Netflow 3750x config
Hello Dears
Your assistance so appreciated !
I have configured Netflow on my switch c3750x ios (15.0(2)) , as the following configuration :
flow record Netflow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
flow exporter Netflow-to-Solar
destination 192.168.1.1
source tengigethernet 1/1/1
transport udp 2055
flow monitor Netflow-Capture
record Netflow
exporter Netflow-to-Solar
cache timeout inactive 10
cache timeout active 5
interface TenGigabitEthernet1/1/1
ip flow monitor Netflow-Capture input
ip flow monitor Netflow-Capture output
but from my solarwind netflow analyzer , said that ( Data is not available ) . just please help to solve what the issue ?
Can you do the following command and provide the output please:
show flow exporter Netflow-to-Solar
Thanks,
Manny
Similar Messages
-
Hi
Can someone help me to determine does my Net Flow config is correct or not? What should I do on Profiler web konsole to now that the NetFlow is working.
This is config on router:
router (config)#ip flow-export version 5
router (config)#ip flow-export destination 10.0.86.9 2055
router (config)#interface ATM0/1/0
router (config-if)#ip flow ingress
router (config-if)#ip route-cache flow
This is what I get on eth0 (trusted) on CAS (Collector is on CAS servers)
13:32:47.215752 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
13:33:01.214074 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 120
13:33:14.212558 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 216
13:33:26.211179 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 264
13:33:39.209589 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 72
13:33:51.208193 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 264
13:34:12.205745 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 408
13:34:31.203515 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
13:34:45.201813 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 168
13:34:58.200285 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 168
13:35:16.198210 IP 192.168.12.158.50229 > mtel-nacserver-1.iop: UDP, length 312
NetFlow Module Config
Network Config
THANKSHi all
Which IP address should I configure as NetFlow destination.
In documentation has some confusing sentence.
The Cisco NAC Profiler Collector uses the 4th NIC of the CAS to collect data from a SPAN port, SNMP, or NetFlow. The Cisco NAC Profiler Collector aggregrates the relevant data, consolidates it, and then forwards it on to the Cisco NAC Profiler Server.
AND
By default, enabling the NetFlow Agent on a NetRelay module initiates listening for XDRs sent to the Collector management interface (eth0) by routers and other NetFlow collectors on port 2055.
Is that 4th NIC (eth3) like for SPAN or eth0?
Has anyone any comment -
PBR Multiple Tracking Support information for Cat2960
Hello
I have been investigating for PBR multiple tracking support devices specially Catalyst 2960.
The following is very similar to this information. However it can not be applicable to Cat2960.
[PBR Support for Multiple Tracking Options]
http://www.cisco.com/en/US/docs/ios/iproute_pi/configuration/guide/iri_prb_mult_track_external_docbase_0900e4b1810fe379_4container_external_docbase_0900e4b181525fed.html#wp1056119
But feature navigator can show the following information of this feature.
[Feature Navigator for Cat2960]
PBR Support for Multiple Tracking Options
IOS:12.2(55)SE1
Feature-Set:LAB-Base
You can find it by using the research feature and filter by PBR.
So which is correct ?
Basically Cat2960 can not support PBR or there is any related information based on the feature navigator's info.
Any information would be very helpful.
Thank you very much and Best Regards,
Masanobu HiyoshiHello Julio
Thank you for your precious information!
In my understanding it is conclution that the Catalyst 2960 & 2960S series
basically do not support for PBR. So PBR multiple tracking also do not support right?
Here is the output of Cat2960 and 3750X
2960#sh sdm prefer
The current template is "lanbase-routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
0 routed interfaces and 255 VLANs.
number of unicast mac addresses: 4K
number of IPv4 IGMP groups + multicast routes: 0.25K
number of IPv4 unicast routes: 4.25K
number of directly-connected IPv4 hosts: 4K
number of indirect IPv4 routes: 0.25K
number of IPv6 multicast groups: 0.375k
number of directly-connected IPv6 addresses: 0.75K
number of indirect IPv6 unicast routes: 0.5K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.125k
number of IPv4/MAC security aces: 0.375k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0.375k
number of IPv6 security aces: 127
[3750X]
As you know by default Cat3750X normally requires SDM template as routing for
functioning PBR. Otherwise the number of IPv4 policy based routing aces
does not increase.
