6506 NetFlow

Hi,
I'm trying to capture an ingress traffic on SVI interface of my Cisco 6506 (WS-C6506-E).
I've enabled NetFlow on the Multilayer Switch Feature Card (MSFC):
ip flow-export source Vlan254ip flow-export version 5ip flow-export destination 172.23.100.21 2055
Enabled NetFlow and NetFlow Data Export (NDE) on the Policy Feature Card (PFC):
ip flow ingress layer2-switched vlan 130mls netflow interfacemls flow ip interface-destinationmls nde sender version 5mls aging fast threshold 127mls aging long 1000mls sampling time-based 512mls cef error action resetmls netflow sampling
and on the monitorable interface:
interface Vlan130 ip address 172.23.170.2 255.255.255.0 ip flow ingress mls netflow sampling standby 1 ip + timers + priority + preempt + authentication
Now I'm trying to see capruted flows. The point is I can't see flow's source address, source and destination port, and L4 protocol for unicast flows:
Cat6506-LAN1#sh mls netflow ipDisplaying Netflow entries in Active Supervisor EARL in module 5DstIP           SrcIP           Prot:SrcPort:DstPort  Src i/f          :AdjPtr-----------------------------------------------------------------------------Pkts         Bytes         Age   LastSeen  Attributes---------------------------------------------------172.23.131.5    0.0.0.0         0   :0      :0        Vl130            :0x0202          52554         2     17:04:35   L2 - Dynamic0.0.0.0         0.0.0.0         0   :0      :0        --               :0x013312        6807977       2     17:04:35   L3 - Dynamic172.23.170.64   0.0.0.0         0   :0      :0        Vl130            :0x00            0             2     17:04:34   L2 - Dynamic172.23.170.123  0.0.0.0         0   :0      :0        Vl130            :0x00            0             2     17:04:35   L2 - Dynamic224.0.0.2       172.23.170.3    udp :1985   :1985     Vl130            :0x02            156           1     17:04:35   Multicast
224.0.0.2       172.23.170.3    udp :1985   :1985     Vl130            :0x08            624           6     17:28:03   Multicast172.23.170.181  0.0.0.0         0   :0      :0        Vl130            :0x00            0             5     17:28:03   L2 - Dynamic
The same output info I get on my NetFlow collector.
Anybody know a reason what can prevent of collecting flows correctly?
Thanks.

might want to change the flow mask to full instead of destination. I think that should give you the rest of the info. chris

Similar Messages

  • Cisco 6506 Netflow configuration

    I configured netflow to capture data received by vlan 950. 
    vlan 950 has an ip 10.198.0.12. But the output is capturing only packets with source ip of this subnet only.
    why is it not showing any traffic received from outside? or sent to outside hosts?

    Hi Rafael,
    you need an Assurance License for that feature to work
    check the below link:
    http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps12239/guide_c07-714720.html
    Thanks-
    Afroz
    [Do rate the useful post]

  • Couldnot Export Netflow entries in the PFC (hardware switched)

    Hi,
    On the Netflow Collector we are not able to see hardware switched flow entries in PFC, but software switched flow entries in MSFC can be seen. One thing which I have observed in the "show ip cache flow" output I see PFC as standby although the flow entries are there. We did the packet capture on the netflow collector but could not find hardware switched flow entries, so it seems that 6506 is not sending PFC entries.
    Following is the configuration.
    mls aging long 64
    mls aging normal 32
    mls netflow interface
    mls flow ip interface-full
    no mls flow ipv6
    mls nde sender version 5
    mls cef error action reset
    ip flow-cache entries 128000
    ip flow-cache timeout active 1
    ip flow ingress layer2-switched vlan 10,20
    ip flow-export source Loopback0
    ip flow-export version 5
    ip flow-export destination 10.19.20.31 9996
    show ip cache flow
    Displaying software-switched flow entries on the MSFC in Module 5:
    IP packet size distribution (8679322 total packets):
       1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
       .132 .142 .325 .166 .082 .046 .019 .015 .006 .000 .001 .000 .001 .000 .013
        512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
       .001 .001 .001 .005 .035 .000 .000 .000 .000 .000 .000
    IP Flow Switching Cache, 8454644 bytes
      30 active, 127970 inactive, 1523126 added
      438002488 ager polls, 0 flow alloc failures
      Active flows timeout in 1 minutes
      Inactive flows timeout in 15 seconds
    IP Sub Flow Cache, 1040712 bytes
      30 active, 31970 inactive, 1522942 added, 1522942 added to flow
      0 alloc failures, 0 force free
      1 chunk, 1 chunk added
      last clearing of statistics 2w1d
    Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
    --------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
    TCP-FTP          40819      0.0        10    73      0.3       0.5       3.1
    TCP-FTPD         40607      0.0         3    42      0.1       0.0       1.5
    TCP-WWW           2071      0.0        10   918      0.0       5.1     164.8
    TCP-other        39829      0.0        25   245      0.7       6.6     188.0
    UDP-DNS           1579      0.0         3    92      0.0       6.7     293.7
    UDP-NTP           3309      0.0         2    94      0.0     105.4     195.0
    UDP-TFTP             2      0.0        10    52      0.0     169.3     131.2
    UDP-Frag             5      0.0         1    57      0.0       1.0     299.5
    UDP-other       576228      0.4         2   197      1.1      13.8     285.8
    ICMP             55727      0.0         4   591      0.1     161.5     137.9
    GRE              28899      0.0        45    28      0.9     285.4       1.0
    IP-other        111838      0.0        34   129      2.9     292.4       8.0
    Total:          900913      0.6         9   150      6.5      65.0     202.5
    SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
    Gi5/2         172.16.148.254  Tu2           10.191.32.12    2F 0000 0000     2
    Gi5/2         172.16.195.254  Tu4           10.191.32.14    2F 0000 0000     2
    Gi5/2         10.191.32.62    Vl10          10.191.32.12    2F 0000 0000     4
    Displaying hardware-switched flow entries in the PFC (Standby) Module 5:
    SrcIf            SrcIPaddress     DstIf            DstIPaddress    Pr SrcP DstP  Pkts
    Tu5              10.191.8.89      Vl10             10.190.102.240  2F 0000 0000  4780
    Tu5              10.191.8.89      Vl10             10.190.103.89   2F 0000 0000  6218
    Gi5/2            10.122.3.35      Tu4              172.16.33.97    06 008B 105F     1
    Tu5              10.191.8.89      Vl10             10.190.102.123  2F 0000 0000    73
    Tu5              10.124.24.45     Tu2              172.16.148.17   06 0E9F 008B     2
    Tu5              10.124.114.221   Gi5/2            10.129.1.89     06 4E21 04D8   450
    Gi5/2            10.70.72.8       Tu6              172.16.105.242  06 0050 0B3E     5
    show module
    Mod Ports Card Type                              Model             
      5    9  Supervisor Engine 32 8GE (Active)      WS-SUP32-GE-3B    
      6    9  Supervisor Engine 32 8GE (Hot)         WS-SUP32-GE-3B  
    Mod MAC addresses                       Hw    Fw           Sw           Status
      5  001f.6cfe.aba2 to 001f.6cfe.abad   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok
      6  001f.9e9a.ae4c to 001f.9e9a.ae57   4.6   12.2(18r)SX2 12.2(33)SXH3 Ok
    Mod  Sub-Module                  Model              Serial       Hw     Status
    5  Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
      5  Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A    4.0    Ok
      6  Policy Feature Card 3       WS-F6K-PFC3B               2.4    Ok
      6  Cat6k MSFC 2A daughterboard WS-F6K-MSFC2A     4.0    Ok
    I have gone through following documents but could not find any clue on why PFC entries are not exported.
    http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/netflow.html#wp1080827
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080721701.shtml
    Regards,
    Akhtar

