Cisco Catalyst 2960X 上的 Netflow 未向 PRTG 发送数据

网络工程 思科 转变 净流
2022-02-13 18:55:10

我正在使用 2 Cisco Catalyst 2960X 作为堆叠交换机,我正在尝试使用 PRTG 作为网络监视器在它们上设置 Netflow,但似乎我被困在某个地方,下面是我正在使用的配置:

flow record toPRTG
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
!
!
flow record toPRTG1
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
!
!
flow exporter toPRTG
destination 172.18.145.xxx
transport udp 9995
!
!
flow monitor toPRTG
exporter toPRTG
cache timeout active 15000
record toPRTG
!
!
sampler toPRTG
mode random 1 out-of 32
!
!
interface GigabitEthernet2/0/10
switchport access vlan xxx
switchport mode access
ip flow monitor toPRTG sampler toPRTG input
spanning-tree portfast
!
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995

以及 PRTG 上的设置

PRTG 设置 1 PRTG 设置 2

我可以看到 Flow Exporter 正在发送数据,但 PRTG 在我配置的 UDP 端口上没有收到任何东西。两台设备之间有防火墙,但我允许流量通过。PRTG上也没有防火墙。

LBN-STACK-SW#show flow exporter statistics
Flow Exporter toPRTG:
Packet send statistics (last cleared 2d00h ago):
Successfully sent: 6489 (4907448 bytes)
Client send statistics:
Client: Flow Monitor toPRTG
Records added: 195422
- sent: 195422
Bytes added: 3126752
- sent: 3126752

我可以知道我可能配置错了什么吗?提前致谢。

已编辑:添加了更多信息

Flow Exporter toPRTG:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 172.18.145.203
    Source IP address:      172.18.148.13
    Source Interface:       Vlan148
    Transport Protocol:     UDP
    Destination Port:       9995
    Source Port:            49334
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used

interface Vlan148
 ip address 172.18.148.13 255.255.255.240

编辑:完整配置

Building configuration...

Current configuration : 8535 bytes
!
! Last configuration change at 03:21:14 UTC Tue Aug 15 2017 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LBN-STACK-SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
switch 2 provision ws-c2960x-24ts-l
ip routing
!
!

vtp mode transparent
!
!
!
!
!
!
!
flow record toPRTG
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
!
!
flow record toPRTG1
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
!
!
flow exporter toPRTG
 destination 172.18.145.xxx
 source Vlan148
 transport udp 9995
!
!
flow monitor toPRTG
 exporter toPRTG
 cache timeout active 15000
 record toPRTG
!
!
sampler toPRTG
 mode random 1 out-of 32
!
!
crypto pki trustpoint TP-self-signed-3314246400
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3314246400
 revocation-check none
 rsakeypair TP-self-signed-3314246400
!
!
crypto pki certificate chain TP-self-signed-3314246400
 certificate self-signed 01
xxxx
        quit
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
vlan 144
 name xxxx
!
vlan 145
 name xxxx
!
vlan 146
 name xxxx
!
vlan 147
 name xxxx
!
vlan 148
 name Mgnt-vlan
!
vlan 150
 name xxxx
!
vlan 155
 name xxxx
!
vlan 1441
 name xxxx
!
vlan 1442
 name xxxx
!
vlan 1443
 name xxxx
!
vlan 1447
 name xxxx
!
vlan 1451
 name xxxx
!
vlan 1452
 name xxxx
!
vlan 1453
 name xxxx
!
vlan 1488
 name xxxx
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description to-LBN-ACC-01
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel2
 description to-LBN-ACC-02
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel3
 description to-LBN-ACC-03
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel4
 description to-WLC
 switchport mode trunk
!
interface Port-channel5
 description to-LBN-ACC-04
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
 switchport access vlan 1451
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 5 mode active
!
interface GigabitEthernet1/0/20
 switchport trunk allowed vlan 144-146,148,150,155,1441-1443,1447,1451-1453
 switchport trunk allowed vlan add 1488
 switchport mode trunk
!
interface GigabitEthernet1/0/21
 switchport mode trunk
 channel-protocol lacp
 channel-group 4 mode active
!
interface GigabitEthernet1/0/22
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/0/23
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet1/0/24
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 3 mode active
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
 switchport mode access
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
 switchport access vlan 147
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/10
 switchport access vlan 148
 switchport mode access
 ip flow monitor toPRTG sampler toPRTG input
 spanning-tree portfast
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
 description to-Fortinet-Port3
 switchport access vlan 148
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
 description to-WLC-port10
 switchport mode trunk
 channel-protocol lacp
 channel-group 4 mode active
!
interface GigabitEthernet2/0/22
 description to-access-sw01-port-50
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet2/0/23
 description to-access-sw02-port-50
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet2/0/24
 description to-access-sw03-port-48
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 3 mode active
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan145
 no ip address
!
interface Vlan148
 ip address 172.18.148.xx 255.255.255.240
!
interface Vlan1441
 no ip address
!
interface Vlan1442
 no ip address
!
interface Vlan1443
 no ip address
!
interface Vlan1451
 no ip address
!
interface Vlan1452
 no ip address
!
ip default-gateway 172.18.148.xx
ip http server
ip http secure-server
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995
!
ip route 0.0.0.0 0.0.0.0 172.18.148.xx
ip ssh version 2
!
!
snmp-server community xxxx RO
!
!
line con 0
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login
!
end
1个回答

Catalyst 2960-X 支持所谓的 netflow lite,而不是完整的 netflow,为此,它至少需要 LANBASE 许可证。请参阅https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_e/fnf/configuration_guide/b_fnf_1522e_2960x_cg/b_fnf_32se_3850_cg_chapter_010.html上的“先决条件” (可公开获得 Cisco文档)。

show version请参阅或show license检查给定 2960-X 上的许可证的输出。我们已经看到了 Lan Lite 交换机会接受不支持的功能的命令而不返回错误的情况 - 而该功能将无法正常工作。

话虽如此,我看不出配置中的错误可能在哪里 - 我们有

a) a flow record
b) a flow exporter 
c) a flow monitor making use of a) and b)  
d) a flow sampler  
e) and finally an interface config making use of c) and d).

...这就是配置指南的建议。我怀疑问题出在 netflow 分析器方面。

请确认 PRTG 确实支持 netflow lite。我目前在 paessler.com 上可以找到的理解是不直接支持 netflow lite,最终,您可能需要使用某种中间服务(例如http://www. ntop.org/products/netflow/nprobe/netflow-lite-plugin/

使用https://www.paessler.com/tools/netflowtester上的工具之一可能有助于分析。

还有一件事:

我建议不要将至少三个相关的配置项命名为“toPRTG”,而是使用如下所述的配置样式。它有助于跟踪什么是什么,并跟踪所有需要的配置位。简而言之,它有助于理解配置概念。我们在较大的多租户 QoS 配置(我们手动维护)中使用类似的配置样式,因此我们可以跟踪每个租户的类映射和策略映射、与之配套的 ACL 等。一般来说,我们放置一个那里的前缀描述了它是什么类型的配置项,客户的名称和名称本身。这可能看起来像这样:PM_QUE_CUST01_WANPOLICY01 或 CM_QOS_CUST04_REALTIME-TRAFFIC。

所以这是我对 netflow 配置的建议:

flow record NFREC_MYRECORD1
 match ...
 collect ...  
!
!
flow exporter NFEXP_MYEXPORT1
 destination 172.18.145.xxx
 transport udp 9995
!
!
flow monitor NFMON_MYMONITOR1
 exporter NFEXP_MYEXPORT1
 cache timeout active 15000
 record NFREC_MYRECORD1
!
!
sampler NFSMP_MYSAMPLER1
 mode ...
!
!
interface GigabitEthernety/0/yy
 ...
 ip flow monitor NFMON_MYMONITOR1 sampler NFSMP_MYSAMPLER1 input
 ...
其它你可能感兴趣的问题
上一篇UDP 会话和临时端口选择 下一篇如何识别 100% eapol 数据包?