3750X(config-if)#ip policy route-map PBR
Mar 30 01:34:21.869: %PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing
3750X#sh sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 10.875k
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 7.875k
number of IPv6 multicast groups: 64
number of directly-connected IPv6 addresses: 0
number of indirect IPv6 unicast routes: 32
number of IPv4 policy based routing aces: 0.5K
number of IPv4/MAC qos aces: 0.375k
number of IPv4/MAC security aces: 0.875k
number of IPv6 policy based routing aces: 0
number of IPv6 qos aces: 0
number of IPv6 security aces: 58
So what could you think about the feature navigator's information related to this?
Is it possible to modify it? or request to cisco for this?
Best Regards,
Masanobu Hiyoshi -
3750X, IP Base and Netflow
Learned collegues.
Question for those with more ability to read Cisco's convoluted specification sheets than I do!
I have a 3750X running IP Base. I want to enable netflow on the uplink interface - which is on one of the fixed ports (g1/0/48) in router (no switchport) mode.
From what I've read, Googled and tried to find, this isn't supported on the fixed ports - if I was running my uplink on one of the ports in the NM-1G expandion module it would work?
Can anyone confirm or deny this? If it *should* work ont he fixed ports, can anyone point me to a config example?
Thanks and CheersDarren Gibbs wrote:Learned collegues.Question for those with more ability to read Cisco's convoluted specification sheets than I do!I have a 3750X running IP Base. I want to enable netflow on the uplink interface - which is on one of the fixed ports (g1/0/48) in router (no switchport) mode.From what I've read, Googled and tried to find, this isn't supported on the fixed ports - if I was running my uplink on one of the ports in the NM-1G expandion module it would work?Can anyone confirm or deny this? If it *should* work ont he fixed ports, can anyone point me to a config example?Thanks and Cheers
Reza.
Yeah, I thought that was the case - funny thing is the switch allows you to create the flow definitions - record, exporter, monitor etc - but as soon as you try to apply it to an interface it politely says "get stuffed".
Unfortunately, it appears only to work with the 10 gig network modules - the 1 gig one I've got just doesn't cut the mustard.
Oh well. Back to the drawing board. :-)
Cheers. -
NetFlow/NetQOS on a 3750x switch
Hello, I have 3750x running c3750e-universalk9-mz.122-55.SE5 layer 3 capable. Im trying to enable net flow on the switch but for some reason the flow commands dont appear to be available in config t mode. Are there some other global commands that have to be enabled first in order for the netflow commands to be available or is it the image that doesnt support netflow?
AndyThanks Rajeevsh,
I ran the command I got the output below, i do see ipbase in there but dont know if that means its active..
Maybe it needs to have IP services as you pointed out..
Thanks for looking at this..
andy
inmu-tcs-inet1-sw#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: lanbase Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Priority: Medium
License Count: Non-Counted
StoreIndex: 1 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted
I also ran it on another 3750x where netflow commands seem to work and the output is different..see below:
dmz-srvdist1a-sw#sh license all
License Store: Primary License Storage
StoreIndex: 0 Feature: ipbase Version: 1.0
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
License Store: Evaluation License Storage
StoreIndex: 0 Feature: ipservices Version: 1.0
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
Evaluation total period: 8 weeks 4 days
Evaluation period left: 8 weeks 4 days
License Priority: None
License Count: Non-Counted -
Cisco 3750X Switch, Observing change in Running & Startup Config
Hi,
I have a cisco catalyst 3750X switch running with c3750e-universalk9-mz.152-1.E1.bin, where I'm able to see the running configuration & Startup configuration on the device is not in Sync even after saving configuration to the NVRAM.
