Implementing Netflow on Core Switch (6500)

john.gregory · ‎11-30-2019

I have a scenario where in the Core Switch (6500) is running only as Layer 2. And this switch is connected to a Firewall via trunk links. Behind the core switch is access switches on where the user and server farm is connected. The server's/user's gateway is the firewall.

I want to implement netflow at the core but the flow monitor command is not supported on the trunk ports. The core switch only has one SVI, which is only meant for management traffic (like ssh, tacacs, snmp, ntp). Whats the other way to implement netflow on the Core so it capture all user and server traffics.

balaji.bandi · ‎11-30-2019

Personally I don't believe you able to achieve what you looking to do over L2, what kind of FW you have If this is ASA you can able to achieve, or any other FW if this is next-generation one you should able to use Netflow feature.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kyoshiik · ‎12-02-2019

ASA Configuration sample for NSEL:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/monitor-nsel.html

FTD Configuration sample for NSEL:

https://community.cisco.com/t5/security-documents/configuring-nsel-netflow-on-cisco-firepower-threat-defense-ftd/ta-p/3646300