Configuring Netflow on Cisco 3560X

Similar Messages

• Trouble with Windows7 and Gigabit link on Cisco 3560X switch

  Hello,
  In my company, we are using Cisco IP Phones 7945G (with 2 gigabit network ports) and Cisco 3560X-48P (1GB ports) switches for our users.
  Our client computers are running on Windows 7 SP1 (64bit - Enterprise edition) and are connected behind the IP Phone. We use a "Boradcom
  Xtreme Gigabit" onboard network card on the computers. All ports (on the switch site and IP Phone side) and on the network card of the computer are configured in "auto negotiation". Duplex and speed are set to "auto".
  We tried now to deploy a new engineering software and we are facing a very strange problem. This means that the engineer software fails to download some files from the server. We are using a flat network, all the servers and computers are on the same network segment with no firewall inbetween.
  The firewall and Anti-virus on the computers are configured to allow all incoming/outing connections.
  To troubleshoot, I tried to change all the network cables but I still get same result --> download fails.
  I connected the client computer directly to the Cisco 3560X switch, without the IP Phone and I get the same result.
  I installed a separate network card from INTEL (Intel PRO1000 PT) but I get the same result.
  As last test, I have connected to same client computer directly to a Cisco 2960-8TC switch (100Mbit; auto negotiate) and here is working fine. The software successfully downloads all the files from the server.
  If I connect the computer behind the Cisco 7945 IP Phone, set the speed and duplex of the PC-Port on the Cisco IP Phone 7945G to "100MBit/full duplex" is also working fine.
  Is there any know issue with Windows7 and Gigabit network connections?
  Do I need to set any Registry key on my Windows 7?
  The firmware version of my Cisco 3560X-48P switch is 12.2(53)SE2; do I need to update it?
  The firmware version of the IP Phone 7945G is 9.2.1.
  Thanks in advanced for your help.
  Marc Hoffmann

  Hello, Thanks for your answers. First of all, I have updated the firmware of my Cisco Catalyst 3560X-48P switch to the version 12.2(55)SE5. Unfortunately, this did not solve my problem. As second step, I ran an TDR test on my 3560X switch but I do not get any result. The "Pair status" always says "not completed". Even if I wait for 5 minutes, the status remains at "Not completed". Am I doing something wrong ? To do the TDR test, I use the commande "test cable-diagnostics tdr interface gigabitEthernet 0/XY". For your information, the port gigabitEthernet 0/XY is in a "Connected" status when I run the "show int status" command. Jeff, I think there is no issue on the server side, because if I connect my workstation on a 100MB switch (example Cisco Catalyst 2960-8TC-L) the application works absolutely fine. Also, if I run the application locally on the server, it works fine. As next step, I will connect the workstation directly on our backbone switch and try the same test. Is there perhaps any Registry key in our Windows7 which could cause this trouble? If you have any other ideas or options, please let me know. Thanks a lot, Marc Hoffmann

• Configuring Netflow-Lite on 2960-X

  I have a 2960-X switch that I want to configure Netflow Lite on, to send Netflow data to my Prime Infrastructure 2.1 appliance. I need some configuration examples for the flow record regarding the source and destination IP addresses? If I want netflow data on all traffic, what should those values be?
  Thanks.

  There is a nice demo script that was developed to show the use case for LiveAction (made by ActionPacked - a Cisco partner) specifically using the 2960-X. If can be downloaded from this link.
  In case that doesn't work, here are the relevant bits of their switch configuration. (The addresses and source interface would change based on your setup and PI listens for Netflow on udp/9991 vs. udp/2055.)
  flow record LIVEACTION-RECORD
  description DO NOT MODIFY. USED BY LIVEACTION.
  match datalink ethertype
  match datalink mac source address input
  match datalink mac destination address input
  match ipv4 tos
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  collect transport tcp flags
  collect interface input
  collect counter bytes long
  collect counter packets long
  collect counter bytes permanent
  collect counter packets permanent
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  flow exporter LIVEACTION-EXPORTER
  description DO NOT MODIFY. USED BY LIVEACTION.
  destination 10.10.18.111
  source FastEthernet0
  transport udp 2055
  flow monitor LIVEACTION-MONITOR
  description DO NOT MODIFY. USED BY LIVEACTION
  record LIVEACTION-RECORD
  exporter LIVEACTION-EXPORTER
  cache timeout active 60
  sampler LIVEACTION-FLOWSAMPLER
  description DO NOT MODIFY. USED BY LIVEACTION.
  mode random 1 out-of 500

• Do i have to configure ssl on cisco unified provisioning manager for it to work. I am running BE6000 9.X

  Do i have to configure ssl on cisco unified provisioning manager for it to work

  Here is the code
  #include <userint.h>
  #include "iface.h"
  #define DAQmxErrChk(functionCall) if( DAQmxFailed(error=(functionCall)) ) goto Error; else    
  int write_onoff(uInt8 HL, const char linename[])
    int         error=0;              // error code (initialized to zero i.e. no error)
    TaskHandle  taskHandle=0;            // task ID for DAQmx
    char        errBuff[2048]={'\0'}; // error message
    // DAQmx Configure Code
    SetWaitCursor(1);
    DAQmxErrChk(DAQmxCreateTask("", &taskHandle));
    DAQmxErrChk(DAQmxCreateDOChan(taskHandle, linename, "", DAQmx_Val_ChanPerLine ));
    // DAQmx Start Code
    DAQmxErrChk(DAQmxStartTask(taskHandle));
    // DAQmx Write Code
    DAQmxErrChk(DAQmxWriteDigitalU8(taskHandle, 1, 1, 10.0, DAQmx_Val_GroupByChannel, &HL, NULL, NULL));
    Error:
      SetWaitCursor(0);
      if (DAQmxFailed(error)) DAQmxGetExtendedErrorInfo(errBuff, 2048);
      if (taskHandle!=0)
        // DAQmx Stop Code
        DAQmxStopTask(taskHandle);
        DAQmxClearTask(taskHandle);
      if (DAQmxFailed(error)) MessagePopup("DAQmx Error", errBuff);  
    return error;  
  } // end write_digital_line
  int CVICALLBACK test (int panel, int control, int event, void *callbackData, int eventData1, int eventData2)
    uInt8 onoff=0;
    if (event==EVENT_COMMIT)
      GetCtrlVal(panel, control, &onoff);
      write_onoff(onoff, "Dev1/port0/line0");
    return 0;  // return 0 to tell the system the message has been handled    

• What's "SAVE" configuration command for Cisco switch/ router?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
  but so long, any other command that easy to remenber?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
  any other command that easy to remenber?
  yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

• How can i configure hsrp in cisco 3850 switch please guide me

  how can i configure hsrp in cisco 3850 switch please guide me

  Hi Mauleshg,
  Please the below mention link to configure Hsrp hope this will help you.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
  Br.
  Mohseen Patel

• Send configuration file to Cisco router

  Where can I find a C programm that send configuration file to Cisco router from linux workstation?

  I wonder what kind of config changes you are making and whether that may have an impact on SSH. For example if you change the host name or change the domain name then the keys need to be regenerated.
  HTH
  Rick

• Configuring SNMP on Cisco Small Business 300 Series Managed Switch

  Please can anyone help me to configure SNMP on Cisco Small Business 300 Series Managed Switch?
  Thanks

  Hi Anton,
  Please remember to enable SNMP service first: Security > TCP/UDP Services.
  http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=3b13278d9ef9402a8fef57df6d972078_Enable_SNMP_Service_on_300_Series_Managed_Switches.xml&pid=2&respid=0&snid=2&dispid=0&cpage=search
  also you may find useful documents for community configuration etc on our kb server:
  http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=183cae2148d445b2a07473ee18c93ffa_SNMP_Communities_Configuration_on_a_300_Series_Managed_Switc.xml&pid=2&respid=0&snid=2&dispid=0&cpage=search
  Let us know if you have any problems.
  Aleksandra

• LAG configuration issue on Cisco SG300 52 Switch

  Hi everybody,
  I am having an issue with LAG configuration on a Cisco SG300 52 switch. I have connected four Ge ports on the switch to the four NICs of a Dell R710 Server on which I installed Windows Server 2008 R2. Without LAG configured, these ports would forward traffic to and from the Dell server fine. However, if I configure LAG on the ports with LACP enabled, then they would not forward any network traffic. Debugging shows that the ports are up but their forwarding status show N/A. Am I missing any configuration? Can I configure LAG on edgeports? Or is there any compatibility issue?
  Any help  from you guys will be greatly appreciated.
  Thank you.
  Vishal

  Hi Dave,
  Thank you for your quick response and sorry to have looked at it late. Well, I already resolved the issue and like you pointed out, it was the configuration of the Dell NICs. I had to configure NIC teaming and there was a bug with the Broadcom NIC management software. I had to download this piece of software again and I was then able to configure NIC teaming on it. I initially thought that it was already configured because we got the Dell server "pre-installed with pretty much everything".
  Anyway thank you for your assistance. Oh I have a question though if you don't mind clearing my doubt. We have bought 7 of these SG300 Switches and I would like to use all of them
  in a hierarchical design as core, distribution and access layer switches because I believe this switch has got all the qualities to be used at all the three layers. We have about 100 users in our company at the moment but expecting growth of about 10-20 employees per year. Would you think a hierarchical network design for a 100 users is a bit of an overkill? Would you think these SG300 switches can handle network traffic at the distribution and core layers? I worked out the average daily traffic is only about 4 Mbps.
  Thank you for your valuable guidance.
  Kind regards,
  Vishal
  Date: Mon, 12 Sep 2011 08:09:40 -0600
  From: [email protected]
  To: [email protected]
  Subject: - Re: LAG configuration issue on Cisco SG300 52 Switch
  Cisco Support Community
  Re: LAG configuration issue on Cisco SG300 52 Switch created by David Hornstein in Small Business Switches - View the full discussion
  Hi Chundunsing,
  Thank you for the purchase of my switch.
  Chundunsing, I love the way you worded your question ; "I am having an issue with LAG configuration on a Cisco SG300 52 switch." ,but seriously you are having a problem with interfacing the dell with my switch.
  You have LAG working to the Dell R710 teamed NICs and god knows what NICs or drivers you are using to acheive this.
  Now LAG is providing , load balancing between the LAG ports.
  Now LAG is providing , link redundancy for connectibity to the Dell R710.
  If there is a configuration issue , it sure seems the way you have it configured without LACP is still working. But you have the option when you create a LAP group to enable LACP. You can see this as a tick box in the LAG group.
  But might i also install, recently firmware version 1.1.1.8, just came out.
  Please be sure to;
  Step 1. update the firmware on the switch and
  Step 2. select it as the 'active image.'
  Step 3 rebbot the switch to utilize this active image.
  If you are having any trouble doing this the admin guide references how to achieve this. for your concenience I have atteched the guide to this posting.
  regards Dave
  Reply to this message by going to Cisco Support Community
  Start a new discussion in Small Business Switches at Cisco Support Community

• Cisco Prime Infrastructure release 2.1 configuration archiving on CISCO WiSM2

  Hi all,
  Just wondering Cisco Prime Infrastructure  release 2-1 support configuration archiving on CISCO WiSM2?
  CISCO  release 2.0 mentioned that it doesn't support configuration archiving for WiSM2 but release 2.1 doesn't mention anything on it.
  Please assist.

