04-10-2012 02:12 PM - edited 03-07-2019 06:03 AM
Hi guys,
Ive tried to configure NetFlow on layer 2 without success.
I configured the recond\monitor\exporter like the configuration guide said.
but still i dont receive any netflow traffic.
I checked the firewall on the VM and it looks fine.
Anyone have any idea??
i have done the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.
Regards,
04-10-2012 02:51 PM
04-10-2012 10:51 PM
Hi,
Thanks for the fast replay!!
iam using version 5.1
here is sample of the configuration:
flow exporter scrutinizer
description netflow-tester
destination 192.168.1.212 - the netflow analyzer server ip address
version 9
source vlan 3 (192.168.1.211)
flow monitor TESTER
flow record netflow-original
exporter scrutinizer
** i did try to create my wn record for only layer2 data - without success.
After ive done this i start to add the interfaces i want to check.
int ethernet 2/1-2 - this is the uplink we want to test
layer2-switch flow monitor TESTER input
any idea`s?
04-11-2012 02:25 AM
Here is the configruation on the Nexus 7k
flow exporter scrutinizer
description export netflow to scrutinizer
destination 10.100.212.111
transport udp 6343
source Vlan3
version 9
flow monitor LIAD
record netflow layer2-switched input
exporter scrutinizer
interface port-channel1
layer2-switched flow monitor LIAD input
------------------------------------------------------------------------------------------------------------------------------------------------------------
04-15-2012 01:59 AM
Hello,
Does this entry appear in your FnF Record?
* collect datalink mac source address input
Found this on: http://www.bradreese.com/how-to/2-20-2011.htm
Jake
plixer.com
02-09-2014 12:31 PM
Hey,
Did you put "mac packet-classify" on the layer 2 link? SInce you are esentially placing a MAC ACL on the layer 2 interface when netflow is applied. This would be required to see IP traffic exported. Other wise only "non-ip" traffic will be exported, which I would imagine would not be very helpful here.
Also keep in mind that the netflow-original recorder is really designed for layer 3 traffic and doesn't have any relevant layer 2 information, See below:
Flow record netflow-original:
Description: Traditional IPv4 input NetFlow with origin ASs
No. of users: 1
Template ID: 258
Fields:
match ipv4 source address
match ipv4 destination address
match ip protocol
match ip tos
match transport source-port
match transport destination-port
match interface input
match interface output
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect transport tcp flags
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
This may not matter if you are putting this in between two routers, where the MAC's don't change, but you probably want to create you own recorder:
flow record layer2-netflow
match datalink mac source-address
match datalink mac destination-address
match datalink vlan
You can also add in any of the above information as well from netflow orginal depending on what you actually want to see.
Thanks,
Adam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide