[c-nsp] asr1001x nat logging
dmitry at zhigulinet.ru
dmitry at zhigulinet.ru
Thu Dec 10 04:25:03 EST 2015
Hello, Nick.
I have problem only nat logging - netflow v9, netflow v5 working.
I not see information about nat logging with command - show flow
Router#show flow monitor flow_v5 statistics
Cache type: Normal (Platform cache)
Cache size: 200000
Current entries: 0
High Watermark: 525
Flows added: 4409
Flows aged: 4409
- Active timeout ( 1000 secs) 4
- Inactive timeout ( 10 secs) 4405
Router#sho flo
Router#sho flow ?
exporter Flow Exporter information
interface Flow interface information
internal Show the flow fields
monitor Flow Monitor information
record Show Flow Record configuration
Вы писали 10 декабря 2015 г., 12:29:23:
> Sorry that should read:
> Show flow monitor exporter statistics
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Cutting
> Sent: 10 December 2015 08:17
> To: dmitry at zhigulinet.ru; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] asr1001x nat logging
> You need to use the show commands to see if the ASR thinks the traffic is leaving:
> What is the output of show flow exporter?
> I always find it's something like "SE linux" on the collector, and
> this stops you from seeing it in tcpdump.
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of dmitry at zhigulinet.ru
> Sent: 10 December 2015 08:06
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] asr1001x nat logging
> Hello, Cisco-nsp..
> On my cisco asr1001x not work nat logging.
> What could be the problem?
> Netflow v5 work.
> I do not see traffic on collector with tcpdump.
> I tryning soft:
> System image file is
> "bootflash:/asr1001x-universalk9.03.12.01.S.154-2.S1-std.SPA.bin"
> System image file is
> "bootflash:/asr1001x-universalk9.03.15.00.S.155-2.S-std.SPA.bin"
> interface TenGigabitEthernet0/0/0
> description Downlink-to-X670
> ip address 10.254.253.18 255.255.255.252 no ip redirects no ip
> unreachables ip nat inside ip flow monitor flow_v5 input ip flow
> monitor flow_v5 output service-policy type control CTRL-IPOE ip subscriber routed
> initiator unclassified ip-address
> end
> ip nat settings mode cgn
> no ip nat settings support mapping outside ip nat settings pap
> limit 60 ip nat log translations flow-export v9 udp destination
> 10.0.0.122 9995 source TenGigabitEthernet0/0/0 ip nat log
> translations flow-export v9 vrf 0 on ip nat translation timeout 300
> ip nat translation tcp-timeout 1800 ip nat translation pptp-timeout
> 1800 ip nat translation udp-timeout 60 ip nat translation
> finrst-timeout 10 ip nat translation syn-timeout 10 ip nat
> translation dns-timeout 10 ip nat translation icmp-timeout 10 ip nat
> translation port-timeout tcp 80 360 ip nat translation port-timeout
> tcp 8080 360 ip nat translation port-timeout tcp 1600 180 ip nat
> translation port-timeout tcp 110 180 ip nat translation port-timeout
> tcp 25 180 ip nat translation max-entries all-host 2000 ip nat pool
> NAT_POOL_18.19.142 18.19.142.0 18.19.142.254 netmask 255.255.255.0
> ip nat inside source list ACL_NAT_18.19.142 pool NAT_POOL_18.19.142 overload
> flow exporter carbon4_v5
> destination 172.1.1.2
> transport udp 9996
> export-protocol netflow-v5
> !
> !
> flow monitor flow_v5
> exporter carbon4_v5
> cache timeout inactive 10
> cache timeout active 1000
> record netflow-original
> --
> С уважением,
> Dmitry mailto:dmitry at zhigulinet.ru
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
С уважением,
Dmitry mailto:dmitry at zhigulinet.ru
More information about the cisco-nsp
mailing list