Startup Configuration is the one which is required for my network to work properly, but as I'm able to see running configuration is adding some of the configuration which is not actually required in the template. Can anyone help me to get this issue addressed.
Configuration attached.Can you try this command:
Switch#copy startup-config running-config
And then check if you are still face the same issue?
HTH
Regards
Inayath -
Hello,
I'm setting up Netflow and wanted to make sure I wasn't missing anything or If it could be setup in a better manner?
Router is 2801
Switch is C3560
IP flow export is version 9.
On the router I have one fastethernet port going to the high speed WAN connection, one serial port going to a backup T1 and the other fastethernet port is subdivided into two for the LAN (router on a stick) as we have two vlans for this site.
"ip flow-export destination 10.X.X.X 1055" I use SolarWinds to collect.
Then on the serial interface and the WAN interface I have "ip route-cache flow"
This feature is not turned on yet for the two LAN ports. I wanted to make sure there wasn't anything on the switch that I needed to setup? I couldn't find any commands on the switch related to netflow. When I add the "ip route-cache flow" on the LAN interfaces will my setup then be sound? As, I do want to capture traffic on both the WAN and LAN.
How taxing is it for a router to capture netflow data?
Thanks for any input.
DerekHi Derek,
"ip route-cache flow" enables accounting for packet received by the interface (ingress)
For Netflow, you need to configure sampling.
ip flow-export destination 10.X.X.X 1055"
flow-sampler-map derek-2801-router
mode random one-out-of 100
then apply the sampler to the WAN interfaces:
interface fax/x
flow-sampler derek-2801-router
now
check with "sh flow-sampler"
one netflow sampler should not be taxing the router much, but check the CPU utilization by using: sh process cpu
HTH -
Prime Infrastructure Netflow Config
Hi guys,
I am trying to configure Netflow monitoring on Prime Infrastructure. Do you guys know if I can change the port 9991 which Prime listens to another port number?
If possible, how to do that?
I have the 2.0 express.
thanks.I hear you. Add your voice to the choir. :)
SNMP Traps are just one source of Alarms. You can and should deploy a device health monitoring template (or customize one) for PI to actively query device (or interface etc.) health. -
Is netflow supported on the ASA? I have been look on teh net with no luck can soemone point the way or tell me if this not possible?
TIA!!Rick - thanks for your response. It would be nice to see NBAR or Netflow type stats on the ASA, when the ASA is performing VPN functions.
Would syslog or something else give me those type of stats?
Thanks,
Steve -
NCM related config on the 3750x??
Hi,
I know this has come end of sale now. but there is an existing setup where some switches need to be added so the NCM can monitor them.
I have never worked on the NCM before so wasn't sure what needs to be done on the switches and/or on the NCM server to make that happen.
Is there a doc which explains that all?? I tried but couldnt find it.
thanks in advance!
regards,
mohitThe end user guide is on the NCM product support page and shows the steps for adding devices.
However you may need to have your NCM system updated to the IDU from March 2013. It looks like the 3750X support was added with that one per the compatibility table. -
ISE CWA with COA not work on 3750X.
Hello.
I use ISE version 1.2.0.899 this patch number 4. I configure Central Web Auth for wired client. In first time client open web brouser, and ISE redirect him to guest portal. User input correct credentionals, and after that switch ignor CoA packet. In ISE logs "5417 Dynamic Authorization failed". If I use domain computer, authentification succecful whis use dot1x. All on Port g1/0/1. I use 3750X this version IOS 15.0(2)SE2, 15.0(2)SE4, 15.0(2)SE5, 15.2(1). On all of this version ios I have this mistake.
Config:
3750X-ISE# sh running-configBuilding configuration...Current configuration : 9575 bytes!! No configuration change since last restart! NVRAM config last updated at 01:29:01 GMT Wed Mar 30 2011!version 15.0no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname 3750X-ISE!boot-start-markerboot-end-marker!!!username admin privilege 15 secret 5 ----username radius-test secret 5 -----aaa new-model!!aaa group server radius end!aaa group server radius ise server name ise3 server name ise4!aaa authentication login default localaaa authentication login CON noneaaa authentication enable default noneaaa authentication dot1x default group radiusaaa authorization network default group radiusaaa authorization network ise group radiusaaa accounting dot1x default start-stop group radius!!!!!aaa server radius dynamic-author client 192.168.102.53 server-key P@ssw0rd client 192.168.102.54 server-key P@ssw0rd client 192.168.102.51 server-key P@ssw0rd client 192.168.102.52 server-key P@ssw0rd server-key P@ssw0rd!aaa session-id commonclock timezone GMT 0 0switch 1 provision ws-c3750x-24psystem mtu routing 1500ip routing!!ip dhcp snooping vlan 701-710ip dhcp snoopingip domain-name com.ruip device trackingvtp mode transparent!!device-sensor filter-list dhcp list DHCP-LIST option name host-name option name default-tcp-ttl option name requested-address option name parameter-request-list option name class-identifier option name client-identifier option name client-fqdn!device-sensor filter-list cdp list CDP-LIST tlv name device-name tlv name address-type tlv name version-type tlv name platform-type tlv name power-type tlv name external-port-id-typedevice-sensor filter-spec dhcp include list DHCP-LISTdevice-sensor filter-spec cdp include list CDP-LISTdevice-sensor accountingdevice-sensor notify all-changes!license boot level ipservices!!!dot1x system-auth-control!spanning-tree mode rapid-pvstspanning-tree extend system-id!!!!!!!!!vlan internal allocation policy ascending!!vlan 102!vlan 701 name ISE-network1!!lldp run!!!!!!!!!!no macro auto monitor!interface FastEthernet0 no ip address no ip route-cache shutdown!interface GigabitEthernet1/0/1 switchport access vlan 701 switchport mode access switchport nonegotiate authentication event fail action next-method authentication open authentication order dot1x mab authentication priority dot1x mab authentication port-control auto mab snmp trap mac-notification change added snmp trap mac-notification change removed dot1x pae authenticator spanning-tree portfast!interface Vlan102 ip address 192.168.102.60 255.255.255.0!interface Vlan701 ip address 192.168.107.1 255.255.255.240 ip helper-address 192.168.102.50 ip helper-address 192.168.102.53!ip http serverip http secure-server!ip route 0.0.0.0 0.0.0.0 192.168.102.1!ip access-list extended ACL-WEBAUTH-REDIRECT deny udp any any eq domain deny tcp any host 192.168.102.51 deny tcp any host 192.168.102.52 deny tcp any host 192.168.102.53 deny tcp any host 192.168.102.54 permit tcp any any eq www permit tcp any any eq 443!!!snmp-server community test ROsnmp-server community test2 RWsnmp-server trap-source Vlan102snmp-server source-interface informs Vlan102snmp-server enable traps snmp linkdown linkupsnmp-server enable traps mac-notification change movesnmp-server host 192.168.102.53 version 2c test2!radius-server attribute 6 on-for-login-authradius-server attribute 8 include-in-access-reqradius-server attribute 25 access-request includeradius-server dead-criteria time 5 tries 3radius-server host 192.168.102.53 auth-port 1812 acct-port 1813radius-server host 192.168.102.54 auth-port 1812 acct-port 1813radius-server host 192.168.102.54 key P@ssw0rdradius-server host 192.168.102.53 pac key P@ssw0rdradius-server key P@ssw0rd!!!line con 0 login authentication CONline vty 0 4 exec-timeout 60 0line vty 5 15 exec-timeout 60 0!ntp master 5ntp server 198.123.30.132 prefermac address-table notification changemac address-table notification mac-moveend
Please, help me.Use these Cisco IOS commands to monitor and troubleshoot CoA functionality on the switch:
•debug radius
•debug aaa coa
•debug aaa pod
•debug aaa subsys
•debug cmdhd [detail | error | events]
•show aaa attributes protocol radius -
CoA issues between ISE and 3750x
We are having an issue using the cisco ise 1.1.2 and a 3750x (Version 12.2(58)SE2)
When the radius sends a reauthentication CoA message to the switch, the switch responds with a 'session contect not found' reply. I have upgraded the code to the latest levels on both the ise and switch and still have the same resultts.
This reauthenticate is needed after the NAC profiler determines the pc is complient. I am receiving the complient message from the pc and switch, but becuase the switch never reauthentices the client after the CoA request, the client is never granted full access.
I am not sure if the radius server is sending the wrong session id, or if the switch is looking at it wrong.
Please Help...!!!!!
-Debug --
Log Buffer (10000 bytes):
Feb 28 19:34:21.940 UTC: RADIUS: COA received from id 38 10.122.1.82:40171, CoA Request, len 140
Feb 28 19:34:21.940 UTC: COA: 10.122.1.82 request queued
Feb 28 19:34:21.940 UTC: RADIUS: authenticator 62 6B 15 C9 C7 A5 CA 88 - 4F B2 EE 4C A0 3D 9F 50
Feb 28 19:34:21.948 UTC: RADIUS: NAS-IP-Address [4] 6 10.122.1.66
Feb 28 19:34:21.948 UTC: RADIUS: Event-Timestamp [55] 6 1362080061
Feb 28 19:34:21.948 UTC: RADIUS: Message-Authenticato[80] 18
Feb 28 19:34:21.948 UTC: RADIUS: BC B3 BA 2A 11 BD 63 0B 22 7E 82 AA C2 A5 F7 C4 [ *c"~]
Feb 28 19:34:21.948 UTC: RADIUS: Vendor, Cisco [26] 41
Feb 28 19:34:21.948 UTC: RADIUS: Cisco AVpair [1] 35 "subscriber:command=reauthenticate"
Feb 28 19:34:21.948 UTC: RADIUS: Vendor, Cisco [26] 49
Feb 28 19:34:21.948 UTC: RADIUS: Cisco AVpair [1] 43 "audit-session-id=0A7A014200000272048AF0F1"
Feb 28 19:34:21.948 UTC: COA: Message Authenticator decode passed
Feb 28 19:34:21.948 UTC: ++++++ CoA Attribute List ++++++
Feb 28 19:34:21.948 UTC: 07353140 0 00000001 nas-ip-address(585) 4 10.122.1.66
Feb 28 19:34:21.948 UTC: 0735375C 0 00000001 Event-Timestamp(430) 4 1362080061(512FB13D)
Feb 28 19:34:21.948 UTC: 0735376C 0 00000009 audit-session-id(794) 24 0A7A014200000272048AF0F1
Feb 28 19:34:21.948 UTC: 0735377C 0 00000009 ssg-command-code(475) 1 32
Feb 28 19:34:21.948 UTC:
Feb 28 19:34:21.957 UTC: AUTH-EVENT: auth_mgr_ch_search_record - Search record in IDC db failed
Feb 28 19:34:21.957 UTC: RADIUS/ENCODE(00000000):Orig. component type = Invalid
Feb 28 19:34:21.957 UTC: RADIUS(00000000): sending
Feb 28 19:34:21.957 UTC: RADIUS(00000000): Send CoA Nack Response to 10.122.1.82:40171 id 38, len 62
Feb 28 19:34:21.957 UTC: RADIUS: authenticator DF 18 2F 59 21 4F 84 E1 - 61 B8 43 B8 01 C5 58 B4
Feb 28 19:34:21.957 UTC: RADIUS: Reply-Message [18] 18
Feb 28 19:34:21.957 UTC: RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session]
Feb 28 19:34:21.957 UTC: RADIUS: Dynamic-Author-Error[101] 6 Session Context Not Found [503]
Feb 28 19:34:21.957 UTC: RADIUS: Message-Authenticato[80] 18
Feb 28 19:34:21.957 UTC: RADIUS: 30 C9 AE 52 80 2E A2 54 FF F3 4B C7 28 31 A9 61 [ 0R.TK(1a]
ESWHQFL02-S#
ESWHQFL02-S#
-- Switch Config -
aaa authentication login default group tacacs+ local-case
aaa authentication login local_login local
aaa authentication enable default group tacacs+ enable
aaa authentication dot1x default group radius
aaa authorization exec default group tacacs+ local
aaa authorization commands 5 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group radius
aaa authorization network auth-list group DOT1X
aaa accounting dot1x default start-stop group radius
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa server radius dynamic-author
client 10.122.1.82 server-key 7 14141B180F0B
client 10.122.1.80 server-key 7 045802150C2E
aaa session-id common
radius-server attribute 6 on-for-login-auth
radius-server attribute 6 support-multiple
radius-server attribute 8 include-in-access-req
radius-server host 10.122.1.82 auth-port 1812 acct-port 1813 key 7 13061E010803
radius-server host 10.122.1.80 auth-port 1812 acct-port 1813 key 7 104D000A0618
radius-server deadtime 5
radius-server key 7 030752180500
radius-server vsa send accounting
radius-server vsa send authenticationAs per the cisco recommendation IOSv12.2(52)SE is suitable for Catalyst 3750-X which will support all the features without any issues like MAB,802.1X,CWA,LWA,COA,VLAN,DACL,SAG as mentioned in the link below:
http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html.
I see you are using IOSv12.2(58)SE2,which is not recommended.So you can downgrade to IOSv12.2(52)SE which will solve your issues. -
ASR netflow with third party tool
Hi ,
we have one issues where netflow data is not getting into the solar winds tool.in wireshark captures it shows netflow traffic is reaching upto the server.
found one forums and they highlighted one bug as below but its not affecting the release we are having.unable to find the exact bug ID in cisco .let me know if you can get any inputs and highlight the same.
below is the links and current details
https://thwack.solarwinds.com/thread/32146
current ASR version & related netflow config is attached.diesnt find any issue with the configuration .trying with another vendor tool as well and will check .
asr1002x-universal.03.10.01.S.153-3.S1-ext.SPA.bin
show ip flow export cache flow
IP packet size distribution (1317M total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .040 .023 .006 .004 .004 .030 .004 .002 .005 .004 .006 .002 .001 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .047 .029 .781 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 0 bytes
0 active, 0 inactive, 24710853 added
417778 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 5 0.0 61 42 0.0 31.1 31.2
TCP-FTP 52 0.0 20 85 0.0 14.3 30.9
TCP-FTPD 8 0.0 71 51 0.0 3.6 31.1
TCP-WWW 369465 0.0 15 694 1.3 7.2 30.9
TCP-SMTP 417 0.0 84 98 0.0 5.8 30.9
TCP-X 3 0.0 7 277 0.0 1.6 31.1
TCP-BGP 10911 0.0 1 69 0.0 3.0 30.9
TCP-other 19793896 4.6 28 1134 131.5 2.6 30.9
UDP-DNS 320124 0.0 1 79 0.0 0.0 30.9
UDP-NTP 65307 0.0 1 87 0.0 0.1 30.9
UDP-TFTP 854 0.0 1 51 0.0 0.0 30.9
UDP-Frag 1721 0.0 7 58 0.0 2.1 30.9
UDP-other 3850147 0.8 192 1244 172.6 3.7 30.9
ICMP 296732 0.0 3 62 0.2 4.2 30.9
Total: 24709642 5.7 53 1193 305.8 2.8 30.9
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsHI Mike,
If you have third party Document Management System, then you can post two different message, i.e. service order in transaction details of the third party tool with link to document which would be posted to third party Document management server.
If you don't have third party document management system and what to use sap infrastructure, then you don't need to maintain attachment, maintain the link between the third party tool and SAP document repository, with some login utilities.
Best Regards,
Pratik Patel.
Reward with points if it is of any help to you! -
Flexible Netflow (v.9) question on 3850 ipservices doesn't seem to register
Greetings all - I am trying to enable netflow on a new 3850-24 with ipservices. I am leveraging LiveAction and have raised a ticket with them to help me through the issue, but more generally I'm confused about the lack of features I'm seeing. Per the 3850 guide here (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_3850_cg_chapter_010.html) it is stated that you will have the option of turning on inbound and outbound directions on 3850's with ipbase and ipservices.
We are running ip services:
Slot# License name Type Count Period left
1 ipservices permanent N/A Lifetime
However, we get the following error when trying to turn on flow inbound and outbound on the interfaces - whether they are svi (layer3) or interface (layer2)
-----------------Layer2: ----------------------------------------------
(config)#interface GigabitEthernet1/0/24
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR'
Unsupported match field "interface input" for ipv4 traffic in output direction
Unsupported collect field "interface output" for ipv4 traffic in output direction
---------------- Layer3 ---------------------------------------------
switch(config)#interface Vlan190
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
------------------------------------ untruncated output ------------------------------
switch(config-flow-record)#collect counter bytes
% Incomplete command.
switch(config-flow-record)#collect counter packets
% Incomplete command.
switch(config-flow-record)#collect flow sampler
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect interface output
switch(config-flow-record)#collect ipv4 destination mask
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 dscp
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 id
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 source mask
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 source prefix
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing destination as
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing next-hop address ipv4
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing source as
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect timestamp sys-uptime first
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect timestamp sys-uptime last
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect transport tcp flags
switch(config-flow-record)#exit
switch(config)#flow monitor LIVEACTION-FLOWMONITOR
switch(config-flow-monitor)#$ DO NOT MODIFY. USED BY LIVEACTION.
switch(config-flow-monitor)#exporter LIVEACTION-FLOWEXPORTER
switch(config-flow-monitor)#cache timeout inactive 10
switch(config-flow-monitor)#cache timeout active 60
switch(config-flow-monitor)#record LIVEACTION-FLOWRECORD
switch(config-flow-monitor)#exit
switch(config)#interface Vlan197
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#exit
switch(config)#interface Vlan190
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
-------------------- config it's trying to apply----------------------------
config t
ip cef
snmp-server ifindex persist
flow exporter LIVEACTION-FLOWEXPORTER
description DO NOT MODIFY. USED BY LIVEACTION.
destination <removed private IP address to liveaction server>
source Loopback0
transport udp 2055
template data timeout 600
option interface-table
exit
flow record LIVEACTION-FLOWRECORD
description DO NOT MODIFY. USED BY LIVEACTION.
match flow direction
match interface input
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
collect counter bytes
collect counter packets
collect flow sampler
collect interface output
collect ipv4 destination mask
collect ipv4 dscp
collect ipv4 id
collect ipv4 source mask
collect ipv4 source prefix
collect routing destination as
collect routing next-hop address ipv4
collect routing source as
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect transport tcp flags
exit
flow monitor LIVEACTION-FLOWMONITOR
description DO NOT MODIFY. USED BY LIVEACTION.
exporter LIVEACTION-FLOWEXPORTER
cache timeout inactive 10
cache timeout active 60
record LIVEACTION-FLOWRECORD
exit
interface Vlan197
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface Vlan190
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/13
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/18
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/4
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/3
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/6
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/5
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/23
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/24
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR outputWelcome to the Arch forums. That was an amazing first post. It is refreshing to see a new forum member actually post with as much detail as possible in order to explain the situation. Too often we get people saying things like "I can't get to the internet... why?" as the extent of their post. So thanks.
So I am curious about what the dhcpcd is trying to do. It seems to be trying to soliciting for a ipv6 address, but mentions nothing about in ipv4 address. It is not unfortunately not entirely uncommon for dhcpcd to time out waiting for an ipv6 address that never comes. So are you using ipv6? Do you expect an ipv6 address? I noticed that when you tried to ping the google DNS server, you used their ipv4 address (8.8.8.8). So I am thinking that means you are actually using ipv4.
