CatCenter not displaying NETFLOW data from licensed 9500

mark-wise · ‎09-15-2025

I am trying to get the NETFLOW data from our 9500 Catalyst switches into CatCenter. Switches are running version 17.9.5

We have tried using the workflow "Enable Application Telemetry" but that is not showing as an available option. This is an example of the configuration on one of the switches:

avc sd-service
segment AppRecognition
controller
address xx.xx.xx.xx
destination-ports sensor-exporter 9995
dscp 16
source-interface Vlan10
transport application-updates https
!
!
!
flow record dnacrecord-IN
match flow direction
match ipv4 source address
match interface input
match ipv4 destination address
match ipv4 protocol
collect counter packets long
collect counter bytes long
collect timestamp absolute last
collect transport tcp flags
!
!
flow record dnacrecord-OUT
match flow direction
match interface output
match ipv4 source address
match ipv4 destination address
match ipv4 protocol
collect counter packets long
collect counter bytes long
collect timestamp absolute last
collect transport tcp flags
!
!
flow exporter dnac-export
destination xx.xx.xx.xx
source Vlan10
export-protocol netflow-v9
option application-attributes
!
!
flow monitor dna-monitor-IN
exporter dnac-export
record dnacrecord-IN
!
!
flow monitor dna-monitor-OUT
exporter dnac-export
record dnacrecord-OUT
!

then the monitors are applied to the interfaces:

interface TwentyFiveGigE1/0/1
ip flow monitor dna-monitor-IN input
ip flow monitor dna-monitor-OUT output
service-policy input SP-SERVICES

balaji.bandi · ‎09-16-2025

High level config looks ok, my working config as below :

https://www.balajibandi.com/?p=1383

from VLAN 10 you able to reach Cat Centre ? what config VLAN 10 have ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mark-wise · ‎09-16-2025

yes, CatCenter is reachable from the vlan. This is the management vlan and is successfully sending snmp data. Firewall logs confirm the flow data is being sent from switch and reaching CatCenter.

balaji.bandi · ‎09-16-2025

Then you need to verify some of the config and troubleshoot below guides can help you :

https://www.ciscolive.com/c/dam/r/ciscolive/apjc/docs/2023/pdf/BRKEMT-2397.pdf

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/218311-configure-and-verify-netflow-avc-and-e.html

https://community.cisco.com/t5/cisco-catalyst-center/catalyst-center-netflow/td-p/5128149

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/catalyst-center/2-3-7/user_guide/b_cisco_catalyst_center_user_guide_237/b_cisco_dna_center_ug_2_3_7_chapter_01010.html#:~:text=The%20NetFlow%20configurat....

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Torbjørn · ‎09-16-2025

When you say that enable application telemetry is not available, is the field greyed out?

I agree with @balaji.bandi, your config looks correct. What output does "show flow monitor" give you?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

mark-wise · ‎09-16-2025

yes, it is grayed out. Even trying the Update Telemetry Settings workflow returns a "no configuration generated" message.

switch#sh flow monitor
Flow Monitor dna-monitor-IN:
Description: User defined
Flow Record: dnacrecord-IN
Flow Exporter: dnac-export
Cache:
Type: normal (Platform cache)
Status: allocated
Size: 10000 entries
Inactive Timeout: 15 secs
Active Timeout: 1800 secs

Flow Monitor dna-monitor-OUT:
Description: User defined
Flow Record: dnacrecord-OUT
Flow Exporter: dnac-export
Cache:
Type: normal (Platform cache)
Status: allocated
Size: 10000 entries
Inactive Timeout: 15 secs
Active Timeout: 1800 secs

Torbjørn · ‎09-16-2025

Have you tried selecting "force update" when running "Update Telemetry"? It usually does the trick in my experience

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

brmchenr · ‎09-16-2025

Check your DNA License on the device and ensure it is Adv and not Essentials...

mark-wise · ‎09-16-2025

switch#sh license usage
License Authorization:
Status: Not Applicable

network-advantage (C9500 Network Advantage):
Description: C9500 Network Advantage
Count: 2
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: network-advantage
Feature Description: C9500 Network Advantage
Enforcement type: NOT ENFORCED
License type: Perpetual

dna-advantage (C9500 48Y4C DNA Advantage):
Description: C9500-48Y4C DNA Advantage
Count: 2
Version: 1.0
Status: IN USE
Export status: NOT RESTRICTED
Feature Name: dna-advantage
Feature Description: C9500-48Y4C DNA Advantage
Enforcement type: NOT ENFORCED
License type: Subscription

these are still running on original license from purchase...(1yr,1 month remaining )

brmchenr · ‎09-16-2025

Oh I missed that this is a 9500, my eyes were reading 9300 my bad. I believe this is expected on this 9500 model, see the Admin Guide on Monitor Application Health to confirm. I don't think this has ever been supported on the C9500-48Y4C.

mark-wise · ‎09-16-2025

from the documents I'm seeing, this "should" be supported.

Cisco Catalyst 9500 Series Switches Data Sheet - Cisco

Network Management Configuration Guide, Cisco IOS XE Cupertino 17.9.x (Catalyst 9500 Switches) - Configuring Flexible NetFlow [Cisco Catalyst 9500 Series Switches] - Cisco

brmchenr · ‎09-16-2025

I am speaking from the automation perspective on Cat Center, not from an IOS-XE perspective.

Torbjørn · ‎09-16-2025

That is interesting! I have installed quite a few 9500s without realising this... Is there any reason for it not being supported? @brmchenr

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev