L3 Switch (3560G) Monitoring

Unanswered Question
Apr 11th, 2008

With Cisco routers, there is netflow which enables us to monitor traffic/applications/ports etc... This is very handy for network troubleshooting.

With cisco 3560G what can be used/what configuration to do to enable the same type of monitoring as a cisco router??

thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jan Nejman Fri, 04/11/2008 - 06:01

Hello,

I thing that netflow is not supported by 3560.

I tried to configure it, but no netflow is exported. I found that Cisco doesn't support it on 3650. Is somebody from Cisco, here? thx for explaination. I think that netflow is not supported on: Cisco 2900, 3500 and 3750. NetFlow is supported on: Cisco 1800, 2800, 3800, 4500, 6500, 7200, 7300, 7500, 7600, 10000, 12000 and CRS-1.

Kind regards

Jan Nejman

Caligare, Co.

http://www.caligare.com/

carribeiro Fri, 04/11/2008 - 08:31

Netflow is not supported on the smaller switches. The reason is that NetFlow is very demanding, and requires either a fast processor or dedicated silicon to the task. For instance, even on higher end switches there are some supervisors that do not support NetFlow - I know for sure that the new Sup VI for the 4500E do not support it. The same applies for another popular feature, "ip accounting" - it isn't support either on most switches.

rsabapathee Fri, 04/11/2008 - 10:52

what can be used to configure the cisco 3560 to have similar type of monitoring?

(perhaps a third party software?)

rsabapathee Sun, 04/13/2008 - 20:07

Is there abosolutely no way of getting any sort of statistical data from a L3 switch? (in similar fashion to netflow from a router)

carribeiro Wed, 04/16/2008 - 17:29

Sorry for the delay. Low end (29xx) and "mid-low" end switches (up to 3750 and 3560) are not designed for this kind of application. My suggestion is for you to mirror traffic to a fast PC and run something like NTOP. The main problem is the PC's speed, because it may limit the amount of data that can be processed . Some tools allow you to use "statistical sampling"; they do not process every single packet but instead look at a percentage of your traffic. The result isn't exactly the same but is a reasonable approximation in statistical terms.

There are some tools out on the web that will take a packet capture .pcap file and then export the traffic to a flow collector. However, that would require that you have the ability to mirror traffic from the the switches you wish to monitor to the collector.This could be acheived with matrix switches and/or some form of RSPAN tech. I have done this type of setup before with extreme switches (they didn't support netflow either) and it worked quite well.

Here is link i found on the web.

http://fprobe.sourceforge.net/

Actions

This Discussion