Catalyst 2950 NetFlow Support

Posted in NetFlow Analyzer, Network Traffic Monitor on June 25th, 2012 by
Catalyst 2950 NetFlow Support

The Catalyst 2950 / 2960 NetFlow Support is sought after because it is one of the most prolific switches produced by Cisco.  Sometimes it seems like every company we talk to has one and since we are a NetFlow and IPFIX company, we come across a lot of consumers who want to collect NetFlow from them. Customers are in luck.

Although the Catalyst 2950 and 2960 do not natively support NetFlow, if you are willing to span a port to a NetFlow probe the insight one can gain is significant.

mirroring a port to a probe

Here are a few NetFlow probe options:

  • softflowd runs on linux and is completely free.  Limited to NetFlow v5 and exports interfaces as ‘0’.  Good, free tool but, not ideal.
  • nProbe runs on windows and linux and costs $695.  Loaded with great metrics on latency, URLs, jitter, packet loss, codec, etc.  Amazing probe and it supports both NetFlow and IPFIX.  Claims high performance.
  • Cisco NGA 3140 Cost = ???  I haven’t worked with it but, since Cisco invented NetFlow, I’m sure it is solid.  It exports traditional NetFlow and supports IPFIX.  Claims high performance.

Be informed that the Catalyst 3750-X NetFlow support touted by Cisco is for Smart Logging Telemetry which is a unique NetFlow export that sends event information (i.e. sort of like syslogs) as well as captured packets.  However, you can export traditional NetFlow from this switch if the C3KX module is purchased.  This plugin provides NetFlow support on the uplink.  The 3750-x and the 3560-X both support the C3KX.

Collecting NetFlow from the C3KX or a NetFlow probe not only provides additional insight for network traffic monitoring, it can also help with threat detection.  Our NetFlow analyzer can be used for advanced persistent threat detection via Flow Analytics.  To learn more, read our white paper on Fighting Advanced Persistent Threats.

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.
Tags: , , , ,

4 Responses to “Catalyst 2950 NetFlow Support”

  1. KurtS Says:

    Can you elaborate on the netflow support in the 3750-x with the C3KX modules? I read the Cisco datasheet, C3KX-SM-10Gb delivers FNF but only on the uplink taffic. This service module is a single port 10Gb uplink(SFP+ interface).

    What level of netflow, if any, is supported when the basic C3KX-NM-xx is used?

    Do any of the base C3KX ethernet ports support netflow like many of the sflow support ethernet switches?

  2. DaBags Says:

    I was looking at a NGA-3140 as it will will create netflow streams for 4 (I think) Gig devices – but the sticker-shock threw me. Before Smartnet the quote was $32K – I think I’ll just upgrade my switches. :)

  3. Says:

    Hi Kurt,

    The C3KX-SM-10G module has dual SFP/SFP+ uplink ports. Both can export NetFlow. The only NetFlow data that is currently supported without C3KX-SM-10G is Smart Logging and Telemetry. These are security event messages rather than traffic accounting.

    According to release notes, performance monitoring(MediaNet) is also supported in the latest 12.4 code. C3KX-SM-10G is only supported under IOS 15.1+ .

    The 3750x does not support any traffic accounting NetFlow without the C3KX-SM-10G.

    – Tom

  4. Marco Foschiano Says:

    SLT is mainly intended for event logging, but the “telemetry” part in the name comes from the fact that traffic captures can be performed by logging “ACL permits”. However, that needs to be done carefully and selectively in order to avoid logging the entirety of the switch traffic to the CPU and then to the collector… ;-)


Leave a Reply

You must be logged in to post a comment.