cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
701
Views
0
Helpful
3
Replies

Multiple Netflows from same Router

dctaylorit
Level 1
Level 1

What I’m looking to do is setup a net-flow monitor for traffic going across a PIX firewall. I know unfortunately I can’t do this directly from the PIX because it does not support net-flow.

I do have a 2921 router on the same network that I have net-flow enabled to monitor traffic across the MPLS Connection.

Since the traffic for the MPLS is going out a direct interface I have applied the IP Flow egress/ingress commands to that interface to obtain the net-flow data I need.  The PIX firewall however is not a direct interface so this can’t be done. I have done a little reading and believe I could use a policy map to create a “filter” so that any traffic that meets the ACL associated with the Policy-Map would get sent to net-flow monitor.

My question is how do I set that up so that so I can have the two net-flow data “streams/sources” go to separate net-flow ports so that I can monitor them independently of each other or is that not possible?

Both devices are connected to a 3750X switch; however neither is connected to a 10GB port. To my understanding that means I can’t run net-flow on the switch itself.

3 Replies 3

Ed Willson
Level 1
Level 1

Without the 10GB module - There's no Netflow on the 3750x. What about using port span on the 3750 to an un-used port and Nprobe to get the flow source? I've been wanting to try it - so let me know if it works

Ed Willson
Level 1
Level 1

Joe - Did you make any progress, or have an update?

dctaylorit
Level 1
Level 1

Ed - Thank you for the reply.  I haven't had a chance to follow up until this week.  Was doing some more research and see that it appears Flexible Netflows would be able to address my need - however when I try to apply the monitor to the interface it doesn't take.  I have opened a ticket with Cisco on the issue and will repost back when I get an answer.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: