Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
409
Views
5
Helpful
2
Replies

Netflow Config Recommendations for Remote Site

pat.mchenry
Level 1
Level 1

‎09-27-2021 01:26 PM - edited ‎09-27-2021 01:36 PM

Hi,

 

we are trying to get visibility into traffic at our remote site using netflow on a 9500. This remote site core switch has many VLANs and attaches to many 9300 access switches via trunks. All routing for the site is on the 9500. Traffic from and to the remote site is being captured by our Main campus 6807, so there isn't a need to configure netflow on any interfaces between the remote site and the Main campus.

 

We are looking to get visibility into traffic at the sight traversing between and within VLANs.

 

What would be the best way to apply this? On the VLAN interfaces of the Core 9500, or trunks of the 9500 to the access switches or VLANs on the Core and/or access switch or all of the above? I'm assuming that traffic between VLANs would get captured by the VLAN interface netflow config on the 9500. Traffic going to another switch to the same VLAN or a different VLAN would get captured from a trunk netflow config on the 9500 and traffic within a VLAN that will not leave the access switch would be captured by a VLAN netflow config on the access switch VLAN?

 

Another question I had.....is there a need to configure netflow on both the ingress and egress on the VLAN interface or trunk interface? If I config ingress only on each interface, won't I catch traffic in both directions as the traffic will ingress on another VLAN interface or trunk interface? What advantage would I have be configuring ingress and egress on the same interface?

 

I know this is a lot, but would appreciate any insight.

 

Thank you, Pat

 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎09-27-2021 03:14 PM

better visibility i go with Layer3 SVI of VLAN, but new netflow on Cat 9500 do support Layer2

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pat.mchenry
Level 1
Level 1
In response to balaji.bandi

‎09-28-2021 06:34 AM

Thx BB - do you config ingress and egress on VLAN interfaces or just in one direction? And why?

 

Also, if I configure only on VLAN interfaces I would miss intra-VLAN flows, correct? For L2 traffic within the VLAN I would need to configure netflow on the trunks to the access switches?

 

Thank you, Pat

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card