Source from vlan 1 in your config will do it

Hi Mark,

Thanks for your reply.

So if i am using source vlan1 in flow exporter, it means that I have already used interface vlan1 with ip address 10.100.1.230 for flow exporter. Is it correct?

Regards,

Jennifer

Hi yes exactly heres one of mine flexible netflow running  with source set in exporter , if you have already set it to use the vlan in export theres no requirement to set it in flow monitor too, your flow monitor name will also need to be attached to vlan 1 interface in and out

flow record FLOW-RECORD
 description record to monitor network traffic
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 match interface input
 match interface output
 collect routing source as
 collect routing destination as
 collect routing next-hop address ipv4
 collect transport tcp flags
 collect counter bytes
 collect counter packets
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter NetQos
 description export Netflow traffic to HQ
 destination 172.x.x.x
 source Vlan1222
 template data timeout 300
 option interface-table timeout 1000
 option exporter-stats timeout 1000
!
!
flow monitor xxxxxx
 description Used for ipv4 traffic analysis (Mapped To FLOW-RECORD)
 record FLOW-RECORD
 exporter NetQos
 statistics packet protocol

Mark,

We are using a 2960 also and have Vlan1 for data and Vlan3 for voice. We would like to capture all both Vlans. Is it true you can only capture 1 Vlan and if so how would you go about getting all the traffic on the switch.

Thanks,

Tom

Na thats not true you can capture traffic from any ip source and collect as many ip ints that are on the device but you can only source the flow from one ip based interface usually the MGMT , if thats not in use just pick a logical interface as there nearly always up/up. The limitations is usually on the colector and how many flows it can accept per license and cost

in your case you just add the ip flow cache under each ip interface and it will collect the flow from anything thats part of the vlan but if its layer 2 you wont see any traffic as its an ip based feature so this works best on layer 3 switches and routers with ip based interfaces, when you take a flow from a layer 2 switch you may only get that its reachable and up

Mark,

Thanks very much for the quick response. Here is our switch code. I shortend the code this the necessary info. The Netflow code worked when we had port 48 as a routed port with IP interface. We would like to see all the data on the switch. What would be your suggestions and code changes. This is our first attempt in getting Netflow working. Thanks very much!!!!

hostname Hooper-Road-2960XR
!
flow record Test-1
 match ipv4 tos
 match ipv4 protocol
 match ipv4 source address
 match ipv4 destination address
 match transport source-port
 match transport destination-port
 collect transport tcp flags
 collect interface input
 collect flow sampler
 collect counter bytes long
 collect counter packets long
 collect timestamp sys-uptime first
 collect timestamp sys-uptime last
!
!
flow exporter Test-1
 description Exporter to Solarwinds Server
 destination 192.168.23.247
 dscp 16
 transport udp 2055
 template data timeout 30
 option interface-table
!
!
flow monitor Test-1
 record Test-1
 exporter Test-1
 cache timeout active 30
!
ip routing

spanning-tree mode rapid-pvst
spanning-tree extend system-id

!
vlan internal allocation policy ascending

!!!!!! The Port Configuration for all 47 Ports !!!!!!!!
!
interface GigabitEthernet1/0/1 thru 47
 description PC or Phone - VLAN1&3
 switchport trunk allowed vlan 1,3
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust cos
 auto qos voip trust
 spanning-tree portfast
 spanning-tree bpduguard enable
 spanning-tree guard root
!
= = = = = = = = = = = = = = ==

interface GigabitEthernet2/0/48
 description Fiber Connection to Computer Center
 switchport mode dynamic desirable
 power inline never
!
interface Vlan1
 ip address 192.168.220.1 255.255.255.0
!
interface Vlan3
 description Voice VLAN
 ip address 192.168.215.1 255.255.255.0
!
router ospf 100
 network 192.168.215.0 0.0.0.255 area 0.0.0.1
 network 192.168.220.0 0.0.0.255 area 0.0.0.1
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.220.2

Update... we are able to get NetFlow working. The issue now it that we needed to add a:

Sampler SampleTest

mode random 1 out-of 32

Interface G1/0/1

ip flow monitor monitor1 sampler SampleTest input

If there anyway to configure a 2960 with out a sampler rate?

Thanks again

Yes just dont use it , i haven't enabled sampler on any flexible netflow interfaces an it works fine in the collector  , the sampler should be optional

interface Vlan159
 ip address x.x.x.x 255.255.255.0
 ip flow monitor xxxxx input
 ip flow monitor xxxxx output
 ip pim dense-mode
 load-interval 30