Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1050
Views
0
Helpful
7
Replies

Netflow on C3750X

Go to solution
zheepern0826
Level 1
Level 1

‎04-01-2016 01:23 AM - edited ‎03-08-2019 05:11 AM

Hi guys, 

I am trying to configure my C3750X(ip base) switch to send the netflow ingress and egress on uplink to a netflow collector. 

My switch model is WS-C3750X-48PF-S and the module I am using is C3KX-NM-10G 

So far below is my configuration in the switch:

ip flow-cache timeout active 5
ip flow-export source Vlan250
ip flow-export version 9
ip flow-export destination 10.4.2.240 9995

interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 226,233,250,833,1002-1005
switchport mode trunk
ip flow ingress
ip flow egress

After configure the switch as above, I still unable to received any data from my netflow collector. Below is some verification command on switch.


SW1#sh ip flow export
Flow export v9 is enabled for main cache
Export source and destination details :
VRF ID : Default
Source(1) 10.32.250.76 (Vlan250)
Destination(1) 10.4.2.240 (9995)
Version 9 flow records
0 flows exported in 0 udp datagrams
0 flows failed due to lack of export packet
0 export packets were sent up to process level

SW1#sh ip cache flow
IP packet size distribution (0 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes
0 active, 4096 inactive, 0 added
0 ager polls, 0 flow alloc failures
Active flows timeout in 5 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33608 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
SW1#

Can anyone advise did i configure correctly or where did i missed. 

Thank you very much in advance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎04-01-2016 01:30 AM

Hey

You have applied an ip command to a layer 2 switchport , you need to put it under the vlan interface to get flows , netflow works at layer 3

interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 226,233,250,833,1002-1005
switchport mode trunk
ip flow ingress
ip flow egress

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎04-01-2016 01:30 AM

Hey

You have applied an ip command to a layer 2 switchport , you need to put it under the vlan interface to get flows , netflow works at layer 3

interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 226,233,250,833,1002-1005
switchport mode trunk
ip flow ingress
ip flow egress

0 Helpful

Go to solution
zheepern0826
Level 1
Level 1
In response to Mark Malone

‎04-01-2016 01:39 AM

Hi, 

So means i shouldn't put in Gi1/1/1 as it is a layer 2 switchport and I should put the command in vlan interface ? 

Is it correct if i configure it as below ? 

interface Vlan250
description MANAGEMENT-VLAN
ip address 10.32.250.76 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp

ip flow ingress
ip flow egress

interface GigabitEthernet1/1/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 226,233,250,833,1002-1005
switchport mode trunk

Thank you very much 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to zheepern0826

‎04-01-2016 02:10 AM

Yes that's it netflow goes on ip based interface , if there's more than 1 put it on each ip interface you want a flow from and it will collect the flows from each

0 Helpful

Go to solution
zheepern0826
Level 1
Level 1
In response to Mark Malone

‎04-01-2016 02:13 AM

Hi Mark, 

I have tested and it works.

Thank you very much on the explanation and guidance. 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to zheepern0826

‎04-01-2016 02:14 AM

ah great glad its showing something

0 Helpful

Go to solution
zheepern0826
Level 1
Level 1
In response to Mark Malone

‎04-01-2016 02:27 AM

Hi Mark, 

Actually I am just configure netflow on the access switches for testing purpose. I have install a new monitoring and try to play around and take this time to learn and understand the networking. 

Will try to get approval to put the configure netflow in core switch. Thanks again for your help and guidance. 

0 Helpful

Go to solution
Mark Malone
VIP Alumni
VIP Alumni
In response to Mark Malone

‎04-01-2016 02:14 AM

remember if this is purely a layer 2 switch you wont get many flows as netflow works on ip based flows ,designed for layer 3 interfaces , if you only have a mgmnt interface depending on the software your exporting to it may only show it as a reachable device , to get a good flow with all different types of protocols etc you would put it on your wan links or layer 3 links like ion distribution switch port-channels that are ip based

0 Helpful
Customers Also Viewed These Support Documents