Netflow basic troubleshooting

Setting up Netflow is pretty straightforward. For those that haven’t done it before, it can be a simple as this –

ip flow-export source loopback0
ip flow-export version 5
ip flow-export destination server_ip

Depending on what software you are using, you might use version 9 or 5 of netflow. The source interface can either be a loopback or a SVI such as a vlan interface on the switch or router that you are setting up Netflow on. When troubleshooting Netflow issues, the first command that it is good to use is clear ip flow stats. This will clear the counters for Netflow so that you can see if it is working or not.

The next command to use is sh ip cache flow. This will show you the traffic that is currently being seen by Netflow on the device you are working on. If you are seeing traffic here, the next step is to use sh ip flow export. This will show you that traffic is being sent to your Netflow collection point. If this is incrementing and you arent seeing any info on the collector software interface, double check the configuration of the collection software. Another good troubleshooting step is to run Wireshark on the system running the collection software to verify that you are receiving data from the device that Netflow is configured on.

Send to Kindle
This entry was posted in Blog Entries and tagged , . Bookmark the permalink.