Is my Cisco hardware NetFlow compatible?
If you follow the news, you know that there has been a big spending spree by Cisco with multiple acquisitions of technology companies. As Cisco adds these new products to its portfolio and refreshes its old products, the question of NetFlow support becomes more and more prevalent. As a buyer, the last thing I want is my network or security team losing visibility because I’ve purchased a switch that strips out a protocol they have been depending on.
This blog aims to provide a list of NetFlow-capable devices by Cisco and the version of NetFlow they support. I’ll do my best to keep this blog up to date with configuration guide links and additional devices with Cisco NetFlow support.
Cisco Switches that Support NetFlow:
- Cisco Catalyst 3650/3850: Flexible NetFlow
- Cisco Catalyst 3750-X with 3K-X Service Card: Traditional NetFlow
- Cisco Catalyst 4500 and 4500x with Sup 7: Flexible NetFlow
- Cisco Catalyst 4900M, 4948E, 4948E-F: Flexible NetFlow
- Cisco 6500 with SUP2T: Flexible NetFlow
- Cisco 6500 with SUP720: Traditional NetFlow
- Cisco Catalysts 3560-CX and 2960-CX: NetFlow Lite
- Nexus 1k: Flexible NetFlow
- Nexus 2k: sFlow
- Nexus 5k with Layer 3 Card: Flexible NetFlow
- Nexus 7k – F Card: Sampled NetFlow
- Nexus 7k – M Card: Flexible NetFlow
- Nexus 9k: sFlow
- Nexus 1000v: Flexible NetFlow
Cisco Routers that Support NetFlow:
- Integrated Services Router (ISRs) G1 and G2: Flexible and Traditional.
- Cisco 7600 Series Router: Traditional
- Cisco 10000 Series Router: Traditional
- Cisco XR12000 / 12000 Series Routers: Flexible NetFlow
- Cisco ASR 1000 Series Aggregation Services Router (ASR): Flexible NetFlow
- Cisco ASR 9000 Series Aggregation Services Router (ASR): Sampled NetFlow
- Cisco Network Convergence System (NCS) 5000,6000: Flexible NetFlow
- Cisco Cloud Services Router 1000v (CSR1000v): Flexible NetFlow
Cisco Firewalls the Support NetFlow:
- Cisco ASA: Network Secure Event Logging (NSEL)
- Cisco ASA w/ Firepower: eStreamer
Cisco Wireless Devices that Support NetFlow:
- Cisco Wireless LAN Controller: Cisco AVC
- Cisco 3850 w/ Integrated wireless Controller: Flexible NetFlow
- Cisco 6500 w/ Integrated wireless controller: Flexible NetFlow
Cisco Acquisitions that Support NetFlow:
- Cisco Meraki MX and Z1: Traditional
- Viptela: IPFIX
Miscellaneous:
- Cisco WAAS
- Cisco ACI
- Cisco UCS
What’s the difference between Traditional NetFlow, Sampled NetFlow, sFlow, and Flexible NetFlow?
Traditional NetFlow: For this blog, I am referring to NetFlow Version 5 and Version 9 as traditional NetFlow.
Flexible NetFlow: Allows for the customization of the Flow Record. This provides an advantage to the end user by letting them add in richer metadata to the flow exports. Examples of this can be adding in NBAR information for layer 7 application IDs or a wide variety of performance monitoring metrics.
Sampled NetFlow: Applies a sample rate to the flow exports, which tends to limit visibility. Typically, sampling NetFlow is used on high volume switches that cannot handle 1-1 flow exports. If your switch forces flow sampling you can check out a probe appliance like Plixer FlowPro or Gigamons GigaVUE to get 1-1 visibility.
SFlow: This is a packet sampling technology that chooses 1 in N amounts of packets at random to be sent to the collector. This technology is similar to Sampled Netflow although it does include a poll count which will provide bandwidth utilization.
NetFlow Lite: This is the same as Sampled NetFlow unless it is running on a Cisco 4948E. If on the 4948 it is a packet sampling technology that would require an nProbe as an intermediary to get it to a collection system.
If you have any questions on NetFlow, sFlow, or IPFIX exports, please feel free to reach out to our support team. We would be happy to walk through configuration examples with you!