cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3975
Views
0
Helpful
5
Replies

NetFlow Layer2 on nexus 7k

Liad Dayan
Level 1
Level 1

Hi guys,

Ive tried to configure NetFlow on layer 2 without success.

I configured the recond\monitor\exporter like the configuration guide said.

but still i dont receive any netflow traffic.

I checked the firewall on the VM and it looks fine.

Anyone have any idea??

i have done  the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.

Regards,

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Thanks for the fast replay!!

iam using version 5.1

here is sample of the configuration:

flow exporter scrutinizer

description netflow-tester

destination 192.168.1.212 - the netflow analyzer server ip address

version 9

source vlan 3 (192.168.1.211)

flow monitor TESTER

flow record netflow-original

exporter scrutinizer

** i did try to create my wn record for only layer2 data - without success.

After ive done this i start to add the interfaces i want to check.

int ethernet 2/1-2 - this is the uplink we want to test

layer2-switch flow monitor TESTER input

any idea`s?

Liad Dayan
Level 1
Level 1

Here is the configruation on the Nexus 7k

flow exporter scrutinizer

  description export netflow to scrutinizer

  destination 10.100.212.111

  transport udp 6343

  source Vlan3

  version 9

flow monitor LIAD

  record netflow layer2-switched input

  exporter scrutinizer

interface port-channel1

  layer2-switched flow monitor LIAD input

------------------------------------------------------------------------------------------------------------------------------------------------------------

jakewilson
Level 1
Level 1

Hello,

Does this entry appear in your FnF Record?

* collect datalink mac source address input

Found this on: http://www.bradreese.com/how-to/2-20-2011.htm

Jake

plixer.com

Hey,

Did you put "mac packet-classify"  on the layer 2 link?  SInce you are esentially placing a MAC ACL on the layer 2 interface when netflow is applied. This would be required to see IP traffic exported.   Other wise only "non-ip" traffic will be exported, which I would imagine would not be very helpful here.

Also keep in mind that the netflow-original recorder is really designed for layer 3 traffic and doesn't have any relevant layer 2 information, See below:

Flow record netflow-original:

    Description: Traditional IPv4 input NetFlow with origin ASs

    No. of users: 1

    Template ID: 258

    Fields:

        match ipv4 source address

        match ipv4 destination address

        match ip protocol

        match ip tos

        match transport source-port

        match transport destination-port

        match interface input

        match interface output

        match flow direction

        collect routing source as

        collect routing destination as

        collect routing next-hop address ipv4

        collect transport tcp flags

        collect counter bytes

        collect counter packets

        collect timestamp sys-uptime first

        collect timestamp sys-uptime last

This may not matter if you are putting this in between two routers, where the MAC's don't change, but you probably want to create you own recorder:

flow record layer2-netflow

  match datalink mac source-address

  match datalink mac destination-address

  match datalink vlan

You can also add in any of the above information as well from netflow orginal depending on what you actually want to see.


Thanks,

Adam

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: