https://community.cisco.com/t5/security-analytics/stealthwatch-flows/m-p/4731027#M893 <P>Hi -</P> <P>As is usual with IT questions the answer starts with 'It Depends'.&nbsp; For instance if you want to be able to catch traffic that may be moving between 2 devices connected to the same Access Switch, you would of course have to find a way to consume that telemetry...either Netflow or SPAN.&nbsp; However if in your environment intra-switch lateral traffic like that is not allowed then it sounds like your capture at the Distro Switch is sufficient for your environment.&nbsp;&nbsp;<BR />If you are using the SNA (Stealthwatch Enterprise) product then you do want to be smart about consuming your flow licenses, which it sounds like you are.&nbsp; If you are using SCA (Secure Cloud) licensing is done differently - I couldn't tell because you tagged both in your question.&nbsp;</P> Thu, 01 Dec 2022 15:44:04 GMT rocedar 2022-12-01T15:44:04Z https://community.cisco.com/t5/security-analytics/stealthwatch-flows/m-p/4600465#M785 <P>does anyone have experience with this or can perhaps guide me on this question</P><P>&nbsp;</P><P>If i have a Distribution device with 100 Edge device hanging off the Distribution all L3 and i want to enable Netflow to export flows to the collector.</P><P>&nbsp;</P><P>Isn't the distribution the only place that i should configure the exporter to see all this traffic from the edge's</P><P>&nbsp;</P><P>what benefit do i get configuring it on all the edge devices and the distribution. I would see the same flow s? Plus i would use up Flow licenses.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 27 Apr 2022 02:46:48 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-flows/m-p/4600465#M785 x00008037 2022-04-27T02:46:48Z https://community.cisco.com/t5/security-analytics/stealthwatch-flows/m-p/4731027#M893 <P>Hi -</P> <P>As is usual with IT questions the answer starts with 'It Depends'.&nbsp; For instance if you want to be able to catch traffic that may be moving between 2 devices connected to the same Access Switch, you would of course have to find a way to consume that telemetry...either Netflow or SPAN.&nbsp; However if in your environment intra-switch lateral traffic like that is not allowed then it sounds like your capture at the Distro Switch is sufficient for your environment.&nbsp;&nbsp;<BR />If you are using the SNA (Stealthwatch Enterprise) product then you do want to be smart about consuming your flow licenses, which it sounds like you are.&nbsp; If you are using SCA (Secure Cloud) licensing is done differently - I couldn't tell because you tagged both in your question.&nbsp;</P> Thu, 01 Dec 2022 15:44:04 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-flows/m-p/4731027#M893 rocedar 2022-12-01T15:44:04Z