no router assigned
Hi All,
I'm sure you've seen this post a few times. But I've been through all the support and I've tried to the following using a trial version w/28 days left:
First I've confirmed that netflow is configured on my 2821 routers. And I've turned on debugging to ensure that the netflow packets are being exported. I've also looked at the export stats and it says it's exporting packets.
On the server I've used tcpdump to ensure that the NFA server is actually receiving the packets and it is.
I've confirmed that the port in use is set to 9996 on both side. The snmp community is set appropriately.
The only thing that might be a little non-standard is that our NFA server has two nic's in it... I'm currently exporting the netflow packets from the routers to both IP's on the server and from a layer 2 perspective the packets are being sent and received.
I'm stumped.
The routers are 2 2821's with Version 12.4(5a)
The NFA server is version 5 on a fedora core 4 OS
R2821-B#show ip flow export
Flow export v5 is enabled for main cache
Exporting flows to xx.xx.5.11 (9996) xx.xx.5.250 (9996)
Exporting using source interface GigabitEthernet0/1
Version 5 flow records
1532 flows exported in 420 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
---------------
[root@janus bin]# /usr/sbin/tcpdump port 9996 -i eth1 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:34:23.282400 IP xx.xx.72.110.57045 > xx.xx.5.250.9996: UDP, length 1464
---------------
[root@janus bin]# /usr/sbin/tcpdump port 9996 -i eth0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:35:07.283245 IP xx.xx.72.110.57045 > xx.xx.5.11.9996: UDP, length 1464
-------
Commands used to configure netflow:
ip cef
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 64.141.5.11 9996
ip flow-export destination 72.2.5.250 9996
interface GigabitEthernet0/1
description $ETH-LAN$
ip address xx.xx.72.110 255.255.255.252
ip access-group 101 in
ip nat outside
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
Thanks in advance!
I'm sure you've seen this post a few times. But I've been through all the support and I've tried to the following using a trial version w/28 days left:
First I've confirmed that netflow is configured on my 2821 routers. And I've turned on debugging to ensure that the netflow packets are being exported. I've also looked at the export stats and it says it's exporting packets.
On the server I've used tcpdump to ensure that the NFA server is actually receiving the packets and it is.
I've confirmed that the port in use is set to 9996 on both side. The snmp community is set appropriately.
The only thing that might be a little non-standard is that our NFA server has two nic's in it... I'm currently exporting the netflow packets from the routers to both IP's on the server and from a layer 2 perspective the packets are being sent and received.
I'm stumped.
The routers are 2 2821's with Version 12.4(5a)
The NFA server is version 5 on a fedora core 4 OS
R2821-B#show ip flow export
Flow export v5 is enabled for main cache
Exporting flows to xx.xx.5.11 (9996) xx.xx.5.250 (9996)
Exporting using source interface GigabitEthernet0/1
Version 5 flow records
1532 flows exported in 420 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level
0 export packets were dropped due to no fib
0 export packets were dropped due to adjacency issues
0 export packets were dropped due to fragmentation failures
0 export packets were dropped due to encapsulation fixup failures
---------------
[root@janus bin]# /usr/sbin/tcpdump port 9996 -i eth1 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
01:34:23.282400 IP xx.xx.72.110.57045 > xx.xx.5.250.9996: UDP, length 1464
---------------
[root@janus bin]# /usr/sbin/tcpdump port 9996 -i eth0 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:35:07.283245 IP xx.xx.72.110.57045 > xx.xx.5.11.9996: UDP, length 1464
-------
Commands used to configure netflow:
ip cef
ip flow-cache timeout active 1
ip flow-export source GigabitEthernet0/1
ip flow-export version 5
ip flow-export destination 64.141.5.11 9996
ip flow-export destination 72.2.5.250 9996
interface GigabitEthernet0/1
description $ETH-LAN$
ip address xx.xx.72.110 255.255.255.252
ip access-group 101 in
ip nat outside
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
Thanks in advance!