I'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.
The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.
To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.
Will Netflow still work in that scenario?
Thanks for reading and any advice will be gratefully received!
Solved! Go to Solution.
You won't get traditional NetFlow off of the 3750X unless the traffic goes through the 3KX module which costs another $3K-$4K. You will be able to export Smart Logging Telemetry FnF (Flexible NetFlow) on the switch but, to the best of my knowledge, the only NetFlow reporting tool on the market that collects and reports on it is Scrutinizer NetFlow Analyzer.
Does this help?
Kind of, the traffic I'm interested in will pass through the 3KX module.
I need to know if it will work without SVI's configured, the switch will just function purely at layer two?