Cisco催化剂2960 X上的Netflow没有向PRTG发送数据

Question

我正在使用2个Cisco催化剂2960 X作为一个堆叠开关，并且我试图用PRTG作为网络监视器在它们上设置Netflow，但似乎我被困在了某个地方，下面是我正在使用的配置：

flow record toPRTG
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input
!
!
flow record toPRTG1
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
!
!
flow exporter toPRTG
destination 172.18.145.xxx
transport udp 9995
!
!
flow monitor toPRTG
exporter toPRTG
cache timeout active 15000
record toPRTG
!
!
sampler toPRTG
mode random 1 out-of 32
!
!
interface GigabitEthernet2/0/10
switchport access vlan xxx
switchport mode access
ip flow monitor toPRTG sampler toPRTG input
spanning-tree portfast
!
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995

以及PRTG上的设置

PRTG设置1 PRTG设置2

我可以看到流导出程序正在发送数据，但是PRTG在我配置的UDP端口上没有接收到任何东西。有一个防火墙之间的两个设备，但我已经允许流量通过。此外，在PRTG上没有防火墙。

LBN-STACK-SW#show flow exporter statistics
Flow Exporter toPRTG:
Packet send statistics (last cleared 2d00h ago):
Successfully sent: 6489 (4907448 bytes)
Client send statistics:
Client: Flow Monitor toPRTG
Records added: 195422
- sent: 195422
Bytes added: 3126752
- sent: 3126752

我能知道我可能配置错了什么吗？提前谢谢。

编辑:添加更多信息

Flow Exporter toPRTG:
  Description:              User defined
  Export protocol:          NetFlow Version 9
  Transport Configuration:
    Destination IP address: 172.18.145.203
    Source IP address:      172.18.148.13
    Source Interface:       Vlan148
    Transport Protocol:     UDP
    Destination Port:       9995
    Source Port:            49334
    DSCP:                   0x0
    TTL:                    255
    Output Features:        Not Used

interface Vlan148
 ip address 172.18.148.13 255.255.255.240

编辑:完整配置

Building configuration...

Current configuration : 8535 bytes
!
! Last configuration change at 03:21:14 UTC Tue Aug 15 2017 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LBN-STACK-SW
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
switch 2 provision ws-c2960x-24ts-l
ip routing
!
!

vtp mode transparent
!
!
!
!
!
!
!
flow record toPRTG
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect interface input
!
!
flow record toPRTG1
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
!
!
flow exporter toPRTG
 destination 172.18.145.xxx
 source Vlan148
 transport udp 9995
!
!
flow monitor toPRTG
 exporter toPRTG
 cache timeout active 15000
 record toPRTG
!
!
sampler toPRTG
 mode random 1 out-of 32
!
!
crypto pki trustpoint TP-self-signed-3314246400
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3314246400
 revocation-check none
 rsakeypair TP-self-signed-3314246400
!
!
crypto pki certificate chain TP-self-signed-3314246400
 certificate self-signed 01
xxxx
        quit
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
!
!
!
!
vlan internal allocation policy ascending
!
vlan 144
 name xxxx
!
vlan 145
 name xxxx
!
vlan 146
 name xxxx
!
vlan 147
 name xxxx
!
vlan 148
 name Mgnt-vlan
!
vlan 150
 name xxxx
!
vlan 155
 name xxxx
!
vlan 1441
 name xxxx
!
vlan 1442
 name xxxx
!
vlan 1443
 name xxxx
!
vlan 1447
 name xxxx
!
vlan 1451
 name xxxx
!
vlan 1452
 name xxxx
!
vlan 1453
 name xxxx
!
vlan 1488
 name xxxx
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description to-LBN-ACC-01
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel2
 description to-LBN-ACC-02
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel3
 description to-LBN-ACC-03
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface Port-channel4
 description to-WLC
 switchport mode trunk
!
interface Port-channel5
 description to-LBN-ACC-04
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
 switchport access vlan 1451
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 5 mode active
!
interface GigabitEthernet1/0/20
 switchport trunk allowed vlan 144-146,148,150,155,1441-1443,1447,1451-1453
 switchport trunk allowed vlan add 1488
 switchport mode trunk
!
interface GigabitEthernet1/0/21
 switchport mode trunk
 channel-protocol lacp
 channel-group 4 mode active
!
interface GigabitEthernet1/0/22
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet1/0/23
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet1/0/24
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 3 mode active
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
 switchport mode access
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
 switchport access vlan 147
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/10
 switchport access vlan 148
 switchport mode access
 ip flow monitor toPRTG sampler toPRTG input
 spanning-tree portfast
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
 description to-Fortinet-Port3
 switchport access vlan 148
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
 description to-WLC-port10
 switchport mode trunk
 channel-protocol lacp
 channel-group 4 mode active
!
interface GigabitEthernet2/0/22
 description to-access-sw01-port-50
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet2/0/23
 description to-access-sw02-port-50
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active
!
interface GigabitEthernet2/0/24
 description to-access-sw03-port-48
 switchport trunk allowed vlan 144-148,150,1441-1443,1451-1453
 switchport mode trunk
 channel-protocol lacp
 channel-group 3 mode active
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan145
 no ip address
!
interface Vlan148
 ip address 172.18.148.xx 255.255.255.240
!
interface Vlan1441
 no ip address
!
interface Vlan1442
 no ip address
!
interface Vlan1443
 no ip address
!
interface Vlan1451
 no ip address
!
interface Vlan1452
 no ip address
!
ip default-gateway 172.18.148.xx
ip http server
ip http secure-server
ip flow-export version 9
ip flow-export destination 172.18.145.xxx 9995
!
ip route 0.0.0.0 0.0.0.0 172.18.148.xx
ip ssh version 2
!
!
snmp-server community xxxx RO
!
!
line con 0
line vty 0 4
 login local
 transport input ssh
line vty 5 15
 login
!
end

Answer 1

Cataly2960-X支持所谓的netflow lite，而不是完整的netflow，为此，它至少需要LANBASE许可证。参见https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-2_2_E/fnf/配置_指南/b_fnf_1522 e_2960 x_cg/b_fnf_32se_三八五零_卡介苗_第二章_010.html上的“先决条件”(可公开获得的思科文档)。

请参阅show version或show license的输出，以检查给定的2960-X上的许可证。我们已经看到了这样的情况: Lan Lite开关在不返回错误的情况下会接受不受支持的特性的命令--而且这个特性将无法工作。

话虽如此，我看不出配置中的错误可能在哪里--我们有

a) a flow record
b) a flow exporter 
c) a flow monitor making use of a) and b)  
d) a flow sampler  
e) and finally an interface config making use of c) and d).

..。这就是配置指南的建议。我怀疑问题出在网络流量分析器那一边。

请验证PRTG实际上支持netflow lite。我目前在paessler.com上的理解是，netflow lite不受直接支持，最终您可能需要使用某种迭代服务(如http://www.ntop.org/products/netflow/nprobe/netflow-lite-plugin/)将netflow lite转换为经典的netflow。

在https://www.paessler.com/tools/netflowtester使用其中一个工具可能有助于进行分析。

还有一件事：

与其将至少三个相关的配置项命名为"toPRTG"，我建议使用下面概述的配置样式。它有助于跟踪什么是什么，并跟踪所有需要的配置位。简而言之，它有助于理解配置概念。我们在更大的多租户QoS配置中使用类似的配置样式(手动维护)，这样我们就可以跟踪每个租户类映射和策略映射，以及与其一起的ACL等。通常，我们在其中添加一个前缀，描述它是什么样的配置项、客户的名称和名称本身。这可能是这样的: PM_QUE_CUST01_WANPOLICY01或CM_QOS_CUST04 04_实时流量。

下面是我对netflow配置的建议：

flow record NFREC_MYRECORD1
 match ...
 collect ...  
!
!
flow exporter NFEXP_MYEXPORT1
 destination 172.18.145.xxx
 transport udp 9995
!
!
flow monitor NFMON_MYMONITOR1
 exporter NFEXP_MYEXPORT1
 cache timeout active 15000
 record NFREC_MYRECORD1
!
!
sampler NFSMP_MYSAMPLER1
 mode ...
!
!
interface GigabitEthernety/0/yy
 ...
 ip flow monitor NFMON_MYMONITOR1 sampler NFSMP_MYSAMPLER1 input
 ...