Showing results for 
Search instead for 
Did you mean: 

Stealthwatch Flows

Level 1
Level 1

does anyone have experience with this or can perhaps guide me on this question


If i have a Distribution device with 100 Edge device hanging off the Distribution all L3 and i want to enable Netflow to export flows to the collector.


Isn't the distribution the only place that i should configure the exporter to see all this traffic from the edge's


what benefit do i get configuring it on all the edge devices and the distribution. I would see the same flow s? Plus i would use up Flow licenses.



1 Reply 1

Cisco Employee
Cisco Employee

Hi -

As is usual with IT questions the answer starts with 'It Depends'.  For instance if you want to be able to catch traffic that may be moving between 2 devices connected to the same Access Switch, you would of course have to find a way to consume that telemetry...either Netflow or SPAN.  However if in your environment intra-switch lateral traffic like that is not allowed then it sounds like your capture at the Distro Switch is sufficient for your environment.  
If you are using the SNA (Stealthwatch Enterprise) product then you do want to be smart about consuming your flow licenses, which it sounds like you are.  If you are using SCA (Secure Cloud) licensing is done differently - I couldn't tell because you tagged both in your question. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: