I only have flexible netflow

Mate Grbavac · ‎04-20-2016

Hi,

I have N7k (NX-OS 6.2(2)) with SUP1, M1 and F1 linecards.

I need to export netflow for traffic in VLAN 30 and I configured bridged netflow. Config is:

flow exporter NF_EXP
destination 10.10.101.11
transport udp 9993
source Vlan101
version 9

flow record NF-L2

flow monitor NF-L2
record NF-L2
exporter NF_EXP

Flow record is:

sh flow record NF-L2
Flow record NF-L2:
No. of users: 1
Template ID: 261
Fields:
match interface input
match interface output
match flow direction

Flow monitor is configured under the VLAN configuration (according to config guide for bridged netflow):

vlan configuration 30
ip flow monitor NF-L2 input

But, it's not working. If I configure flow monitor under SVI (L3 netflow) than everything looks OK, but I need L2 netflow...

Mark Malone · ‎04-20-2016

I only have flexible netflow running on nx-os at L3 but looking at the doc theres a bit more required for L2 flows

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_15netflow.html

Configuring Layer 2 NetFlow

You can define Layer 2 keys in flexible NetFlow records that you can use to capture flows in Layer 2 interfaces. The Layer 2 keys are as follows:

•Source and destination MAC addresses

•Source VLAN ID

•EtherType from the Ethernet frame

You can apply Layer 2 NetFlow to the following interfaces for the ingress direction:

•Switch ports in access mode

•Switch ports in trunk mode

•Layer 2 port channels

Note You cannot apply Layer 2 NetFlow to VLANs, egress interfaces, or Layer 3 interfaces such as VLAN interfaces.

BEFORE YOU BEGIN

Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.

SUMMARY STEPS

1. config t

2. flow record name

3. match datalink {mac source-address | mac destination-address | ethertype | vlan}

4. interface {ethernet slot/port} | {port-channel number}

5. switchport

6. mac packet-classify

7. layer2-switched flow monitor flow-name input [sampler sampler-name]

8. show flow record netflow layer2-switched input

9. copy running-config startup-config

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Applying a Layer-2 NetFlow Monitor an Interface

Cisco IOS Software does not have the ability to apply a layer-2 flow monitor to an interface and specify the input or output direction. Cisco IOS software uses a global command to specify the VLAN for which only ingress bridged-traffic is captured. See the previous example.

interface etherent 1/1

switchport

switchport access vlan 100

mac packet-classify

layer2-switched flow monitor Netflow-Monitor-L2 input

http://docwiki.cisco.com/wiki/Cisco_NX-OS/IOS_Netflow_Comparison

Mate Grbavac · ‎04-20-2016

Hi Mark,

tnx for reply.

I read that documents, but I want to configured bridged netflow which should be supported and it' need to be configured under VLAN.

Configuring Bridged NetFlow on a VLAN

You can apply a flow monitor and an optional sampler to a VLAN.

BEFORE YOU BEGIN

Make sure that you are in the correct VDC. To change the VDC, use the switchto vdc command.

SUMMARY STEPS

1. config t

2. vlan [configuration] vlan-id

3. ip flow monitor name {input | output} [sampler name]

4. copy running-config startup-config

Mark Malone · ‎04-20-2016

Hi just looking the layer 2 flow record its different than the layer 3 flow record that way iot may not be pulling anything as its trying to get ip flow , did you try set below in your flow for L2 traffic match datalink {mac source-address | mac destination-address | ethertype | vlan}

Mate Grbavac · ‎04-20-2016

Yes, here is the flow record:

sh flow record NF-L2
Flow record NF-L2:
No. of users: 0
Template ID: 0
Fields:
match interface input
match interface output
match datalink mac source-address
match datalink mac destination-address
match datalink source-vlan-id
match datalink ethertype
match flow direction

I added flow record to monitor and after I tried to add monitor to VLAN through VLAN configuration I got message:

ERROR: Protocol for record and monitor do not match

On the other side, if I add monitor to L2 interface I got message:

ERROR: L2 Netflow Cannot be configured on F1 Line card ports

Nexus 7000 bridged netflow

BEFORE YOU BEGIN

SUMMARY STEPS

Configuring Bridged NetFlow on a VLAN

BEFORE YOU BEGIN

SUMMARY STEPS