07-12-2022 12:51 AM
Hi there,
I have some questions regarding Netflow in Nexus 9000 series.
1. Can we mix in flow record Layer 3 and Layer 2 match clauses and apply it to Layer 3 or to Layer 2 interface? The idea is to see in Netflow collector both Layer 2 (MAC) and Layer 3 (IP) information using one flow record. For example,
flow record TEST-RECORD
match datalink mac source-address
match ipv4 source address
2.Can we apply Layer 3 flow monitor to VLAN? If yes, what is command for this? According to Cisco document, IP and IPv6 flow monitors can be applied to VLANs, SVIs, Layer 3 routed interfaces, or subinterfaces.
Thanks and have a nice day!
Best regards,
Amal
07-12-2022 08:24 AM - edited 07-12-2022 08:26 AM
Hi,
@Amal Ahmadov wrote:2.Can we apply Layer 3 flow monitor to VLAN?
Note | You cannot apply Layer 2 NetFlow to VLANs, egress interfaces, or Layer 3 interfaces such as VLAN interfaces. |
07-13-2022 03:01 AM
Your answer shows that we can apply Layer 3 flow monitor to VLAN. Yes, Cisco guide says so too. How can we apply Layer 3 flow monitor to VLAN? What is the command?
From Cisco document: Layer 2 switched flow monitors are applied only to Layer 2 interfaces. IP and IPv6 flow monitors can be applied to VLANs, SVIs, Layer 3 routed interfaces, or subinterfaces.
07-13-2022 05:03 AM - edited 07-13-2022 05:06 AM
How can we apply Layer 3 flow monitor to VLAN? What is the command?
You can apply a flow monitor to a VLAN in order to gather Layer 3 data over Layer 2 switched packets in a VLAN.
switch# configure terminal switch(config)#
switch(config)# vlan configuration 30 switch(config-vlan-config)#
switch(config-vlan-config)# ip flow monitor testmonitor
another one:
Flexible Netflow configuration example:
Create the Flow Record:
flow record ipv4 match ipv4 tos match ip protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input collect interface output collect counter bytes long collect counter packets long
Create Flow Exporter:
flow exporter NetFlow-to-Orion destination 10.10.10.10 source ethernet 2/1 transport udp 2055 version 9 template data timeout 60
Create Flow Monitor:
flow monitor NetFlow-Monitor description Original Netflow captures record ipv4 exporter NetFlow-to-Orion cache timeout inact 10 cache timeout act 60
Apply Flow Monitor to Interface:
vlan configuration 700 ip flow monitor NetFlow-Monitor input
07-14-2022 01:15 AM - edited 07-14-2022 01:16 AM
there some tutorials you can prefer..
below is the cisco documents..
08-02-2022 02:16 AM
According to the guide we can apply Layer 3 Netflow to Layer 2 interface. Tried to apply to Layer 2 port-channel and got the following error.
You can define Layer 3 flow monitors on Layer 2 interfaces to capture Layer 3 flow information on Layer 2 interfaces.
My configuration:
flow record TEST-RECORD-L3
match ipv4 source address
match ipv4 destination address
match ip protocol
match transport source-port
match transport destination-port
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
flow monitor TEST-MONITOR
record TEST-RECORD-L3
exporter TEST-EXPORTER
sw(config)# int port-channel 1
sw(config-if)# layer2-switched flow monitor TEST-MONITOR input
ERROR: Protocol for record and monitor do not match
Is there any Netflow method to get Layer 3 information from Layer 2 interface?
Thanks.
08-02-2022 09:47 PM - edited 08-02-2022 09:57 PM
The layer 2 flow record is different than the layer 3 flow record that way IoT may not be pulling anything.
hope below documents will help.
http://www.network-node.com/blog/2016/5/26/configuring-and-troubleshooting-netflow-part-2
https://unifiedguru.com/cisco-nx-osios-netflow-comparison/
https://overlaid.net/2014/07/09/configuring-netflow-on-nexus-nxos/
08-03-2022 12:40 AM - edited 08-03-2022 12:41 AM
I think sflow is the way to go with gathering layer 2 and layer 3 information from layer 2 interface.
feature sflow
sflow collector-ip xxx.xxx.xxx.xxx vrf default source yyy.yyy.yyy.yyy
sflow agent-ip yyy.yyy.yyy.yyy
sflow collector-port 2055
sflow data-source interface port-channel 10
The most notable difference of SFlow vs NetFlow is that SFlow is network layer independent and has the ability to sample everything and to access traffic from OSI layer 2-7, while NetFlow is restricted to IP traffic only. (C)
08-03-2022 01:14 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide