Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
0
Replies

Netflow on Nexus 7K ver 6.2.8b with two L2 & L3 flows?

rizwanr74
Level 7
Level 7

‎10-05-2015 09:13 AM - edited ‎03-08-2019 02:04 AM

Hi guys,

 

I want to enable netflow on our core switch 7K running ver 6.2.8b and so I copied below lines in table 1, and I see netflow is being received on Solarwind NTA.

 

table 1:


feature netflow

flow timeout inactive 15
flow timeout active 60


flow exporter solrwin-flowexport
  destination 10.1.1.1
  transport udp 2055
  source Vlan10
  version 9
    template data timeout 60

flow record solrwin-flowrecord
  description Solarwinds Netflow traffic
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match ip tos
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets


flow monitor solrwin-flowmonitor
  description Send Netflow to Orion NTA
  record solrwin-flowrecord
  exporter solrwin-flowexport


interface Vlan10
  ip flow monitor solrwin-flowmonitor input  
  ip flow monitor solrwin-flowmonitor output 

 

Later I was told that I must enable a layer2 netflow as well, with below commands, shown in table 2.

Tabe 2:

flow record L2solrwin-flowrecord record solrwin-flowrecord
  match datalink mac source-address
  match datalink mac destination-address
  match datalink vlan


flow exporter L2solrwin-flowexport
  destination 10.1.1.1
  transport udp 2055
  source Vlan10
  version 9
    template data timeout 60

flow monitor L2-solrwin-flowmonitor
  description Send Netflow to Orion NTA
  record L2solrwin-flowrecord record solrwin-flowrecord
  exporter L2solrwin-flowexport

interface Ethernet1/46
  layer2-switched flow monitor L2solrwin-flowmonitor input 

 

I got two questions, question one: Do I need two separate flows configuration in order to capture netflow correctly?

Question two: Can I combine L2 and L3 flow configurations into one as shown below in table 3?

 

Table 3:

flow exporter solrwin-flowexport
  destination 10.1.1.1
  transport udp 2055
  source Vlan10
  version 9
    template data timeout 60

 

flow record solrwin-flowrecord

 description Solarwinds Netflow traffic
  match datalink mac source-address
  match datalink mac destination-address
  match datalink vlan  
  match ipv4 source address
  match ipv4 destination address
  match ip protocol
  match ip tos
  match transport source-port
  match transport destination-port
  collect counter bytes
  collect counter packets


flow monitor solrwin-flowmonitor
  description Send Netflow to Orion NTA
  record solrwin-flowrecord
  exporter solrwin-flowexport


interface Vlan10
  ip flow monitor solrwin-flowmonitor input  
  ip flow monitor solrwin-flowmonitor output  

interface Ethernet1/46
layer2-switched flow monitor solrwin-flowmonitor input

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card