Netflow commands on a 4451

Similar Messages

• Netflow command and interface

  Hi,
  I have a few simple questions regarding netflow. Would anyone please clarify them for me?
  1. I usually configured netflow with "ip route-cache flow" command. Anyway, I have seen articles mentioning "ip flow ingress" and "ip flow egress" commands. What is different exactly i.e. ip route-cache flow and ip flow ingress|egress? Which one should be used?
  2. I understand netflow needs to be configured on every interface to export completely netflow data. Is it correct?
  3. If there are 2 physical and 2 logical i.e. tunnel interfaces, how many/which interfaces should netflow be configured? Are only physical interfaces enough?
  Please let me know if I misunderstand anything.
  Thank you very much,
  Nitass

  AFAIK:
  1. "ip route-cache flow" is deprecated starting in 12.2(18)SXD. See this URL for other IOS trains: http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1049320
  2. It's generally correct, due to the unidirectional nature of NetFlow records. Otherwise, you run the risks such as only seeing one direction of a given "conversation".
  3. My understanding was NetFlow cache could only be enabled on layer-3 interfaces. However, on the catalyst 6000s (and sup720?), you can get layer-2 bridged traffic between hosts in the same VLAN, using the following config:
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Then, there's this recent thread that makes it sound promising that layer-2 ports could become NetFlow-enabled, though it's not clear (to me) how it works out in practice:
  https://supportforums.cisco.com/message/678612#678612
  So YMMV. The best bet is to actually attempt configuring it. Odds are the physical interfaces won't accept the "ip route-cache flow" or "ip flow ingress/egress" config.

• ASR 1006 with IOS 3.13.1S, NetFlow commands not working

  Hi,
  We have Cisco ASR1006 router with IOS asr1000rp1-advipservicesk9.03.13.01.S.154-3.S1-ext.bin, we have recently upgrade IOS from asr1000rp1-advipservicesk9.02.03.02.122-33.XNC2.bin.
  After upgrading the IOS ip flow ingress and ip flow egress command is not working.
  Please suggest on configuring NetFlow commands on this.
  Regards
  MAC

  Also try this link, found if you follow the URL above, and I have made some notes about configuring inbound and outbound flow monitoring :-
  http://docwiki.cisco.com/wiki/Migrating_from_Traditional_to_Flexible_NetFlow#Flexible_NetFlow_Migration_in_Practice
  That article was referred in these release notes but don’t follow the link in the release notes, use the link above as it seems to have moved;
  http://www.cisco.com/c/en/us/td/docs/routers/asr1000/release/notes/asr1k_rn_rel_notes/asr1k_feats_important_notes_313s.html#pgfId-3455900
  The syntax I have used is almost the same, except that I don’t think you can quite have the 2 options they mention in the last line;
  flow exporter FlowExporter1
    destination 192.168.9.101
    transport udp 9996
    export-protocol netflow-v5
    source FastEthernet 0/1
  flow monitor FlowMonitor1
    record netflow ipv4 original-input
    exporter FlowExporter1
    cache timeout active 1
    cache timeout inactive 15
  interface FastEthernet 0/1
    ip flow monitor FlowMonitor1 [input|output]  <<<  with the netflow record above only input is ok
  According to the command reference I looked at when you use the ipv4 ‘netflow’ flow record with ‘original-input’, it can only monitor inbound packets and vice-versa for ‘original-output’, therefore I think you need the pair of settings as we have done.
  [see here http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/configuration/guide/12_2sr/fnf_12_2_sr_book/get_start_cfg_fnflow.html#wp1059480 ]
  flow monitor FlowMonitor1
    record netflow ipv4 original-input
  flow monitor FlowMonitor2
    record netflow ipv4 original-output
  interface FastEthernet 0/1
    ip flow monitor FlowMonitor1 input
    ip flow monitor FlowMonitor2 output
  Rgds
  Ian

• Why netflow commands are not available in 4506-E?

  Hi,
  we have one 4506-E Chassis , Sup7L-E , LAN Base with cat4500e-universalk.SPA.03.03.00.SG.151-1.SG.bin image
  why netflow commands are not available not available in this. someone said netflow will work only with IP base License , is that right?
  Or how to enable it 
  thanks
  Sujish 

  Hi,
  For Nwtflow, you need IP Base or Enterprise Services License.
  See table-1 in this link;
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26675-01.pdf 
  HTH

• NetFlow from VRF on 4451-X

  I have a 4451-X router running XE 3.13.
  I want to get NetFlow data from interface G0/0/0 and sent it to my collector via the management VRF interface G0. Is this possible? If so, what is the configuration to make it work?
  This is what I have so far:
  flow record NetFlow
   match ipv4 tos
   match ipv4 protocol
   match ipv4 source address
   match ipv4 destination address
   match transport source-port
   match transport destination-port
   collect counter bytes
   collect counter packets
  flow exporter NetFlow-to-Orion
   destination 10.y.y.90 vrf Mgmt-intf
   source GigabitEthernet0
   transport udp 2055
   export-protocol netflow-v5
  flow monitor NetFlow-Monitor
   description Original Netflow captures
   exporter NetFlow-to-Orion
   cache timeout inactive 10
   cache timeout active 5
   record NetFlow
  interface GigabitEthernet0/0/0
   ip address xxx.xxx.xxx.xxx/30
   ip flow monitor NetFlow-Monitor input
   ip flow monitor NetFlow-Monitor output
   media-type sfp
   no negotiation auto
   no lldp transmit
  interface GigabitEthernet0
   vrf forwarding Mgmt-intf
   ip address 10.x.x.37 255.255.255.0
   negotiation auto
  What am I missing?
  Thanks,
  Patrick

  What netFlow tool do you have? Is the NetFlow tool seeing packets but not reporting anything?
  If so, it can be because the flow records exported does not have the necessary information needed by the tool to process the NetFlow datagrams. Most NetFlow tools expect the below configuration:
  flow record netfow
  match ipv4 tos
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  match interface input
  collect interface output
  collect counter bytes
  collect counter packets
  collect flow direction
  And in the flow exporter, reduce the active cache timeout to 1
  If the server where the NetFlow tool is installed is not seeing packets, make sure that:
  1. You have a route to the destination from the GigabitEthernet0
  2. No firewalls on the server or ACLs are blocking packets from the switch to the NetFlow server
  Thanks,
  Don

• Cisco 4331 Netflow Commands

  Greetings,
  Trying out these new Cisco 4300 series routers and apparently some commands have changed... to be more specific I am trying to configure netflow and none of the traditional commands work:
  #conf t
  ip flow-export source gig 0/0
  ip flow-export version 5
  ip flow-export destination 10.1.1.40 (port #)
  int gig 0/0
  ip flow egress
  ip flow ingress
  ip route cash-flow
  #exit
  I can't seem to find an admin manual for these, can someone please tell me what the new commands are?
  Kind regards,
  Juan

  Flexible NetFlow is what you need if you are sure your device and IOS supports it. Here is a sample NetFlow v9 or Flexible NetFlow configuration:
  http://www.solarwinds.com/documentation/en/flarehelp/netflow/content/orionnetflowag-ciscoflexiblenetflowconfiguration.htm
  Regards,
  Don Jacob
  http://www.solarwinds.com/netflow-traffic-analyzer.aspx
  PS: Dont forget to rate and close helpful answers.

• Netflow Traffic

  Hi guys
  I have configured the router to forward traffic to my server hosting netflow
  My Netflow  server IP is 192.9.200.7 and its listening on port 9996
  My router IP is192.9.200.254
  and netflow has been enabled with following commands
  IP-flow export source gigabitethernet 0/1
  IP-flow export version 5
  IP-flow export destination 192.9.200.7 9996
  The network is switch --->cisco ASA---->Router,
  My problem is my netflow traffic from the router is not reaching the netflow server hence i cannot get info and am told its the firewall blocking.
  Kindly assist and tell me whether my firewall configs are the Problem
  interface Ethernet0/0
  nameif outside
  security-level 0
  interface Ethernet0/1
  nameif inside
  security-level 100
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  interface Management0/0
  shutdown
  no nameif
  no security-level
  management-only
  banner motd #
  banner motd # This is Kenya Re network. No unauthorized access is allowed - such access will be prosecuted. Access requests to be forwaded to the ICT Team. #
  ftp mode passive
  access-list 100 extended permit icmp any any
  access-list 100 extended permit icmp any any echo
  access-list 100 extended permit icmp any any echo-reply
  access-list 100 extended permit icmp any any unreachable
  access-list SMTP_OUT remark permit outgoing mail from MXserver
  access-list ACL_OUT_IN extended permit icmp any any
  access-list ACL_OUT_IN extended permit ip 192.9.200.0 255.255.255.0 any
  access-list ACL_OUT_IN extended permit tcp any host 192.9.200.5 eq https
  access-list ACL_OUT_IN extended permit tcp 196.200.16.0 255.255.255.0 host 192.9.200.5 eq smtp
  access-list ACL_OUT_IN extended permit tcp host 217.21.112.60 host 192.9.200.5 eq smtp
  access-list ACL_OUT_IN extended permit tcp host 80.240.192.30 host 192.9.200.5 eq smtp
  access-list ACL_OUT_IN extended permit tcp any host 192.9.200.5 eq 993
  access-list ACL_OUT_IN extended permit tcp any host 192.9.200.5 eq 995
  access-list ACL_OUT_IN extended permit tcp host 41.206.48.74 host 192.9.200.5 eq smtp
  access-list ACL_OUT_IN extended permit ip 192.168.205.0 255.255.255.0 any
  access-list ACL_OUT_IN extended deny ip any any
  access-list ACL_OUT_IN extended permit udp any host 192.9.200.7 eq snmp
  access-list ACL_OUT_IN extended permit udp any host 192.9.200.7 eq snmptrap
  access-list ACL_OUT_IN extended permit udp any host 192.9.200.7 eq 9996
  pager lines 24
  logging enable
  logging timestamp
  logging buffered debugging
  logging trap errors
  logging history errors
  logging recipient-address [email protected] level errors
  logging queue 500
  logging host inside 192.9.200.7 6/1026
  mtu outside 1500
  mtu inside 1500
  ip address 192.9.200.20 255.255.255.0
  asdm image disk0:/asdm-508.bin
  no asdm history enable
  arp timeout 14400
  access-group ACL_OUT_IN in interface outside
  route outside 0.0.0.0 0.0.0.0 192.9.200.254 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
  timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  username support password Yf12uhqRlWbAtYR. encrypted
  username netadmin password Jx0xbhkzRrIpxYnu encrypted
  aaa authentication ssh console LOCAL
  snmp-server host inside 192.9.200.7 community private
  no snmp-server location
  no snmp-server contact
  snmp-server community KRE
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet 192.9.200.0 255.255.255.0 outside
  telnet 172.30.0.0 255.255.255.0 outside
  telnet 192.9.200.0 255.255.255.0 inside
  telnet timeout 5
  ssh 192.9.200.0 255.255.255.0 outside
  ssh 41.206.48.74 255.255.255.255 outside
  ssh 192.9.200.0 255.255.255.0 inside
  ssh timeout 30
  ssh version 2
  console timeout 0
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect dns maximum-length 512
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp

  Peter, are those the only NetFlow commands you have applied on the router? Have you applied "ip route-cache flow" on each interface of the router? Check from the router the output of "sh ip cache flow" and "sh ip flow export" and see if there are actually NetFlow packets in the router cache and other cache stats.
  Second, since the firrwall configuration seems fine (except for ip any deny, which you said has been removed), have you tried installing WireShark on the NetFlow server and see if it is actually receiving NetFlow packets? If it is, disable the software firewall on your server and give it a shot.
  Regards,
  Don Thomas Jacob
  Head Geek @ SolarWinds - Network Management and Monitoring tools
  NOTE: Please rate and close questions if you found any of the answers helpful.

• NetFlow/NetQOS on a 3750x switch

  Hello, I have 3750x running c3750e-universalk9-mz.122-55.SE5 layer 3 capable. Im trying to enable net flow on the switch but for some reason the flow commands dont appear to be available in config t mode. Are there some other global commands that have to be enabled first in order for the netflow commands to be available or is it  the image that doesnt support netflow?
  Andy

