Netflow in trunk Interface

hs08 · ‎03-17-2025

How / Can we enable netflow on trunk interface?

M02@rt37 · ‎03-17-2025

Hello @hs08

Check on your platform. On Nexus is feasable

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

hs08 · ‎03-18-2025

My devices using C9500, it's possible?

M02@rt37 · ‎03-18-2025

Hello @hs08

seems to be good.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-10/configuration_guide/nmgmt/b_1710_nmgmt_9500_cg/configuring_flexible_netflow.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Blue_Bird · ‎03-17-2025

Hello hs08,

It is based on your switch platform..! As M02@rt37 mentioned, on Nexus 9000 switches is possible..!

if it is lower series switches..You can't directly enable NetFlow on a trunk interface, as NetFlow is a Layer 3 technology, while trunk interfaces are Layer- 2. Instead, you'll need to enable NetFlow on the VLAN interfaces (SVIs) associated with the VLANs carried by the trunk.

Best regards
******* If This Helps, Please Rate ********

balaji.bandi · ‎03-18-2025

Catalyst 9K check the configuration guide lines :

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/218311-configure-and-verify-netflow-avc-and-e.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hs08 · ‎03-18-2025

hi @balaji.bandi

We only can see enabling the AVC on trunk interface not netflow. Am i right?

balaji.bandi · ‎03-18-2025

You can enable netflow on Trunk or port-channel, make sure destination not part of the port-channel or trunk or VLAN

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hs08 · ‎03-18-2025

Belo my config

flow record NTA-Rec
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
collect interface output
collect application name
!
!
flow exporter NTA-Exp
destination 10.103.248.55
source Loopback0
transport udp 2055
export-protocol ipfix
template data timeout 60
option application-table timeout 60
option application-attributes timeout 300
!
!
flow monitor NTA-Mon
description NetFlow nbar
exporter NTA-Exp

But i get this error when applying on trunk interface

CS01(config-if)#ip flow monitor NTA-Mon input
% Flow Monitor: Failed to add monitor to interface: Invalid set of fields in monitor record for wired interface

balaji.bandi · ‎03-18-2025

when you say trunk you try to apply Port-channel ?

suggest to apply Physical interface part of Port-channel.

interface range te 1/x/1, te 1/x/2
ip flow monitor xxxxxxxx input
ip flow monitor xxxxxxxxxxxxx output

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hs08 · ‎03-18-2025

Hi

The error is when i try to apply in physical interface t1/0/35

M02@rt37 · ‎03-18-2025

Hello @hs08

Could you please share your recorder configuration, please ? Same as bottom ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

hs08 · ‎03-18-2025

This

M02@rt37 · ‎03-18-2025

@hs08

Ok I'm gonna check

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎03-18-2025

i tested my Lab switch cat 9300 running 17.9.5

#show version
Cisco IOS XE Software, Version 17.09.05
Cisco IOS Software [Cupertino], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.9.5, RELEASE SOFTWARE (fc1)

#show run interface port-channel 20
Building configuration...

Current configuration : 32 bytes
!
interface Port-channel20
end

TEST#show run interface tw1/0/20
Building configuration...

Current configuration : 130 bytes
!
interface TwoGigabitEthernet1/0/20
switchport mode trunk
ip flow monitor mymonitor input
channel-group 20 mode active
end

TEST#show run interface tw1/0/21
Building configuration...

Current configuration : 130 bytes
!
interface TwoGigabitEthernet1/0/21
switchport mode trunk
ip flow monitor mymonitor input
channel-group 20 mode active
end

Full example :

https://www.balajibandi.com/?p=1383

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help