×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NetFlow Layer2 on nexus 7k

Unanswered Question
Apr 10th, 2012
User Badges:

Hi guys,

Ive tried to configure NetFlow on layer 2 without success.

I configured the recond\monitor\exporter like the configuration guide said.

but still i dont receive any netflow traffic.

I checked the firewall on the VM and it looks fine.


Anyone have any idea??


i have done  the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.



Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Liad Dayan Tue, 04/10/2012 - 22:51
User Badges:

Hi,

Thanks for the fast replay!!

iam using version 5.1

here is sample of the configuration:


flow exporter scrutinizer

description netflow-tester

destination 192.168.1.212 - the netflow analyzer server ip address

version 9

source vlan 3 (192.168.1.211)


flow monitor TESTER

flow record netflow-original

exporter scrutinizer


** i did try to create my wn record for only layer2 data - without success.

After ive done this i start to add the interfaces i want to check.

int ethernet 2/1-2 - this is the uplink we want to test

layer2-switch flow monitor TESTER input


any idea`s?

Liad Dayan Wed, 04/11/2012 - 02:25
User Badges:

Here is the configruation on the Nexus 7k

flow exporter scrutinizer

  description export netflow to scrutinizer

  destination 10.100.212.111

  transport udp 6343

  source Vlan3

  version 9

flow monitor LIAD

  record netflow layer2-switched input

  exporter scrutinizer





interface port-channel1

  layer2-switched flow monitor LIAD input


------------------------------------------------------------------------------------------------------------------------------------------------------------

Adam Casella Sun, 02/09/2014 - 12:31
User Badges:
  • Bronze, 100 points or more

Hey,


Did you put "mac packet-classify"  on the layer 2 link?  SInce you are esentially placing a MAC ACL on the layer 2 interface when netflow is applied. This would be required to see IP traffic exported.   Other wise only "non-ip" traffic will be exported, which I would imagine would not be very helpful here.


Also keep in mind that the netflow-original recorder is really designed for layer 3 traffic and doesn't have any relevant layer 2 information, See below:


Flow record netflow-original:

    Description: Traditional IPv4 input NetFlow with origin ASs

    No. of users: 1

    Template ID: 258

    Fields:

        match ipv4 source address

        match ipv4 destination address

        match ip protocol

        match ip tos

        match transport source-port

        match transport destination-port

        match interface input

        match interface output

        match flow direction

        collect routing source as

        collect routing destination as

        collect routing next-hop address ipv4

        collect transport tcp flags

        collect counter bytes

        collect counter packets

        collect timestamp sys-uptime first

        collect timestamp sys-uptime last



This may not matter if you are putting this in between two routers, where the MAC's don't change, but you probably want to create you own recorder:


flow record layer2-netflow

  match datalink mac source-address

  match datalink mac destination-address

  match datalink vlan



You can also add in any of the above information as well from netflow orginal depending on what you actually want to see.



Thanks,


Adam

Actions

This Discussion