пятница, 3 апреля 2020 г.

Netflow config cisco catalyst 3850

Issue:
% Flow Record: Failed to field add: Failed to validate Unsetting Public:behaviour
% Flow Monitor: Failed to add monitor to interface: Unsupported key field "interface input" for ip traffic in Output direction

To avoid that use separate monitors for inbound and outbound monitors.


!
flow record FR-INPUT
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match flow direction
 match interface input
 collect counter bytes long
 collect counter packets long
!
!
flow record FR-OUTPUT
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match flow direction
 match interface output
 collect counter bytes long
 collect counter packets long
!
!
flow exporter EXPORT1
 destination 10.74.12.38
 source Vlan170
 transport udp 2055
!
!
flow monitor MONITOR-INPUT
 exporter EXPORT1
 cache timeout active 300
 record FR-INPUT
!
!
flow monitor MONITOR-OUTPUT
 exporter EXPORT1
 cache timeout active 300
 record FR-OUTPUT
!



vlan configuration 1,31,40,170,184,193-207,242
ip flow monitor MONITOR-INPUT input
ip flow monitor MONITOR-OUTPUT output
!