    Hi,
    Just to further update this case with troubleshooting results.
    1. I am able to recieve all flows sent from NDE 6506 Switch on NF Collector-A.
    2. Only few flow are being received on NF CollectorB.
    3. When comparing packet captured on NF Collector-A and B, I see only small size UDP packets(~350bytes) on NF Collector B, whereas on NF A I see packets more than 800 bytes...
    This issue is surely pertaining to GRE+IPSEC. I have checked the forums and found issue of ""Self Generated Netflow packets not encrypted"" but my issue not seems to relevant b/c NDE 6506 which is exporting Netflow is not encrypting.......
    Any thoughts !!
    NDE 6506 Switch)----(CORE-6509)----(DC-WAN-1-6506)-----GRE+IPSEC------(DC-WAN-2-6506)------(CORE-6509)-----(DC-AGG)----(DC-ACC)---NF CollectorB
                                          |
                                          |
                                    NF Collector-A

  • ASR netflow with third party tool

    Hi ,
    we have one issues where netflow data is not getting into the solar winds tool.in wireshark captures it shows netflow traffic is reaching upto the server.
    found one  forums and they highlighted one bug as below but its not affecting the release we are having.unable to find the exact bug ID in cisco .let me know if you can get any inputs and highlight the same.
    below is the links and current details
    https://thwack.solarwinds.com/thread/32146
    current ASR version & related netflow config is attached.diesnt find any issue with the configuration .trying with another vendor tool as well and will check .
    asr1002x-universal.03.10.01.S.153-3.S1-ext.SPA.bin
    show  ip flow export cache flow  
    IP packet size distribution (1317M total packets):
       1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
       .000 .040 .023 .006 .004 .004 .030 .004 .002 .005 .004 .006 .002 .001 .000
        512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
       .000 .000 .047 .029 .781 .000 .000 .000 .000 .000 .000
    IP Flow Switching Cache, 0 bytes
      0 active, 0 inactive, 24710853 added
      417778 ager polls, 0 flow alloc failures
      Active flows timeout in 30 minutes
      Inactive flows timeout in 15 seconds
      last clearing of statistics never
    Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
    --------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
    TCP-Telnet           5      0.0        61    42      0.0      31.1      31.2
    TCP-FTP             52      0.0        20    85      0.0      14.3      30.9
    TCP-FTPD             8      0.0        71    51      0.0       3.6      31.1
    TCP-WWW         369465      0.0        15   694      1.3       7.2      30.9
    TCP-SMTP           417      0.0        84    98      0.0       5.8      30.9
    TCP-X                3      0.0         7   277      0.0       1.6      31.1
    TCP-BGP          10911      0.0         1    69      0.0       3.0      30.9
    TCP-other     19793896      4.6        28  1134    131.5       2.6      30.9
    UDP-DNS         320124      0.0         1    79      0.0       0.0      30.9
    UDP-NTP          65307      0.0         1    87      0.0       0.1      30.9
    UDP-TFTP           854      0.0         1    51      0.0       0.0      30.9
    UDP-Frag          1721      0.0         7    58      0.0       2.1      30.9
    UDP-other      3850147      0.8       192  1244    172.6       3.7      30.9
    ICMP            296732      0.0         3    62      0.2       4.2      30.9
    Total:        24709642      5.7        53  1193    305.8       2.8      30.9
    SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts

    HI Mike,
    If you have third party Document Management System, then you can post two different message, i.e. service order in transaction details of the third party tool with link to document which would be posted to third party Document management server.
    If you don't have third party document management system and what to use sap infrastructure, then you don't need to maintain attachment, maintain the link between the third party tool and SAP document repository, with some login utilities.
    Best Regards,
    Pratik Patel.
    Reward with points if it is of any help to you!

  • Flexible Netflow (v.9) question on 3850 ipservices doesn't seem to register

    Greetings all - I am trying to enable netflow on a new 3850-24 with ipservices.  I am leveraging LiveAction and have raised a ticket with them to help me through the issue, but more generally I'm confused about the lack of features I'm seeing. Per the 3850 guide here (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_3850_cg_chapter_010.html) it is stated that you will have the option of turning on inbound and outbound directions on 3850's with ipbase and ipservices.  
    We are running ip services:
     Slot#  License name   Type     Count   Period left 
     1      ipservices   permanent     N/A   Lifetime
    However, we get the following error when trying to turn on flow inbound and outbound on the interfaces - whether they are svi (layer3) or interface (layer2)
    -----------------Layer2: ----------------------------------------------
    (config)#interface GigabitEthernet1/0/24
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' 
    Unsupported match field "interface input" for ipv4 traffic in output direction
    Unsupported collect field "interface output" for ipv4 traffic in output direction
    ---------------- Layer3 ---------------------------------------------
    switch(config)#interface Vlan190
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    ------------------------------------ untruncated output ------------------------------
    switch(config-flow-record)#collect counter bytes
    % Incomplete command.
    switch(config-flow-record)#collect counter packets
    % Incomplete command.
    switch(config-flow-record)#collect flow sampler
                                                        ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect interface output
    switch(config-flow-record)#collect ipv4 destination mask
                                                    ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect ipv4 dscp
                                                    ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect ipv4 id
                                                    ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect ipv4 source mask
                                                    ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect ipv4 source prefix
                                                    ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect routing destination as
                                                   ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect routing next-hop address ipv4
                                                   ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect routing source as
                                                   ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect timestamp sys-uptime first
                                                             ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect timestamp sys-uptime last
                                                             ^
    % Invalid input detected at '^' marker.
    switch(config-flow-record)#collect transport tcp flags
    switch(config-flow-record)#exit
    switch(config)#flow monitor LIVEACTION-FLOWMONITOR
    switch(config-flow-monitor)#$ DO NOT MODIFY. USED BY LIVEACTION. 
    switch(config-flow-monitor)#exporter LIVEACTION-FLOWEXPORTER
    switch(config-flow-monitor)#cache timeout inactive 10
    switch(config-flow-monitor)#cache timeout active 60
    switch(config-flow-monitor)#record LIVEACTION-FLOWRECORD
    switch(config-flow-monitor)#exit
    switch(config)#interface Vlan197
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    switch(config-if)#exit
    switch(config)#interface Vlan190
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
    % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
    -------------------- config it's trying to apply----------------------------
    config t
    ip cef
    snmp-server ifindex persist
    flow exporter LIVEACTION-FLOWEXPORTER
    description DO NOT MODIFY. USED BY LIVEACTION.
    destination <removed private IP address to liveaction server>
    source Loopback0
    transport udp 2055
    template data timeout 600
    option interface-table
    exit
    flow record LIVEACTION-FLOWRECORD
    description DO NOT MODIFY. USED BY LIVEACTION.
    match flow direction
    match interface input
    match ipv4 destination address
    match ipv4 protocol
    match ipv4 source address
    match ipv4 tos
    match transport destination-port
    match transport source-port
    collect counter bytes
    collect counter packets
    collect flow sampler
    collect interface output
    collect ipv4 destination mask
    collect ipv4 dscp
    collect ipv4 id
    collect ipv4 source mask
    collect ipv4 source prefix
    collect routing destination as
    collect routing next-hop address ipv4
    collect routing source as
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last
    collect transport tcp flags
    exit
    flow monitor LIVEACTION-FLOWMONITOR
    description DO NOT MODIFY. USED BY LIVEACTION.
    exporter LIVEACTION-FLOWEXPORTER
    cache timeout inactive 10
    cache timeout active 60
    record LIVEACTION-FLOWRECORD
    exit
    interface Vlan197
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface Vlan190
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/13
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/18
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/4
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/3
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/6
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/5
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/23
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output
    exit
    interface GigabitEthernet1/0/24
    ip flow monitor LIVEACTION-FLOWMONITOR input
    ip flow monitor LIVEACTION-FLOWMONITOR output

