No data in NFA from Cisco Meraki MX or Z1 devices

Article Id: 37988
Status: Published
Updated On: 14-02-2018 06:36
Legacy Id: TEC1802248
Products:
CA Network Flow Analysis (NetQos / NFA)
Issue/Introduction:

Problem: 

Cisco Meraki MX and Z1 devices are discovered by NFA, but do not report any NetFlow data.  

 

Cause:

The NetFlow exported by the Cisco Meraki device does not include all of the necessary fields for reporting in NFA.  Below are the required fields for NetFlow data to be displayed in NFA:

1 - IN_BYTES or 85 – IN_PERMANENT_BYTES
4 - PROTOCOL
7 - L4_SRC_PORT
8 - IPV4_SRC_ADDR
10 - INPUT_SNMP
11 - L4_DST_PORT
12 - IPV4_DST_ADDR
14 - OUTPUT_SNMP

 

Analysis of a packet capture shows that the NetFlow template exported by the device is missing the INPUT_SNMP and OUTPUT_SNMP fields:

 

<Please see attached file for image>

template.jpg

Resolution:

As of this date (9-Feb-2016), the Cisco Meraki documentation on NetFlow states:

"Support for exporting an SNMP ingress or egress interface index via NetFlow is available in beta. Please contact Cisco Meraki support if you wish to receive the update."  

 

Additional Information:

https://documentation.meraki.com/MX-Z/Monitoring_and_Reporting/NetFlow_Overview

TEC597610

Environment:

Release: RAIB1H99000-9.3-Network Flow Analysis-Interface Bundle-Hardware
Component:

insert_drive_file 1558723788560000037988_sktwi1f5rjvs16x06.jpeg
arrow_downward Download