3KX NetFlow Configuration : Catalyst 3750X NetFlow Support

Posted in Network Traffic Analysis on January 29th, 2012 by James FT
3kx-netflow-configuration-catalyst-3750x-netflow-support
Buffer

Here’s how to configure the 3KX NetFlow support on the Cisco Catalyst 3750X.  I also outlined exporting CoS with NetFlow or really Flexible NetFlow (FnF).

Setting up Flexible NetFlow is a simple process if you fully understand the 4 steps.   Here’s what I ran to get it working:

In order to meter both ingress and egress traffic, 3KX requires different flow records.
 
Step 1 Flexible NetFlow Flow Records
flow record miketest
match datalink source-vlan-id
match datalink dot1q priority
match datalink mac source-address
match datalink mac destination-address
match ipv4 version
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input physical snmp
collect interface output snmp
collect counter flows
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
 
flow record miketestegress
match datalink destination-vlan-id
  match datalink dot1q priority
  match datalink mac source-address
  match datalink mac destination-address
  match ipv4 version
  match ipv4 tos
  match ipv4 ttl
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  match interface output physical snmp
  collect interface input snmp
  collect counter flows
  collect counter bytes
  collect counter packets
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
 
Step 2 Flexible NetFlow Flow Exporter
Flow exporter export-to-samplicator
Destination 10.1.1.8
source Vlan1
Transport udp 2055
option interface-table timeout 60
 
Step 3 Flexible NetFlow Flow Monitors
# Tie the Flow Monitor to the Flow Record
flow monitor mikektest
record miketest
exporter export-to-samplicator
cache timeout active 60
flow monitor mikektestegress
record miketestegress
exporter export-to-samplicator
cache timeout active 60
 
Step 4 Apply the Flow Monitor to the Interfaces
interface TenGigabitEthernet1/1/1
ip flow monitor mikektest layer2-switched input
interface TenGigabitEthernet1/1/2
ip flow monitor mikektest input
ip flow monitor mikektestegress output
The 3KX is also known as the Wall-E or walle after the Disney movie.

Cisco 3KX Module

Without the $3750: 3KX module (excuse the pun) the 3750X NetFlow Support is limited to Smart Logging Telemetry which is also pretty neat.  If you have questions on your Walle NetFlow configuration, just contact our NetFlow team as they will help you get it all setup for network traffic analysis.

James

For a 30 day Trial of Scrutinizer, Click Here to Download!

Join the NetFlow Developments group on LinkedIn.

Tags: , , , , ,

This entry was posted on Sunday, January 29th, 2012 at 2:37 am and is filed under Network Traffic Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “3KX NetFlow Configuration : Catalyst 3750X NetFlow Support”

  1. Carl Williams Says:
    February 6th, 2012 at 7:38 pm

    Trying to configure netflow with C3KX-NM-10G.

    not exporting though.

    C3KX-NM-10G thats the module i’m using. I want to use opmanager netflow to gather stats.

  2. Carl Williams Says:
    February 6th, 2012 at 7:41 pm

    //// This is applied but not used
    flow exporter export-to-Perivale-Comvault_Server
    destination 10.173.66.143
    transport udp 9996
    !
    !
    flow record PERIVALE_MONITORING
    match datalink mac source address input
    match datalink mac source address output
    match datalink mac destination address input
    match datalink mac destination address output
    match ipv4 version
    match ipv4 protocol
    match ipv4 source address
    match ipv4 destination address
    match transport source-port
    match transport destination-port
    collect counter bytes
    collect counter packets
    collect timestamp sys-uptime first
    collect timestamp sys-uptime last
    !
    !
    flow monitor PERIVALE_NETFLOW_MONITORING
    record PERIVALE_MONITORING
    exporter export-to-Perivale-Comvault_Server

    ###################

    netflow version 9 config

    int GigabitEthernet1/0/21
    ip flow ingress
    ip flow egress

    int GigabitEthernet2/0/21
    ip flow ingress
    ip flow egress

    interface TenGigabitEthernet1/1/2
    ip flow ingress
    ip flow egress

    interface TenGigabitEthernet2/1/2
    ip flow ingress
    ip flow egress

    ip flow-cache timeout active 1
    ip flow-export source GigabitEthernet1/0/21
    ip flow-export version 9
    ip flow-export destination 10.173.66.143 9996

  3. tomp@plixer.com Says:
    February 6th, 2012 at 8:51 pm

    Hi Carl,

    You need the C3KX-SM-10G (The service module) in order to export NetFlow, the NM-10GB card does not support flow export.

    - Tom

  4. Catalyst 3750 NetFlow Support : Flexible NetFlow Collector - NetFlow & sFlow Network Monitoring - Systrax Says:
    March 28th, 2012 at 2:55 pm

    [...] well as Cisco TrustSec and new elements for Cost of Services (CoS).  Make sure you configure the 3KX NetFlow support correctly and include the direction bit. Do you have a Catalyst 3750? Whether you have invested in [...]

  5. Craig Weinhold Says:
    April 25th, 2012 at 5:51 pm

    One other thing — if “show ver” on your 3560-X/3750-X shows Version ID “V01″, then you will need to get TAC’s help to get the C3KX-SM-10G working. This isn’t a problem if you purchase a new switch with the C3KX-SM-10G installed, but it is a headache if you are upgrading an existing switch.

Leave a Reply