Netflow Analizer does not display any data for a specific Device
Hi, my name is David and I am the administrator of a Network Analyzer 6 Professional Edition with Unlimited licenses. Currently I have a trouble with a Cisco 2811 router which has the next configuration on it:
RT2811_CACBOGALAMOS1#sh running-config | inc flow
ip flow-cache timeout active 1
ip flow-export source Loopback0
ip flow-export version 5
ip flow-export destination 172.22.227.3 9996
This device is sending flows to 172.22.227.3 using v5 Netflow. The router is working properly as you can see in the next log:
RT2811_CACBOGALAMOS1#ping 172.22.227.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.22.227.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/22/48 ms
RT2811_CACBOGALAMOS1#sh ip flow export
Flow export v5 is enabled for main cache
Exporting flows to 172.22.227.3 (9996)
Exporting using source interface Loopback0
Version 5 flow records
11823 flows exported in 395 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
RT2811_CACBOGALAMOS1#sh ip flow interface
FastEthernet0/0
ip route-cache flow
FastEthernet0/1
ip route-cache flow
RT2811_CACBOGALAMOS1#sh ip cache flow
IP packet size distribution (677928 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .306 .042 .036 .020 .015 .013 .007 .005 .004 .005 .002 .001 .009 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.001 .000 .000 .022 .502 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
221 active, 3875 inactive, 12095 added
208260 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 21640 bytes
221 active, 803 inactive, 12095 added, 12095 added to flow
0 alloc failures, 0 force free
1 chunk, 0 chunks added
last clearing of statistics 00:11:27
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-WWW 365 0.5 15 699 8.3 3.3 8.0
TCP-SMTP 4 0.0 187 906 1.1 3.6 1.6
TCP-other 7122 10.4 91 825 962.9 3.4 9.5
UDP-DNS 240 0.3 1 76 0.3 0.1 15.4
UDP-NTP 38 0.0 1 92 0.0 0.0 15.6
UDP-Frag 10 0.0 4 151 0.0 10.6 15.3
UDP-other 2877 4.2 5 168 22.2 9.1 14.5
ICMP 1491 2.1 1 148 3.2 0.6 15.5
Total: 12147 17.8 55 807 998.4 4.3 11.5
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/0.744 172.18.184.206 Fa0/1.978 172.22.103.201 11 0089 0089 3
Fa0/0.744 172.18.184.219 Fa0/1.978 172.22.103.201 11 0089 0089 6
Fa0/0.744 172.18.184.208 Fa0/1.978 172.22.103.201 11 0089 0089 3
Fa0/0.744 172.18.184.247 Fa0/1.978 132.147.171.63 06 0002 0A25 7
Fa0/0.744 172.18.184.243 Fa0/1.978 172.22.103.201 11 0089 0089 6
Fa0/0.744 172.18.184.252 Fa0/1.978 172.22.103.201 11 0089 0089 3
--- Information Omitted ----
RT2811_CACBOGALAMOS1#sh clock
10:51:00.008
The logs displayed previously evidence that the router is sending flows but in the Netflow Analizer is not showing any information.
Those are the results on the server:
I have almost 250 devices in Netflow Analizer and most of them are working properly, however this device suddenly stops traffic analysis. I have deleted the device in the administration console, then I reconfigured the netflow commands on the router and finally I even reload the router but the results are the same: The Netflow Analyzer is not monitoring the traffic for It. Do you have any idea why this is happening?
Thanks.