Showing results for 
Search instead for 
Did you mean: 

Netflow with Cisco 6500 and Scrutinizer



I have a L3 6500 Switch where i wanna enable Netflow Exporter to see reports in Scrutinizer.

I did config below without success:

flow record FLOW-RECORD-1

match interface input

flow exporter Scrutinizer

description Exports to Scrutinizer


source Loopback2

transport udp 2055

template data timeout 60

flow monitor netflow-original

description This flow monitor uses the NetFlow original record and exports to S


exporter Scrutinizer

cache timeout active 60

record platform-original ipv4 full

interface Loopback2

ip address

ip flow monitor netflow-original input

ip flow monitor netflow-original output

interface Vlan3

description BRQOC-LSR0-V# (Alice)

ip address secondary

ip address

no ip redirects

ip wccp 61 redirect in

ip flow monitor netflow-original input

ip flow monitor netflow-original output

BRQOC-LSR0#sh flow exporter stat

Flow Exporter Scrutinizer:

  Packet send statistics (last cleared 9w6d ago):

    Successfully sent:         40611561              (54983985388 bytes)

  Client send statistics:

    Client: Flow Monitor netflow-original

      Records added:           1428793161

        - sent:                1428793152

      Bytes added:             52865346957

        - sent:                52865346624

Any help will be appreciated!



7 Replies 7

Chris McGarrah

Looks like flows are being sent.  Can you run Wireshark on your Scrutinizer box and see if the netflow traffic is making it there ?

Perfect Chris! I ran Wireshark and the CFLOW protocol is in place. Maybe i have some problems with Scrutinizer config .. I will made a test pointing the flow to Whatsup Gold.

After that i will post the result!

Thank you very much!!


As i have mention in previous message, i have CFLOW protocol in Wireshark, but Scrutinizer does not give me reports. I made contact with their Technical Support and they said Scrutinizer configuration is ok. Is that possible my 6509 is sending CFLOW without a correct config?

I still suspect something on the Scrutinizer server side.  Is there a local firewall configured that would prevent the flows from going further than the interface ?

You could also try configuring the 6500 with traditional netflow config as shown on the left side in this example:

This is a little bit simpler config and should give you the same information since you are only using netflow original records in your flexible netflow config?

Out of curiosity, what code level are you running on your 6500 ?


I reviewed all my configuration and switch protocol from CFLOW v9 to CFLOW v5. Now it is working!

I want Netflow to have a better troubleshooting of my LAN so i applied it in all VLANs. But just for outside traffic. Do you think i should enable for incoming traffic too?

Generally I would apply it in single direction (ingress in my production network) on all L3 interfaces including SVIs.

So if it is P2P link then one device ingress mean other device egress traffic.

If you enable it in both directions, it will work, but due to double counting (send more flows for same traffic) depend on how you configure it throughout your network.



**** Pls rate all useful responses ****


Perfect Rasika!

Thank you very much!

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers