features: Not Used
interface Vlan148
ip address 172.18.148.13 255.255.255.240
edited: full config
Building configuration...
Current configuration : 8535 bytes
!
! Last configuration change at 03:21:14 UTC Tue Aug 15 2017 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LBN-STACK-SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
switch 2 provision ws-c2960x-24ts-l
ip routing
!
!
vtp mode transparent
!
!
!
!
!
!
!
flow record toPRTG
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
!
!
flow record toPRTG1
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
!
!
flow exporter toPRTG
destination 172.18.145.xxx
source Vlan148
transport udp 9995
!
!
flow monitor toPRTG
exporter toPRTG
cache timeout active 15000
record toPRTG
!
!
sampler toPRTG
mode random 1 out-of 32
!
!
crypto pki trustpoint TP-self-signed-3314246400
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3314246400
revocation-check none
rsakeypair TP-self-signed-3314246400
!
!
crypto pki certificate chain TP-self-signed-3314246400
certificate self-signed 01
xxxx
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
vlan 144
name xxxx
!
vlan 145
name xxxx
!
vlan 146
name xxxx
!
vlan 147
name xxxx
!
vlan 148
name Mgnt-vlan
!
vlan 150
name xxxx
!
vlan 155
name xxxx
!
vlan 1441
name xxxx
!
vlan 1442
name xxxx
!
vlan 1443
name xxxx
!
vlan 1447
name xxxx
!
vlan 1451
name xxxx
!
vlan 1452
name xxxx
!
vlan 1453
name xxxx
!
vlan 1488
name xxxx
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description to-LBN-ACC-01
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
!
interface Port-channel2
description to-LBN-ACC-02
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
!
interface Port-channel3
description to-LBN-ACC-03
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
!
interface Port-channel4
description to-WLC
switchport mode trunk
!
interface Port-channel5
description to-LBN-ACC-04
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
switchport access vlan 1451
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 5 mode active
!
interface GigabitEthernet1/0/20
switchport trunk allowed vlan 144-146,148,150,155,1441-1443,1447,1451-1453
switchport trunk allowed vlan add 1488
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
!
interface GigabitEthernet1/0/22
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/23
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet1/0/24
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
switchport mode access
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
switchport access vlan 147
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/0/10
switchport access vlan 148
switchport mode access
ip flow monitor toPRTG sampler toPRTG input
spanning-tree portfast
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
description to-Fortinet-Port3
switchport access vlan 148
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
description to-WLC-port10
switchport mode trunk
channel-protocol lacp
channel-group 4 mode active
!
interface GigabitEthernet2/0/22
description to-access-sw01-port-50
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet2/0/23
description to-access-sw02-port-50
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
!
interface GigabitEthernet2/0/24
description to-access-sw03-port-48
switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
switchport mode trunk
channel-protocol lacp
channel-group 3 mode active
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan145
no ip address
!
interface Vlan148
ip address 172.18.148.xx 255.255.255.240
!
interface Vlan1441
no ip address
!
interface Vlan1442
no ip address
!
interface Vlan1443
no ip address
!
interface Vlan1451
no ip address
!
interface Vlan1452
no ip address
!
ip default-gateway 172.18.148.xx
ip http server
ip http secure-server
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995
!
ip route 0.0.0.0 0.0.0.0 172.18.148.xx
ip ssh version 2
!
!
snmp-server community xxxx RO
!
!
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login
!
end
Best Answer
The Catalyst 2960-X supports what is called netflow lite, not full netflow, and for that, it needs at least the LANBASE license. See "Prerequisites" on https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_e/fnf/configuration_guide/b_fnf_1522e_2960x_cg/b_fnf_32se_3850_cg_chapter_010.html (publically available Cisco Doc).
See the outputs of
show versionorshow licenseto check the license on the given 2960-X. We have seen cases where a Lan Lite switch would accept commands for unsupported features without returning an error - and the feature would just not work.That being said, I don't see where the error in the config might be - we have
... and that's what the config guide suggest. I suspect the problem is on the netflow analyzer side.
Please verify that PRTG actually supports netflow lite. My current understanding from what I can find at paessler.com is that netflow lite is not directly supported, and that eventually, you might need to convert netflow lite to classic netflow with some kind of itermediate service (such as http://www.ntop.org/products/netflow/nprobe/netflow-lite-plugin/)
Using one of the tools at https://www.paessler.com/tools/netflowtester might help with the analysis.
One more thing:
Instead of naming at least three related config items "toPRTG", I suggest using a config style as outlined below. It helps to track what is what, and to keep track of all the needed config bits. In short, it helps to understand the config concept. We use similar config styles in larger multi-tenant QoS configurations (that we maintain manually), so we can keep track of the per-tenant class-maps and policy maps, the ACLs to go with it etc. In general, we put a Prefix in there describing what kind of config item it is, the customer's name and the name itself. This then might look like this: PM_QUE_CUST01_WANPOLICY01 or CM_QOS_CUST04_REALTIME-TRAFFIC.
So here's what I suggest for a netflow config: