Netflow style monitoring on the 3750 switches??

Unanswered Question
Aug 29th, 2007

I know that Netflow isn't supported on the 3750 series switches but we have a requirement to monitor the the source-destination pairings, protocols etc on 2 seperate stacks of 3750s. All of the stats need to be collected back at a centralized server. Basically we need NetFlow capabilities :o(

Can someone give me some advice or guidance on how they have achieved this monitoring themselves on similar switches and what tools they have used.

I have looked at RSPAN but think that this would load the trunk link between the switches too much and affect the proper traffic.(The stacks are in separate buildings).

I thought about plugging a probe in to each switch stack and use SPAN to monitor the same vlan on either switch stack. Problem here is that the probes are independant and I will get duplicate statistics being collected for any traffic flows that traverse the two stacks.

So the problems are:

1. I can't monitor them as a single unit

2. I can't use netflow

3. RSPAN will/may affect the traffic on the trunks

4. Dual probes = some dual stats

PRTG is fantastic for monitoring individual interfaces for inbound & outbound bandwidth but it doesn't give me the all important breakdown of the traffic.

Any advice greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
dsweeny Tue, 09/04/2007 - 11:17

You can use the Cisco NAM with CiscoWorks QPM 3.2 for complete LAN and WAN traffic management. The Cisco NAM can characterize traffic patterns on the LAN by automatically detecting known and unknown applications, categorized by hosts and conversations. Cisco NAM has onboard instrumentation, including NetFlow support, for traffic management. When used with CiscoWorks QPM 3.2, the Cisco NAM gives network administrators a complete Cisco solution for traffic analysis and LAN and WAN troubleshooting.

Mel Popple Wed, 09/05/2007 - 01:10

Thanks for the response.

As far as I can see the NAM is only available as a module for the 6500 series switches or is there some form of stand alone device that Cisco do for use with other switches?

avmabe Wed, 09/05/2007 - 05:07

My initial reaction is to locally span the uplinks to a linux box running NTOP ( It's free and worth a look. There are pros and cons of everything, but wanting that level of granularity from a L2 devices doesn't leave a ton of options.


This Discussion