  Thanks Rajeevsh,
  I ran the command I got the output below, i do see ipbase in there but dont know if that means its active..
  Maybe it needs to have IP services as you pointed out..
  Thanks for looking at this..
  andy
  inmu-tcs-inet1-sw#sh license all
  License Store: Primary License Storage
  StoreIndex: 0   Feature: lanbase                           Version: 1.0
          License Type: Permanent
          License State: Active, Not in Use
          License Priority: Medium
          License Count: Non-Counted
  StoreIndex: 1   Feature: ipbase                            Version: 1.0
          License Type: Permanent
          License State: Active, In Use
          License Priority: Medium
          License Count: Non-Counted
  License Store: Evaluation License Storage
  StoreIndex: 0   Feature: ipservices                        Version: 1.0
          License Type: Evaluation
          License State: Active, Not in Use, EULA not accepted
              Evaluation total period: 8  weeks 4  days 
              Evaluation period left: 8  weeks 4  days 
          License Priority: None
          License Count: Non-Counted
  I also ran it on another 3750x where netflow commands seem to work and the output is different..see below:
  dmz-srvdist1a-sw#sh license all
  License Store: Primary License Storage
  StoreIndex: 0   Feature: ipbase                            Version: 1.0
          License Type: Permanent
          License State: Active, In Use
          License Priority: Medium
          License Count: Non-Counted
  License Store: Evaluation License Storage
  StoreIndex: 0   Feature: ipservices                        Version: 1.0
          License Type: Evaluation
          License State: Active, Not in Use, EULA not accepted
              Evaluation total period: 8  weeks 4  days 
              Evaluation period left: 8  weeks 4  days 
          License Priority: None
          License Count: Non-Counted

• NetFlow VRF Export

  Hi Guys!!! I need your help please. I have a Router 12404/PRP (IP=1.1.1.1) and I'm trying to connect it to a Traffic Analiser (IP=1.1.1.2) in order to send flow records. When I connect the Router directly to Analiser without VRF configuration [Case-1], there is no problem and can see flow packets arriving to Analiser through a sniffer. But, when I configured VRF [Case-2], these flow packets are not arriving, I do not know if I need to configure something else inside or outside VRF. This is the configuration:
  [Case-1] Configuration without VRF:
  interface  FastEthernet0
    ip address 1.1.1.1  255.255.255.0
    no ip directed-broadcast
    negotiation  auto
  ip flow-export destination 1.1.1.2  63636
  [Case-2] Configuration with VRF:
  interface  FastEthernet0
  ip address 1.1.1.1  255.255.255.0
    ip vrf forwarding ANALISER
    no ip  directed-broadcast
    negotiation  auto
  ip flow-export destination 1.1.1.2 63636 vrf ANALISER
  Common Configuration:
  ip vrf ANALISER
  rd 19114:200001
  export map RM-vrf-ANALISER
  route-target export 19114:200001
  route-target import 19114:200001
  route-target import 19114:200011
  route-target import 19114:200004
  1.- Do I need to configure anything else?
  2.- Is it possible to use the vrf interface as source of netflow packets?
  3.- Can I export flow records within a VRF.
  Thanks  in advance for your kindly help guys!
  Saludos,
  Carlos*

  Hello Carlos,
  according to netflow command reference support for export of netflow data to a VRF is recent
  http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1049093
  Before Cisco IOS Releases 12.4(4)T, only one routing option existed for NetFlow export data packets. NetFlow sent all export data packets to the global routing table for routing to the export destinations you specified.
  this is clearly an IOS release for ISR routers.
  looking at feature navigator at www.cisco.com/go/fn
  using search by feature and typing netflow several netflow features are displayed but no explicit export to VRF feature appears.
  You may want to open a service request to ask if and when it is supported on GSR.
  As you can understand up to now netflow data export has been done in the global routing table and it is common practice for service providers to do so.
  Hope to help
  Giuseppe

• Time-based sample NetFlow

  Hi Guys
  I need to enable some of the Cisco IOS XR devices in the network to send netflow information to the collector, but the collector requires receive traffic statistics every 5 minutes from the devices. So I am not sure if Cisco IOS XR devices (12K and ASR9K) support time-based method for sample netflow and what are the guidelines for implement this method in a successful way.
  Hope your support!
  Thanks!
  Marcelo

  Hello Marcelo,
  Netflow sampling does not control timer to send netflow stats to collector. Sampling is undetermined variable, it could give impact to the performance depending on how much the traffic is sampled. So, be considerate when setting sampling. According to documentation, for optimal performance, the recommended value is 1 out-of 10000.
  http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/netflow/command/reference/b_netflow_cr43asr9k_chapter_01.html#wp2397758831
  Export the flow template might do the trick as Jake mentioned. The command is 'template data timeout 60' under flow exporter-map command.
  Thanks,
  rivalino

• Netflow on 2960 and 3560 !!

