Cisco Catalyst 3560/3750
Standard 3750 and 3560 switches do not support NetFlow. The 3750-X and 3560-X L3 switches only support NetFlow if they have the C3KX-SM-10G Service module. In this case the only option is using Flexible NetFlow.
Required tasks to create a flexible NetFlow configuration
- Enable ingress and egress on the C3KX-SM-10G module uplink ports.
- Create and configure the flow record.
- Create and configure the flow exporter(s).
- Create a flow monitor to bind the flow record to the exporter.
- Apply the flow monitor to the appropriate interface on the device.
Configuration example
The following configuration example creates a custom flow record and flow monitor. Each section includes notes that explain what the commands do.
Interface setup
! interface TenGigabitEthernet1/1/1 switchport trunk encapsulation dot1q switchport mode trunk ip flow monitor NetFlow input ip flow monitor NetFlow outpu ! interface TenGigabitEthernet1/1/2 switchport trunk encapsulation dot1q switchport mode trunk ip flow monitor NetFlow input ip flow monitor NetFlow output
You must enable ingress and egress on the C3KX-SM-10G module uplink ports since they are the only interfaces on the module that support NetFlow export functionality.
Flow record
Flow record NetFlow match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port collect interface input snmp collect interface output snmp collect counter bytes collect counter packets
The flow record part of this configuration example creates the record called NetFlow and uses the match ipv4, match transport, and collect commands to define the key fields in the record by which flow data will be processed.
Flow exporter
flow exporter NetFlow-to-Orion destination 10.10.10.10 source vlan254 transport udp 2055 export-protocol netflow-version 9
The flow exporter part of the configuration examples defines the following:
- An exporter called NetFlow-to-Orion.
- The
destination, which is the IP address of the SolarWinds Platform server, to which flow data will be exported. - The
sourcecalled vlan254, which is the interface with the IP address with which SolarWinds Platform is managing the device, and from which flow data will be exported. - The
transportprotocol (UDP) and port (2055, SolarWinds Platform collection port) through which the flow data will pass. - The NetFlow
export protocol(NetFlow version 9) that the NetFlow collector should expect and use to process the data.
Flow monitor
flow monitor NetFlow-Monitor description Original Netflow captures record ipv4 exporter NetFlow-to-Orion cache timeout inact 10 cache timeout act 5 interface TenGigabitEthernet1/1/1 interface TenGigabitEthernet1/1/2 ip flow monitor NetFlow-Monitor input
The flow monitor part of the configuration example defines the following:
- A monitor called NetFlow-Monitor that uses the
recordandexportercommands to bind the flow record (ipv4) to the flow exporter (NetFlow-to-Orion) you already created. - The
interfacecommand defines the interface (two of them, in this case) to which the flow monitor NetFlow-Monitor applies. - The
ip flow monitorcommand specifies the capture of ingress data (input) on the two specified interfaces.
Full configuration
The overall configuration without annotations looks like this:
flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlan254
transport udp 2055
flow exporter NetFlow-to-Orion
destination 10.10.10.10
source vlan254
transport udp 2055
export-protocol netflow-v5
flow monitor NetFlow-Monitor
description Original Netflow captures
record ipv4
exporter NetFlow-to-Orion
cache timeout inact 10
cache timeout act 5
interface TenGigabitEthernet1/1/1
interface TenGigabitEthernet1/1/2
ip flow monitor NetFlow-Monitor input