Are you looking to setup Cisco TrustSec NetFlow exports (CTS) or to report on them? This blog covers how to enable CTS NetFlow exports on the Catalyst 6500 series switch.

Flexible NetFlow CTS


Before we jump right in to configuring TrustSec NetFlow exports, we have to make sure that you have watched the configure Flexible NetFlow video.

Also, the hardware must be running IOS 12.2(50)SY

Configuration Excerpt of an IPv4 Flow Record (5-tuple, direction, SGT, DGT)

router(config)# flow record cts-record-ipv4
router(config-flow-record)# match ipv4 protocol
router(config-flow-record)# match ipv4 source address
router(config-flow-record)# match ipv4 destination address
router(config-flow-record)# match transport source-port
router(config-flow-record)# match transport destination-port
router(config-flow-record)# match flow direction
router(config-flow-record)# match flow cts source group-tag
router(config-flow-record)# match flow cts destination group-tag
router(config-flow-record)# collect counter packets

IPv6 support is outlined in the same document above.

Once you setup the above Flow Record, you still need to follow the other 3 steps to setting up Flexible NetFlow:

Step 2: Setup the Flow Exporter
Step 3: Setup the Flow Monitor
Step 4: Assign the Flow Monitor to different interfaces

For even greater detail in the flexible NetFlow exports, apply the Flow Monitor to packets dropped by Role-Based Access Control Lists (RBACLs) for all TrustSec interfaces on the router or switch:

router(config)# cts role-based ip flow monitor cts-monitor-ipv4 dropped

CTS ingress and egress NetFlow can also be applied to interfaces to support:

  • Unicast traffic only
  • L2-switched traffic only
  • Multicast traffic only
  • Both unicast and multicast traffic

Struggling? Contact us and we’ll help you get it configured.  We can also show you what is possible with CTS reporting.



Scott Robertson author pic


Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.