  Dear all,
  I am trying to configure netflow on cisco catalyst 2960(12.250 SE4) and 3560G(12.250 ) switches for mcafee network security manager.
  But netflow command is not supported for this mcafee device. 
  I want to know, is there any process to configure netflow on this device?
  thanks in advance.

    As far as I know those switches do not support any kind of netflow .

• Egress NetFlow on 7600

  Is "ip flow egress" supported on this platform? Is it possible to collect bidir stats if Netflow configured as follows:
  interface vlan ...
  ip flow ingress
  ip flow egress

  Rather, it depends on the version of the IOS you're running:
  http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1012951
  " If your router is running Cisco IOS release 12.2(14)S or a later release, or Cisco IOS Release 12.2(15)T or a later release, NetFlow accounting might be enabled through the use of the ip flow ingress command instead of the ip route-cache flow command.
  12.3(11)T
  The egress keyword was added."
  Unless there's new advances, I don't think you can apply both "ingress" and "egress" on the same interface. NetFlow is based on unidirectional flow records.

• L2 netflow in 6500 IOS version 15S

  We configured netflow at a 6509E with version 12.2.
  mls aging long 120
  mls aging normal 60
  mls netflow interface
  mls flow ip interface-full
  mls nde sender version 5
  ip flow-export source vlan1
  ip flow ingress layer2-switched vlan xxx-yyy
  ip flow-export destination 10.1.1.1 20
  and we added some "ip flow ingress" at selected interfaces.
  interface Vlanxx1
   ip flow ingress
  it works as expected
  Now we need to configure it at 6509E with version 15
  It is ok to configure the interfaces with flow monitor and exporter, but I didn´t find the layer2 netflow command.
  I used http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fnetflow/configuration/15-sy/fnf-15-sy-book.pdf to configure the netflow monitoring.
  Does anyone know about l2 netflow at IOS version 15?
  Thanks.
  Igor Max

  Looks to me like a timer problem - maybe a ARP timer on the clients? Check the ARP tables of your clients during your tests.
  HTH

• Netflow and interface

  there are interfaces in netflow output,   source interface and destination interface.   but how netflow know incoming and outgoing interface.
    i see some traffic has same interface for source interfce and destination interface,

  AFAIK:
  1. "ip route-cache flow" is deprecated starting in 12.2(18)SXD. See this URL for other IOS trains: http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_01.html#wp1049320
  2. It's generally correct, due to the unidirectional nature of NetFlow records. Otherwise, you run the risks such as only seeing one direction of a given "conversation".
  3. My understanding was NetFlow cache could only be enabled on layer-3 interfaces. However, on the catalyst 6000s (and sup720?), you can get layer-2 bridged traffic between hosts in the same VLAN, using the following config:
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Then, there's this recent thread that makes it sound promising that layer-2 ports could become NetFlow-enabled, though it's not clear (to me) how it works out in practice:
  https://supportforums.cisco.com/message/678612#678612
  So YMMV. The best bet is to actually attempt configuring it. Odds are the physical interfaces won't accept the "ip route-cache flow" or "ip flow ingress/egress" config.

