DX Infrastructure Manager

Back to discussions
Expand all | Collapse all

NFA issue with Cisco 4500X

Jump to Best Answer

  • 1.  NFA issue with Cisco 4500X

    Posted 02-29-2016 11:49 AM

    We are attempting to configure a Cisco 4500X device, running IOS-XE, to send Netflow to NFA and we cannot get it to work for any VLAN interface.

     

    If we attempt to configure the Flow Monitor on the VLAN interface we get the message "Configuring Flow Monitor on SVI interfaces is not allowed. Instead configure Flow Monitor in vlan configuration mode via the command `vlan config <vlan number>'" and we have done this as follows.

    vlan configuration 13

    ip flow monitor CAPC input

     

    With this config the device does send flows to the Harvester but not for the VLAN 13 as we are expecting. Instead they are sent for an apparently random set of interfaces, a mixture of both physical and virtual. These are all processed and reported on by NFA, hence we are confident all 8 required fields are configured. Note we have tried this for a different VLAN and get Netflow data for a different set of interfaces, and still not for the VLAN.

     

    I have found some discussions on a couple of forums indicating this may be an issue with the Catalyst 4500 and am waiting on confirmation (or not) from Cisco. In the meantime I was wondering has anyone else in this forum come across this issue. Any feedback would be appreciated.

     

    Regards, John

     

    For info the firmware version of the device is “Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.06.03.E RELEASE SOFTWARE (fc3))”



  • 2.  Re: NFA issue with Cisco 4500X

    Posted 03-03-2016 11:25 AM

    It may have something to do with the IOS version, it looks like some additional options were added in IOS-XE v 3.3 in relation to vlans and netflow configuration.

    Catalyst 4500 Series Switch Software Configuration Guide, Release IOS XE 3.4.xSG and IOS 15.1(2)SGx - Configuring Flexib…

     

    Did you hear back from Cisco Support yet?



  • 3.  Re: NFA issue with Cisco 4500X

    Posted 03-04-2016 10:18 AM

    I suspect you could be right that it is an issue with the IOS-XE version. I found a stream on another forum discussing the same issue from 4 or 5 years back and it was apprently fixed at that time. However there was a later comment from a year ago that seemed to imply it had returned.

     

    Still waiting on Cisco I'm afraid.



  • 4.  Re: NFA issue with Cisco 4500X
    Best Answer

    Posted 03-04-2016 04:14 AM

    On other IOS-XE Types we use both Input and Output flow Monitors with success.

    You can find an example in how to configure net flow on cisco asr 1002 Routers

    Especially the  configuration of the flow records was a long process of  try and error.

    But, I afraid, it will be ten times  faster than an helpful reaction from Cisco...

    Regards, Frank



  • 5.  Re: NFA issue with Cisco 4500X

    Posted 03-04-2016 10:31 AM

    The specific issue is with configuring netflow on a VLAN interface on a Catalyst 4500 running IOS-XE. The client has no problem configuring this on a couple of other devices running IOS.