Manufacturer: Cisco

Model(s): Catalyst 3750X and 3560X

Version(s): IOS 15.X

URL: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg/swmnetflow.html

Notes:

  • Flexible NetFlow is supported only on the Catalyst 3750-X and 3560-X switch running the IP base or IP services feature set and equipped with the network services module. It is not supported on switches running the NPE or the LAN base image.

Configuration steps for Flexible NetFlow

  1. Create a Flow Record
configure terminal
flow record FLOW-RECORD
  description NetFlow Record
  match datalink mac source address input
  match datalink mac destination address input
  match ipv4 ttl
  match ipv4 tos
  match ipv4 protocol
  match ipv4 source address
  match ipv4 destination address
  match transport source-port
  match transport destination-port
  collect interface input
  collect interface output
  collect counter bytes long
  collect counter packets long
  collect timestamp sys-uptime first
  collect timestamp sys-uptime last
  exit

CLI command

Description

 
Flow record <name>

Creates a flow record and enters flow record configuration mode.

 
Description <string>

Describes this flow record as a maximum 63-character string.

 
Match <key>

Specifies match keys. Plixer recommended keys are listed in the example above

 
Collect <field>

Specifies the collection field. Plixer recommended fields are listed in the example above.
  1. Create a flow Exporter
configure terminal
flow exporter PLIXER-COLLECTOR
  description Plixer flow collector
  destination <IP of Plixer collector>
  source <Interface>
  transport udp 2055
  exit

CLI command

Description

 
flow exporter <name>

Creates a flow exporter and enters flow exporter configuration mode

 
description <string>

Describes this flow exporter as a maximum 63-character string

 
destination <ip>

IPv4 address of the Plixer collector. You can optionally configure the VRF to use to reach the NetFlow Collector.

 
Source <interface>

Specifies the interface to use when sending NetFlow exports. Make sure Plixer can query it using SNMP.

 
transport udp <port>

Specifies the UDP port to use to reach the NetFlow Collector. The range is from 0 to 65535. (2055 or 9995 are recommended)

 
Template data timeout 5

 

  1. Create a Flow Monitor
configure terminal
flow monitor FLOW-COLLECTION
  description Layer Flow Collection
  record FLOW-RECORD
  exporter PLIXER-COLLECTOR
  cache timeout active 60
  cache timeout inactive 15

CLI command

Description

 
flow monitor <name>

Creates a flow monitor and enters flow monitor configuration mode

 
description <string>

Describes this flow monitor as a maximum 63-character string

 
record <name>

Associates a flow record with this flow monitor.

 
exporter <name>

Associates a flow exporter with this flow monitor.

 
cache timeout <seconds>

Sets the flow timeout length. Plixer recommends this be set to 60 seconds.

 

  1. Apply a Flow Monitor to an interface
configure terminal
interface <interface>
  ip flow monitor FLOW-COLLECTION input

CLI command

Description

 
Ip flow monitor <ipv4 |ipv6> input

Associates an IPv4 or IPv6 flow monitor to the interface for input packets.