Solved: Re: Netflow Support on 3560/3750X platforms

robward · ‎02-09-2012

Hello,

I'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.

The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.

To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.

Will Netflow still work in that scenario?

Thanks for reading and any advice will be gratefully received!

Cheers

Rob

mikek · ‎02-11-2012

Ican confirm that this will work on layer2. My 3750x with the 3kx sm is completely flat and I'm exporting from it. Configuring the flow monitors can be a little tricky with ingress/egress. But it works fine!

View solution in original post

jakewilson · ‎02-09-2012

Hello Rob,

You won't get traditional NetFlow off of the 3750X unless the traffic goes through the 3KX module which costs another $3K-$4K. You will be able to export Smart Logging Telemetry FnF (Flexible NetFlow) on the switch but, to the best of my knowledge, the only NetFlow reporting tool on the market that collects and reports on it is Scrutinizer NetFlow Analyzer.

Does this help?

Jake

robward · ‎02-10-2012

Kind of, the traffic I'm interested in will pass through the 3KX module.

I need to know if it will work without SVI's configured, the switch will just function purely at layer two?

Thanks

Rob

mikek · ‎02-11-2012

Ican confirm that this will work on layer2. My 3750x with the 3kx sm is completely flat and I'm exporting from it. Configuring the flow monitors can be a little tricky with ingress/egress. But it works fine!

robward · ‎02-14-2012

Thanks Mike, would you mind sharing a sample flow monitor configuration?

Regards

Rob