Netflow Cisco 4500X

Steven Williams · ‎09-14-2016

Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.07.00.E RELEASE SOFTWARE (fc4)

I am struggling understanding where the flow export needs to be placed on this device. I have multiple interfaces that connect to a core firewall upstream. The 4500 has multiple vlans and multiple VRFs.

flow record REC1
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect routing forwarding-status
collect transport tcp flags
collect interface output
collect counter bytes long
collect counter packets long
collect timestamp sys-uptime first
collect timestamp sys-uptime last
!
!
flow exporter EXPORT1
destination 192.168.1.100 vrf YELLOW_PROD
source Vlan11
transport udp 9995
!
!
flow monitor MON1
exporter EXPORT1
cache timeout inactive 30
cache timeout active 60
cache entries 1000
record REC1

!

vlan configuration 11,142
ip flow monitor MON1 input

!

So does mean I am only collecting netflow on vlan 11 and 142?

julijime · ‎09-15-2016

Hi Steven,

You are correct! The above configuration means that you are monitoring vlan 11 and 142

vlan configuration 11,142
ip flow monitor MON1 input

You can monitor more vlans or specific ports of your switch applying the "ip flow monitor <name> input"

HTH

Steven Williams · ‎09-15-2016

So like back in the day didnt you just need to apply the config to a single interface and it would export all interfaces? Its been awhile. And I know this is the new FnF method. I just seem to be getting some weird results in PRTG and wondering if my config or the FnF has something to do with it. I pick netflow v9 in PRTG when i setup a sensor.