Can I use the 1GB interfaces for flexible netflow on a 3750x with a C3KX-SM-10G module?

bojarskic · ‎06-12-2015

I've been unable to get netflow working on a Cisco 3750x with a C3KX-SM-10G module. I went over the configurations with Cisco TAC and we verified they are correct. However, Cisco states that I have to use the tenGigabitEthernet interfaces. Problem is that we are all still running 1GB.

Is there a way to get this to work with gi1/1/2 and gi1/1/4 instead of using te1/1/1 and te1/1/2?

Here are my configs:

flow record NetFlow
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect interface input snmp
collect interface output snmp
collect counter bytes
collect counter packets
!
!
flow exporter Netflow-to-Cascade
destination 167.155.16.186
source Vlan1128
transport udp 2055
!
!
flow monitor NetFlow
record NetFlow
exporter Netflow-to-Cascade
cache timeout inactive 10
cache timeout active 5
!

interface GigabitEthernet1/1/2
description Connection to genn2blab-l2s05 gi1/0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1128,1130
switchport mode trunk
switchport nonegotiate
ip flow ingress
ip flow monitor NetFlow layer2-switched input
ip flow monitor NetFlow layer2-switched output

Marvin Rhoads · ‎06-12-2015

The TAC engineer's assertion that you need to use the 10 Gbps interfaces matches what I learned in the partner product training.

In general, I've been very disillusioned with getting any useful Netflow out of access layer switches. There are so many caveats and variations of what each platform can do, it's very difficult to deploy in most environments.

I tell folks to use a core switch like a 6k or Nexus in the campus or a WAN router. There is the NGA from Cisco and things like Lancope's dedicated probe that can be helpful in some use cases as well.