    Welcome to the Arch forums.  That was an amazing first post.  It is refreshing to see a new forum member actually post with as much detail as possible in order to explain the situation.  Too often we get people saying things like "I can't get to the internet... why?" as the extent of their post.  So thanks.
    So I am curious about what the dhcpcd is trying to do.  It seems to be trying to soliciting for a ipv6 address, but mentions nothing about in ipv4 address.  It is not unfortunately not entirely uncommon for dhcpcd to time out waiting for an ipv6 address that never comes.  So are you using ipv6?  Do you expect an ipv6 address?  I noticed that when you tried to ping the google DNS server, you used their ipv4 address (8.8.8.8).  So I am thinking that means you are actually using ipv4.
    I wonder if you might be able to poll for just an ipv4 address with dhcpcd.  Just run it with -4 and it should disable the ipv6 stuff.  You might also want to try dhclient and see what kind of output it gives you.  If you are definitely not using ipv6, and it is not offered in your area, you might want to disable it.  There are instructions in the wiki on how to do this... but you might want to wait until you establish the issue before doing things like that.

  • Netflow is not showing on prime infra 1.2 and also reports are not generating

    Hi friends,
    I add my router to cisco prime for netflow and configured it by temelate as mentioned by cisco in deployment guide. I got netfloe till last friday but today i am getting anyflow on prime.
    second I am not able to generate raw netflow.
    how can i removed any device from data sources ifthis is nolonger present there. for better understanding i am also ataching the snapshot.

    Hi,
    Thanks
    Yes I have configured the command “aaa accounting exec default start-stop group tacacs+”
    As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
    Regards,
    Vineet

  • Is it possible to run both Netflow v5 and v9 at the same time

    Hi All,
    Just wondering if it is possible to run netflow version 9 and version 5 at the same time (to different destinations) on the same router please?
    Thanks very much
    Regards
    Amanda

    No Amanda,
    we cannot simultaneously configure both versions of NETFLOW on cisco ios. After configuring firstone when you try to configure other version it will override the previously configured version.
    "Please do rate helpful posts"

  • Netflow top talkers query

    Hi Folks,
              I was trying to use the top talkers feature to find the culprits hogging my bandwidth. I am pertty new top talker feature and its implemented on a 6500 with sup720. I have a couple of queries w.r.t this.
    * tried to configure the cort by bytes feature got a warning that its not supported on the hardware based model.So is there any way to use sort by bytes on the sup 720?
    * The O/P fileds of a show ip flow top-talkers are usually,
    SrcIf            SrcIPaddress     DstIf            DstIPaddress    Pr SrcP DstP  Pkts( had to use sort by packets due to warning)
    Now is this pkts field the number of packets calculated between the cache-timeout value or is it the total seen so far? Will it be the same for sort by bytes too? Total bytes seen for this flow rather than a realtime bytes/sec or bytes/cache time-out value.
    If this is the case then its actually not a real time top talker value right? Please help
    Thanks,
    Prakadeesh

    The --command -- sh ip cache flow shows the cache-timeout value only not the collective bytes of data ; if you need the Total bytes seen for this flow  you need to use the Crannog netflow Tracker kind of tools or you need to use " ip accounting " and clear the counter manually as and when required !!!
    And it  its actually a real time top talker value  for that specifed cache-timeout value and i found most of the time it shows the correct top-talker many times !!!!!!!!!!!!!!!!!!!

