Hi,no, there is no network

Benjamin Lehner · ‎05-28-2014

Hello Community,

I want to use netflow on our l3 switches. But my configurations dont work.

What is my mistake?

Modell: WS-C3560X-48P

Software Version: 15.0(1)SE3

My Config:

interface vlan 250

ip flow monitor Monitor-FNF input
ip flow monitor Monitor-FNF output

flow record Record-FNF
description Flexible NetFlow with NBAR Flow Record
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect routing next-hop address ipv4
collect transport tcp flags
collect interface output
collect counter bytes
collect counter packets

flow exporter Export-FNF
description DescriptionTEXT
destination [NetFlow collector IP address]
source vlan50
transport udp 9001
export-protocol netflow-v9

flow monitor Monitor-FNF
description FNF/NBAR Application Traffic Analysis
record Record-FNF
exporter Export-FNF
cache timeout active 60
cache timeout inactive 10

schaef350 · ‎06-02-2014

Silly question but do you have a network services module installed?

From the documentation: "Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image."

It actually also mentions: "NetFlow analysis is performed on traffic crossing the physical interfaces on the network services module."

Sourced from here: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html

- Be sure to rate all helpful posts

Benjamin Lehner · ‎06-03-2014

Hi,

no, there is no network services module installed.

I tried to configure netflow with classic syntax and it also dont work

ip flow-cache timeout active 5
ip flow-export source Vlan50
ip flow-export version 9
ip flow-export destination [ip] [port]

interface vlan 250
ip flow ingress

Is it possibly to configure netflow for vlan interfaces?

If not: How could I collect netflow data on Switches?

Marvin Rhoads · ‎06-03-2014

Most Cisco switches have either poor or no Netflow support. The newer 2900 series models and 3650/3850 are adding in some better support due to the type of ASICs they use but the preferred platform for Netflow is either a router, an ASA or a high-end switch such as a 6500 series.

As the earlier poster indicated, the 3750-X and 3560-X require the Service module to export Netflow records at all.

Benjamin Lehner · ‎06-03-2014

Ok, thank you

I thought if a command is possible to enter in the config - it is supported... :-/

So, general question: do you know another possibilities to monitore traffic on switches? (I cannot use mirror ports)

Marvin Rhoads · ‎06-03-2014

We typically monitor interface utilization as necessary (for instance certain server ports, uplinks between access and core/distribution layers, WAN links, etc.) on a switch using any general purpose SNMP management tool (CACTI open source, What's Up Gold, SolarWinds NPM, Cisco Prime Infrastructure etc.). ifInOctets and ifOutOctets are the most commonly used statistics.

Mostly we don't look at individual user ports across an enterprise because it's too much data for most organizations to use effectively.

Interface monitoring doesn't give you the level of visibility that Netflow does but there are usually places in the network where we can instrument Netflow and extract useful information from there.

schaef350 · ‎06-03-2014

If you would really like to see flow data you could mirror the switchport to a third party netflow probe. NTOP offers something for this and its open source. Check it out here: http://www.ntop.org/products/nprobe

- Be sure to rate all helpful posts

How to: Netflow on a L3 Switch WS-C3560X-48P