I wonder if you might be able to poll for just an ipv4 address with dhcpcd. Just run it with -4 and it should disable the ipv6 stuff. You might also want to try dhclient and see what kind of output it gives you. If you are definitely not using ipv6, and it is not offered in your area, you might want to disable it. There are instructions in the wiki on how to do this... but you might want to wait until you establish the issue before doing things like that. -
How do you set up SSHv2 on stacked 3750x
I am having a bit of a problem getting SSHv2 to work on stacked 3750x switches. Here's the story. I replaced one 6506-E with a pair of stacked 3750x, and I basically just copied the configuration from the 6506-E to the 3750x. While copying:
ip ssh time-out 60
ip authentication-retries 2
ip ssh logging events
ip ssh version 2
no ip domain-lookup
ip domain-name trdm
login block-for 300 attempts 3 within 60
login on-failure log
login on-success log
to the new switch, I was informed that I had to generate rsa keys in order to enable ssh. So after the entire configuration was copied, I went back and ran
cry key gen rsa
and I chose 1024 bit modulus. It successfully created it, and I was able to verify that SSHv2 was enabled by issuing
sh ip ssh
which returned
SSHv Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 2
Now when I issue
sh cry key mypubkey rsa
I get
Key name: hostname
Storage Device: not specified
Usage: General Purpose Key
Key is not exportable.
Key Data:
<omitted>
Key name: hostname.server
Temporary key
Usage: Encryption Key
Key is not exportable.
Key Data:
<omitted>
The config for my vty lines are:
lin con 0
exec-timeout 4 30
timeout login response 300
login
lin vty 0 4
access-class 101 in
exec-timeout 4 30
password 7 <omitted>
login local
transport input ssh
lin vty 5 15
access-class 101 in
exec-timeout 4 30
password 7 <omitted>
login local
transport input telnet ssh
The ACL is
access-list 101 permit tcp host <omitted> any eq 22
access-list 101 permit tcp host <omitted> any eq 22
access-list 101 permit tcp host <omitted> any eq 22
However, if I use telnet, it works without issue. Anyone have any suggestions?Okay, I have solved my problem on my own, but part of it could have been attributed to the ACL, so I'll award points for that. Essentially what it boils down to is:
1. I didn't have a username and password set up on the switch.
2. I was using an extended ACL on the vty lines.
Once I added the username and password in the global configuration and implemented the standard ACL on the vty lines, it worked without issue. Just one more lesson learned the hard way.
Maybe you are looking for
-
I need to connect a Cisco router to one of the wired ports because I'm creating a home lab with several switches and routers and attached hosts. I need the VERY BASIC ability to set (or even just to SEE) what IP address the AirPort is using/assigning
-
Cannot open PDF outside of browser without "save as" dialog.
Hello, We currently upgraded from Acrobat 8 Standard to Acrobat 10.1.6. On our old version of Acrobat, when we unchecked the option under Preferences - Internet - Display the PDF in Browser, it would open files in an new Acrobat window. With X instal
-
Pass parameter to sql statement in query manager
Hai to all, I want to pass the percentage as the parameter into the sql statemnet.i what to execute it in the query manager. If i execute that statement then cann't found the tablename error is coming. Other than the da
-
ORA-01017: invalid username/password; logon denied. but SQLPLUS works
"ORA-01017: invalid username/password; logon denied" when attempting to log on to db, in three different applications. Error is observed in Toad, Crystal Reports, and MS ODBC Administrator connect test. However, same db credentials work in SQLPLUS. C
-
I have downloaded some ibooks but when I click on the icon nothing happens - it won't open
I have downloaded some ibooks from iTunes but icons will not open when I click on them. This issue applies to my Windows 7 computers and iPad (3rd Gen) and iPhone 4s. I can't find any help/support with this issue.