  • ASA 8.2(5) enable Netflow

    Hi,
    Running ASA 8.2.(5) with ASDM 6.4(5).
    When I try to enable netflow on my <default inspection traffic> policy which is global I get a message saying "only inspect rule actions can be specified for the default inspection traffic".  As Netflow can only be applied as a global service policy, I have to use netflow on a global policy, but how do I use my traffic inspection policy then?
    Create multiple service policies I apply to each interface or?
    According to https://supportforums.cisco.com/docs/DOC-6114 it looks as I can have both at the same time or in the same Global policy ?
    Regards
    Robert

    hmm I seem I can´t create a new class-map with ASDM? I have no option to do that.
    Looking at:
    https://supportforums.cisco.com/docs/DOC-6113
    It says:
    Most users will have a global inspection policy so we can just leverage  that. It should be noted that we can't use class-default here because we  won't generate NetFlow data for anything that is subject to inspection.
    Is that not what my original message basicly is saying from ASDM?
    Robert

  • 6506 Connectivity Problems

    I have a 6506 with a WS-X6148-GE-TX module and two servers running my Windows Active Directory. These two servers have 10/100 Ethernet Cards, and for some reason we are loosing connectivity to them. We have tried hardcoding the speed and duplex settings on both sides (Switch Port and Server Ethernet card) but same result.
    Any suggestions as to what the problem could be?
    I have checked the ports statitics and everything looks ok, neither I see any strange message at the console, all the sudden the servers loose IP connectivity

    Check out this link...it may be of help.
    http://www.cisco.com/warp/public/473/46.html
    Also, I agree with the other post....I would swap out the patch cables. Does this happen at random or is there any type of pattern? Do you servers have a second NIC? you could try and move over to the second NIC. Also try another port and see if it follows the server or if it is port related.
    Hope this helps,
    Mike

  • Does introducing WCCP redirect for WAAS disrupt Netflow information?

    Before installing WAAS and WCCP redirect on some 6500 interfaces in our data center, those interfaces showed Netflow flows for users at a remote location accessing servers at our data center. Now with WCCP redirecting that traffic to the WAEs, I notice the only netflow flows for that remote location are UDP flows and some ICMP stuff.
    Is this an unintended consequence of installing WAAS - that netflow statistics are going to be skewed by not showing flows that are now accelerated?

    I believe your problem may be due to the fact that you are redirecting http
    based traffic per the ACL configuration. The sup720 uses wccp v2 as a default
    version,however, the Sup720 does NOT support the hardware-based redirection for the TCP port 80 when we enable wccpv2.
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/wccp.
    htm#wp1017009
    Support for Non-HTTP Services:
    WCCPv2 allows redirection of traffic other than HTTP (TCP port 80 traffic), including a variety of UDP and TCP traffic. WCCPv1 supported the redirection of HTTP (TCP port 80)traffic only. WCCPv2 supports the redirection of packets intended for other ports, including those used for proxy-web cache handling, File Transfer Protocol (FTP) caching, FTP proxy handling, web caching for ports other than 80, and real audio, video, and telephony applications.

  • Mars with Netflow on Interface VRF (on Router)

    Mars is collecting Netflow information from Interface VRF on Router, my question is that whether Mars will see the traffic inside of the VRF or not, or it will see only netflow traffic on Global routing (core MPLS devices).
    This router is PE, and connected to CE (Customer's device).
    interface GigabitEthernet5/2
    ip vrf forwarding ktb
    ip address 10.0.1.210 255.255.255.252
    ip flow ingress
    ip flow-export version 5
    ip flow-export destination 10.1.50.103 2055

    Refer to the document Top Issues for the Cisco Security Monitoring, Analysis, and Response System for more information
    http://www.cisco.com/en/US/products/ps6241/prod_troubleshooting_guide09186a008062f36e.html

  • Netflow Collector 6.0 demo license

    Hi,
    It is said in the NetFlow Collector Installation and Configuration Guide that a limited-time demo license can be obtained from Cisco.com
    How can i get this demo license?
    Regards,
    Velin

    Hi,
    I think you can obtain that (and more) demo licenses here:
    https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y.
    Good luck!
    curtis

  • Netflow analysis tool

    Hi,
    what is the best available tool for netflow monitoring and specially for troubleshooting issues using flow analysis? I am looking for something that works well on small network of 200 devices. 
    Thanks

    Easy enough to request a quote from both companies but from what I've seen, PRTG will be less cost. Its Netflow capability is simple but then it also does lots of other things - querying and graphing anything your can get with SNMP.
    Scrutinizer is a purpose built tool for flow analysis. It costs a bit more but gives you a lot more functionality if flow analysis is what you need to do. It won't also serve as your general purpose network management tool however. PRTG can do that.
    Both tools have trial downloads to try before you buy.

  • How netflow works with ASA Firepower and Virtual Defense ?

    Hi,
     In the discovery rules of the Virtual Defense, i can see that's it's possible to configure netflow source. I have a pair of Cisco 4500X as the core switch L3, and would like to send a flow to the IPS.
     I configure the switch like that :
    flow record IPV4-FLOW-RECORD
     match ipv4 tos
     match ipv4 protocol
     match ipv4 source address
     match ipv4 destination address
     match transport source-port
     match transport destination-port
     collect interface input
     collect interface output
     collect counter bytes long
     collect counter packets long
    flow exporter Firepower
     source Vlan12
     destination IP_OF_tHE_ASA_IPS_MODULE
    flow monitor IPV4-FLOW
     exporter Firepower
     cache timeout inactive 30
     cache timeout active 60
     cache entries 1000
     record IPV4-FLOW-RECORD
    vlan configuration 100-102 ip flow monitor IPV4-FLOW input
    It's the correct configuration ? Can't see how to check in Virtual Defense if it's receive netflow packets

    SOLUTION!
    Install a second NIC bind vmnet0 to eth1 instead of eth0
    Details:
    Goal was to have the Host OS (Ubuntu 8.04) which is running an Apache web server also serve as an e-mail gateway (SpamTitan) since on a heavy day the web server might hit 5% CPU.
    Why but a whole new machine, right?
    When it did not work right away I went into troubleshooting mode and tried several different things as mentioned above. Which led me to the idea to create my own VM of SpamTitan and bind it to a different NIC.
    Before I went that far I tried reassigning vmnet0 from eth0 to my newly installed eth1 and running it. That seems to have done the trick!
    So now the setup is:
    eth0 192.168.2.4
    eth1 192.168.2.5
    vmnet0 192.168.2.6
    With vmnet0 bridged to eth1
    Why is it working now and not before?
    I am unsure. It is not a Linux thing because I tried both Windows XP and OS X 10.5 with the same result. I think it has more to do with primary network and associated services than Host OS.
    If anyone has any insight please let me know. Otherwise I am going to chase it down later.
    Thanks again for your responses!

Maybe you are looking for

  • Can you add Hyperlinks in Adobe LiveCycle Designer

    Hi, Does anyone know if you are able to add hyperlinks to the form which would allow me to jump to another separate pdf file? Thanks in advance, Trev C.

  • Add Server to Server Pool failed

    Hi, All! When you try to add a server to the pool, is an error ... Tell me what could be wrong? Hardware: Server: IBM x3550m3 - OVMSERVER1 ip 192.168.1.247, 10.20.2.1 Server: IBM x3550m3 - OVMSERVER2 ip 192.168.1.248, 10.20.2.2 Storage: IBM DS3524 -

  • JDeveloper, JPA named query String parameter with length of 1

    Hi, I use JDeveloper 11.1.1.2.0. and have the following table: CREATE SEQUENCE COUNTRY_SEQ; CREATE TABLE COUNTRY ( COUNTRY_ID NUMBER NOT NULL, COUNTRY_NAME VARCHAR2(40), COUNTRY_CODE CHAR(2) NOT NULL, CONSTRAINT COUNTRY_ID_PK PRIMARY KEY (COUNTRY_ID)

  • How to transfer balances from Gl to another GL ??

    Hi all, How can we transfer open items balances from GL to another GL ?? When that need arises to the company ?? Thank you.. Suresh

  • Workspace and Schema Guidance

    Hi - We're setting up Apex and want to plan out how to handle workspaces and schemas in advance. In previous settings, workspaces were set up by department with one schema. It started to get messy as more applications were built and development and p