Cisco 3850/IP Base/IOS XE 3.7.2
我正在查看我的 NetFlow 数据,看起来我只是在捕捉流入,而不是流出。我已经有了输入/输出记录和监视器,使用相同的导出器连接到监控套件中的一个传感器。我在监控软件上设置了另一个传感器,使用下一个数字端口。它按预期工作了大约 5 分钟,然后停止传输。
我在这里错过了什么?In 导出器使用 2055,Out 使用 2056。这样做是为了允许软件中的单独传感器。它确实工作了几分钟,然后它退出了。似乎肯定有变化,因为仍在工作的 NetFlow 传感器显示流量大大减少。
flow record Ripon-Core-In
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect counter bytes long
collect counter packets long
!
!
flow record Ripon-Core-Out
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface output
collect counter bytes long
collect counter packets long
!
!
flow exporter Ripon-Core
destination 10.2.225.65
source Vlan110
transport udp 2055
!
!
flow exporter Ripon-Core-Out
destination 10.2.225.65
source Vlan110
transport udp 2056
!
!
flow monitor Ripon-Core-In
exporter Ripon-Core
cache timeout active 900
record Ripon-Core-In
!
!
flow monitor Ripon-Core-Out
exporter Ripon-Core-Out
cache timeout active 900
record Ripon-Core-Out
sho flow exporter status:
Flow Exporter Ripon-Core:
Packet send statistics (last cleared 2w2d ago):
Successfully sent: 2666339 (3097186452 bytes)
Client send statistics:
Client: Flow Monitor Ripon-Core-In
Records added: 41619483
- sent: 41619483
Bytes added: 1415062422
- sent: 1415062422
Flow Exporter Ripon-Core-Out:
Packet send statistics (last cleared 00:48:04 ago):
Successfully sent: 60 (70098 bytes)
Client send statistics:
Client: Flow Monitor Ripon-Core-Out
Records added: 1893
- sent: 1893
Bytes added: 64362
- sent: 64362
以及应用它的端口:
interface TenGigabitEthernet1/0/12
switchport access vlan 110
switchport mode access
ip flow monitor Ripon-Core-In input
ip flow monitor Ripon-Core-Out output`