Netflow export using SVI for multiple vlans across trunk uplink
We are pulling together a solution for a customer where we are looking at procuring a pair Cisco 4510RE with Sup 7E and 5 wire rate line cards. Each line card in the chassis will be a unique vlan with SVI configured. We intend to trunk the 5 vlans via the 10gb interfaces on the Sup to a pair of Juniper ISG2000 firewalls in Master/Slave mode, where each vlan will have its own layer 3 subinterface configured.
Each of the attached servers in all vlans will have their gateways configured on their respective ISG2000 subint, not on the 4510 switch.
The questions I have are:
1) We need to enable netflow so as to see the inter-vlan traffic. As the only L3 IP associated with each vlan is their SVI, can this be used as the required L3 interface for Network monitoring ?
2) Do we have to enable IP Routing on the 4510 to allow the above to work.
3) If we do this, when server A in vlan 10 wants to talk to server A in vlan 20, will the 4510 PFC identify this as being a directly connected network and switch the traffic via its own switch fabric, and thus bypass the firewall gateway altogether ?
If what I descibe in 3 above were to happen, we would have to abandon this design and look at possibly using 3750x with network service modules for netflow.
Any assistance or thoughts would be greatly appreciated guys.
Help us make the Cisco smart building solutions more useful for your industry.
Let us know how important these solutions are to your company by answering this short 4-question survey (your responses will remain completely anonymous).
Please take a minute...
Introduction to Routing ProtocolsStatic vs DynamicDistance Vector vs Link StateRoute Selection AlgorithmSingle Routing Protocol OnlyOpen Shortest Path First (OSPF)AreasRoute ConvergencePath SelectionMetric CalculationCharacteristicsEnhanced Interior Gatew...
Cisco DNA Center version 2.2.2.x includes the features and improvements that
New intelligence provides an easy, gradual, and complete adoption of SD-Access. Faster Cisco DNA Center set-up saves time and effort.
When using Cisco cellular modules with a SIM card an APN must be provided. The APN cannot be stored in the SIM card and is supplied by your SIM card provider. Cisco cellular software contains a database of well-known APNs based on the country and ...
Cisco 3850: IOS-XE/Firmware Upgrade
This procedure is aimed at Cisco 3850 switch ONLY.
IOS-XE Bundle Mode is not covered.
9300, 9500 (vanilla & high-performance), ISR 1k, ISR 4k and ASR is not covered.