  No, it is not supported even for PI 2.1

• Netflow on cisco me 6523

  hello
  im trying to get netflow working on a me 6523 to a destination address using udp port 4739 but im not getting anything through wire shark while connected
  to a span port on the router or the connecting switch.
  Im using the management interface which is using port-channel1

  Hi Sean,
  Can you try configuring your Cisco switch as below and check.
  mls netflow     // This enables NetFlow on the Supervisor.
  mls nde sender version 7
  mls aging long 64  // This breaks up long-lived flows into (roughly) one-minute segments.
  mls aging normal 32  // This ensures that flows that have finished are exported in a timely manner.
  mls flow ip interface-full
  mls nde interface
  The next two commands will help to enable NetFlow data export for  bridged traffic which is optional. You can specify the list of VLANs  here to enable bridged traffic.
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
  ip flow egress       // This command has to be executed on all the L3/VLAN interfaces.
  ip flow-export destination {hostname|ip_address} 9996  // The hostname or IP address of the flow server
  ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
  ip flow-export version 9
  ip flow-cache timeout active 1
  snmp-server ifindex persist
  Regards,
  Don Thomas Jacob
  ManageEngine NetFlow Analyzer

• Configuring NetFlow and Dynamic Vulnerability Scanning

  Hi All,
  Configuring of NetFlow and Vulnerability Scanning are done.Where and how to check the netflow and Vulnerabilty scanning?
  Thanks.

  After enabling network scanning, you can view individual scan reports from Device Management > Clean Access > Network Scanner > Reports. The report shown here is the full administrator report (Figure 13-13). The report shown to end users contains only the vulnerability results for the enabled plugins. (Users can access their version of the scan report by clicking the Scan Report link in their Logout page.)
  for more information follow up on this link:
  http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/418/cam/m_netsca.html#wp1050604

• How to configure VPN with Cisco ASA 5505 behind Actiontec MI424WR

  I'm trying to test my Cisco VPN client from my workplace to my home where I have a Cisco ASA 5505 (VPN server) behind the Actiontec MI424WR.  I'm able to Ping the Actiontec external IP.  I also have Port Forwarding for IKE and IPSec configured on the Actiontec, but I cannot establish the VPN connection.
  What do I need to configure on the Actiontec to make this work?
  Also, when I test this at home, the MI424WR acts as the DHCP server for my laptop and the Cisco outside interface.  At home, I'm able to establish the VPN connection from my laptop to the ASA, allowing me to see a shared drive behind the ASA.  However, at home, I cannot go to the Internet while using the VPN client.
  Thanks for any help.
  Steve
  Solved!
  Go to Solution.

  http://www.dslreports.com/faq/verizonfios/3.0_Networking
  those are the best sample config's and resources on how to set the FiOS network
  Bridging is possible but difficult.  That link will give you great info on it.
  Are you a FiOS customer that has phone/internet/tv
  or no tv?   or no phone?    You have to be careful on your configuration or you might lose some TV features and functionality, like the Interactive Program Guide, or the VOD or the Widgets.
  Sorry the Portforwarding wasn't enough to resolve your issue, I am not sure that it's a Actiontec config you are looking for, from my understanding of Cisco's and FiOS it may be something behind the cisco that is causing an issue.  You may want to reach out to the Cisco admin that manages that, and find out if there are additional ports that are required and then you can come back and configure those ports too.

• Cookie stickiness configuration issue with Cisco ACE

                     Hi,
  We have configured a ACE (in standby mode) with ip netmask stickiness and wanted to configure cookie stickiness for a remedy server placed behind the ace. BMC has said that they use JSESSIONID field on the remedy application and i want to know the procedure for configuring ace to see this field and deploy cookie stickiness feature on the ace.
  We tried configuring the ace to learn the cookie string dynamically and tried to insert the cookie in the server response to the client but both methods have failed and the user is not able to see the remedy app webpage in both occassions.
  Are there any pre-requisites to be configured on the ace before configuring cookie stickiness feature?   We would appreciate your timely response.
  Thanks in advance.

  Hi,
  Refer the document below for sample configuration. If this still doesn't work a full config and sniffer capture required to verify this.
  http://docwiki.cisco.com/wiki/Session_Persistence_Using_Cookie_Learning_on_the_Cisco_Application_Control_Engine_Configuration_Example
  Regards,
  Siva

• Ask the Expert: Installing, Configuring, and Troubleshooting Cisco Unified MeetingPlace

  With Dejan Petrovic
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about different MeetingPlace deployment types, what they include and require, and what they are capable of with Cisco expert Dejan Petrovic.  Cisco Unified MeetingPlace is a conferencing solution providing audio and video conferencing, and data sharing experience. It can be fully on premise solution or a hybrid solution integrated with WebEx for data sharing capability. Dejan  will be answering any questions about installation, upgrade, migration and troubleshooting processes.
  Dejan Petrovic is a Cisco customer support engineer and team lead in the Conferencing Technical Assistance Center team based in Boxborough. He has been providing support to customers and partners for Cisco Unified MeetingPlace solutions since 2009. He has more than eight years of experience working in the IT industry as system administrator, business manager, and networking consultant. Petrovic holds a bachelor’s degree in computer network and information systems as well as several Cisco certifications, including CCNA, Cisco IPCC Express Specialist,  and MeetingPlace Support Specialist.
  Remember to use the rating system to let Dejan know if you have received an adequate response. 
  Dejan might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video sub-community discussion forum shortly after the event.  This event lasts through February 8, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

  Hello Nick,
  I appreciate your questions, and will try to answer them below.
  When you are installing a fresh new MeetingPlace 8.5 that you plan to integrate with WebEx, the only available option is WebEx Managed user profiles. With this option, you can either create profiles manually on WebEx side, and then sync them to MeetingPlace, or you can use Federated SSO for import of profiles from LDAP server in your network to WebEx, and then sync the profiles from WebEx to MeetingPlace (you choose one of these two options when provisioning WebEx site).
  These are the only two available options for a NEW install of MP8.5 for WebEx integration, and as you can see both options are WebEx Managed profiles, the only difference is if you are going to use Federated SSO, or create profiles on WebEx manually.
  During the install, you can select to install MeetingPlace managed users option, but you would choose this option only if you plan to do a migration from an earlier MP release (7.x/8.0) with WebEx integration and Directory Integration.
  For example, MeetingPlace managed profiles option is available if you had MeetingPlace 8.0 integrated with WebEx Type II (WebEx scheduling) with Directory Integration, where you had your MP8.0 integrated with CUCM via AXL for user profile management (CUCM integrated with LDAP), and your WebEx Site provisioned for Directory Integration, and then migrate from that system to MeetingPlace 8.5 that you installed selecting MeetingPlace managed user profiles.
  The same goes for MeetingPlace Scheduling (Type I) integration with WebEx. Possible only with migration, and not with a fresh new installation.
  Now, to focus on your questions.
  1. As you can see, you don't have many options. If you have MS Active Directory that you would like to use for SSO in MP8.5 WebEx Scheduling, you will have to go with Federated SSO. So far, I haven't heard of any issues with that as it seems to be pretty straight forward to configure, and also WebEx Support team provides direct support for that setup as it is a direct integration between WebEx Site and the LDAP server (nothing to do with MeetingPlace side of the equation).
  2. In general, if you have Federated SSO enabled, you would go to WebEx site home page, click on Host Log In button which will then ask you to enter your network/windows credentials and place you to WebEx scheduling interface.
  If you have Directory Integration (like on MP8.0 WebEx Type II with CUCM/AXL integration), when you go to WebEx site home page and click Host Log In button, you are being redirected to the MeetingPlace log-in page where you would enter your Windows credentials (assuming your CUCM is integrated with LDAP), and then if log in is successful, you get redirected back to WebEx scheduling interface. With this type of deployment, you can log in to WebEx scheduling interface ONLY if you are connecting from your company network or have a VPN connection to your company network. This is a major limitation that most customers complained about, but the reason for this was that we didn't want to make MP Application server hostname/IP publicly available and hence cause a security issue.
  I am sure I answered your questions, but opened some new questions. So, please, let me know if I need to clarify anything.
  Thank you.
  -Dejan