• Flexible Netflow (v.9) question on 3850 ipservices doesn't seem to register

  Greetings all - I am trying to enable netflow on a new 3850-24 with ipservices.  I am leveraging LiveAction and have raised a ticket with them to help me through the issue, but more generally I'm confused about the lack of features I'm seeing. Per the 3850 guide here (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_3850_cg_chapter_010.html) it is stated that you will have the option of turning on inbound and outbound directions on 3850's with ipbase and ipservices.  
  We are running ip services:
   Slot#  License name   Type     Count   Period left 
   1      ipservices   permanent     N/A   Lifetime
  However, we get the following error when trying to turn on flow inbound and outbound on the interfaces - whether they are svi (layer3) or interface (layer2)
  -----------------Layer2: ----------------------------------------------
  (config)#interface GigabitEthernet1/0/24
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' 
  Unsupported match field "interface input" for ipv4 traffic in output direction
  Unsupported collect field "interface output" for ipv4 traffic in output direction
  ---------------- Layer3 ---------------------------------------------
  switch(config)#interface Vlan190
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  ------------------------------------ untruncated output ------------------------------
  switch(config-flow-record)#collect counter bytes
  % Incomplete command.
  switch(config-flow-record)#collect counter packets
  % Incomplete command.
  switch(config-flow-record)#collect flow sampler
                                                      ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect interface output
  switch(config-flow-record)#collect ipv4 destination mask
                                                  ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect ipv4 dscp
                                                  ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect ipv4 id
                                                  ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect ipv4 source mask
                                                  ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect ipv4 source prefix
                                                  ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect routing destination as
                                                 ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect routing next-hop address ipv4
                                                 ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect routing source as
                                                 ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect timestamp sys-uptime first
                                                           ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect timestamp sys-uptime last
                                                           ^
  % Invalid input detected at '^' marker.
  switch(config-flow-record)#collect transport tcp flags
  switch(config-flow-record)#exit
  switch(config)#flow monitor LIVEACTION-FLOWMONITOR
  switch(config-flow-monitor)#$ DO NOT MODIFY. USED BY LIVEACTION. 
  switch(config-flow-monitor)#exporter LIVEACTION-FLOWEXPORTER
  switch(config-flow-monitor)#cache timeout inactive 10
  switch(config-flow-monitor)#cache timeout active 60
  switch(config-flow-monitor)#record LIVEACTION-FLOWRECORD
  switch(config-flow-monitor)#exit
  switch(config)#interface Vlan197
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  switch(config-if)#exit
  switch(config)#interface Vlan190
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
  % Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
  -------------------- config it's trying to apply----------------------------
  config t
  ip cef
  snmp-server ifindex persist
  flow exporter LIVEACTION-FLOWEXPORTER
  description DO NOT MODIFY. USED BY LIVEACTION.
  destination <removed private IP address to liveaction server>
  source Loopback0
  transport udp 2055
  template data timeout 600
  option interface-table
  exit
  flow record LIVEACTION-FLOWRECORD
  description DO NOT MODIFY. USED BY LIVEACTION.
  match flow direction
  match interface input
  match ipv4 destination address
  match ipv4 protocol
  match ipv4 source address
  match ipv4 tos
  match transport destination-port
  match transport source-port
  collect counter bytes
  collect counter packets
  collect flow sampler
  collect interface output
  collect ipv4 destination mask
  collect ipv4 dscp
  collect ipv4 id
  collect ipv4 source mask
  collect ipv4 source prefix
  collect routing destination as
  collect routing next-hop address ipv4
  collect routing source as
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  collect transport tcp flags
  exit
  flow monitor LIVEACTION-FLOWMONITOR
  description DO NOT MODIFY. USED BY LIVEACTION.
  exporter LIVEACTION-FLOWEXPORTER
  cache timeout inactive 10
  cache timeout active 60
  record LIVEACTION-FLOWRECORD
  exit
  interface Vlan197
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface Vlan190
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/13
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/18
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/4
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/3
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/6
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/5
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/23
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output
  exit
  interface GigabitEthernet1/0/24
  ip flow monitor LIVEACTION-FLOWMONITOR input
  ip flow monitor LIVEACTION-FLOWMONITOR output

  Welcome to the Arch forums.  That was an amazing first post.  It is refreshing to see a new forum member actually post with as much detail as possible in order to explain the situation.  Too often we get people saying things like "I can't get to the internet... why?" as the extent of their post.  So thanks.
  So I am curious about what the dhcpcd is trying to do.  It seems to be trying to soliciting for a ipv6 address, but mentions nothing about in ipv4 address.  It is not unfortunately not entirely uncommon for dhcpcd to time out waiting for an ipv6 address that never comes.  So are you using ipv6?  Do you expect an ipv6 address?  I noticed that when you tried to ping the google DNS server, you used their ipv4 address (8.8.8.8).  So I am thinking that means you are actually using ipv4.
  I wonder if you might be able to poll for just an ipv4 address with dhcpcd.  Just run it with -4 and it should disable the ipv6 stuff.  You might also want to try dhclient and see what kind of output it gives you.  If you are definitely not using ipv6, and it is not offered in your area, you might want to disable it.  There are instructions in the wiki on how to do this... but you might want to wait until you establish the issue before doing things like that.