Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
1
Helpful
4
Replies

Does NetFlow not work on L2 interfaces?

Mitrixsen
Level 1
Level 1

‎03-15-2025 04:02 AM - edited ‎03-15-2025 04:04 AM

Hello, everyone.

I am studying NetFlow and here is my topology:

Mitrixsen_0-1742036360328.png

I started a ping from R2 to R1 and I configured the following on SW1:

Mitrixsen_1-1742036474102.png

Why doesn't SW1 register the flow (ignore the Total Flows set to 1, that was from a different config)? I've read some explanations on the internet which said  that NetFlow won't capture anything on L2 ports? So is it not possible to capture local LAN/VLAN flows?

Thank you.

David

 

Labels:
0 Helpful
4 Replies 4

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-15-2025 04:44 AM

"Why doesn't SW1 register the flow . . . ?"

Most likely for the same reason "switch when you can, route when you must".

If you don't know the latter's reason, its forwarding performance.

BTW, and historically, on routers, a major feature of NetFlow was to increase a router's performance.  On a switch, it would decrease its performance.

Today, a switch's performance wouldn't necessarily be impacted, but it would very likely increase its cost.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎03-15-2025 05:54 AM

I am not sure in the Virtual environment, but the recent Cat 9K Model works.

May be try cat 9K v for testing (you may need good compute for the image - i have not tested).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-15-2025 06:41 AM

". . . but the recent Cat 9K Model works."

I didn't know that but not too surprising as these current gen switches are also L3 and aren't particularly inexpensive.

I find it interesting how many previously only software features are now supported by hardware, often Cisco proprietary hardware.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-15-2025 08:40 AM - edited ‎03-15-2025 08:41 AM

Hello @Mitrixsen ,

as noted by BB some platforms may support it but my guess is you need a special configuration for netflow to capture bridged traffic. I have seen it on Nexus 9000 series.

see

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-16/configuration_guide/nmgmt/b_1716_nmgmt_9300_cg/configuring_flexible_netflow.html#task_wmh_rjf_qgb

My understanding is that you can configure bridged netflow at broadcast domain layer.

on a physical layer 2 interface you can create a custom flow record that matches on IP and/or on MAC addresses or ethertype and it is supported only in  ingress direction.

Hope to help

Giuseppe

 

Customers Also Viewed These Support Documents