Hello all,

I have the following problem:

our 3LS is a 3560G switch on which I cannot enable netflow. In order to be able to monitor traffic, I have connected a 2811 router onto the network with two fastethernet connections (one to be used for mgmt and as the flow export source, and the other to gather traffic from the 3LS).

On the 3LS I have created the corresponding monitor sessions. The weird thing is that on the interface of the 3LS connecting to the "netflow router" I can see output traffic, but there is no input on the interface of the "netflow router".

Below is part of the configuration:

on 3LS

monitor session 1 source interface Gi0/40

monitor session 1 destination interface Gi0/4

(gi0/40 is L2, so I also tried with a VLAN as source, to see if there is any difference when using L3)

on "Netflow Router"

interface FastEthernet0/0
 description SPAN PORT FROM 3LS
 ip address 192.168.200.200 255.255.255.0
 ip accounting output-packets
 ip nbar protocol-discovery
 ip route-cache flow
 duplex auto
 speed auto
!         
interface FastEthernet0/1
 description MGMT
 ip address 192.168.100.200 255.255.255.0
 ip nbar protocol-discovery
 ip route-cache flow
 duplex auto
 speed auto

ip flow-export source FastEthernet0/1
ip flow-export version 5
ip flow-export destination 192.168.100.105 9996
ip flow-aggregation cache protocol-port

The Network Analyzer shows traffic for fa0/1 (mgmt interface), but there is no traffic related to the SPAN.

When I span the port to my own PC, I can see the intended traffic with wireshark. 

Any help will be highly appreciated!

Kind Regards,
Katerina