Blog :: Network Operations :: Security Operations

3KX NetFlow Configuration : Catalyst 3750X NetFlow Support

Here’s how to configure the 3KX NetFlow support on the Cisco Catalyst 3750X.  I also outlined exporting CoS with NetFlow or really Flexible NetFlow (FnF).

Setting up Flexible NetFlow is a simple process if you fully understand the 4 steps.   Here’s what I ran to get it working:

In order to meter both ingress and egress traffic, 3KX requires different flow records.
 
Step 1 Flexible NetFlow Flow Records
flow record miketest
match datalink source-vlan-id
match datalink dot1q priority
match datalink mac source-address
match datalink mac destination-address
match ipv4 version
match ipv4 tos
match ipv4 ttl
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input physical snmp
collect interface output snmp
collect counter flows
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
 
flow record miketestegress
match datalink destination-vlan-id
  match datalink dot1q priority
  match datalink mac source-address
  match datalink mac destination-address
  match ipv4 version
  match ipv4 tos
  match ipv4 ttl
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  match interface output physical snmp
  collect interface input snmp
  collect counter flows
  collect counter bytes
  collect counter packets
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
 
Step 2 Flexible NetFlow Flow Exporter
Flow exporter export-to-samplicator
Destination 10.1.1.8
source Vlan1
Transport udp 2055
option interface-table timeout 60
 
Step 3 Flexible NetFlow Flow Monitors
# Tie the Flow Monitor to the Flow Record
flow monitor mikektest
record miketest
exporter export-to-samplicator
cache timeout active 60
flow monitor mikektestegress
record miketestegress
exporter export-to-samplicator
cache timeout active 60
 
Step 4 Apply the Flow Monitor to the Interfaces
interface TenGigabitEthernet1/1/1
ip flow monitor mikektest layer2-switched input
interface TenGigabitEthernet1/1/2
ip flow monitor mikektest input
ip flow monitor mikektestegress output
The 3KX is also known as the Wall-E or walle after the Disney movie.

Cisco 3KX Module

Without the $3750: 3KX module (excuse the pun) the 3750X NetFlow Support is limited to Smart Logging Telemetry which is also pretty neat.  If you have questions on your Walle NetFlow configuration, just contact our NetFlow team as they will help you get it all setup for network traffic analysis.

Related

khalil

Defining top talkers with Flexible NetFlow and AVC

I was recently on a call with a customer who wanted to know which applications use the most bandwidth during working hours—i.e. their top

::
scottr

Troubleshooting NetFlow over VPN tunnel

I was working with a customer last week who had configured NetFlow on four of their Cisco routers. They had applied basically the same

::
joanna

Configuring a Cisco Catalyst 4510 Switch IOS XE 3.6

Recently I was visiting a customer on site when they mentioned they felt like they were not getting accurate information from their Cisco Catalyst

::