Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

NetFlow Layer2 on nexus 7k

Unanswered Question
Apr 10th, 2012
User Badges:

Hi guys,

Ive tried to configure NetFlow on layer 2 without success.

I configured the recond\monitor\exporter like the configuration guide said.

but still i dont receive any netflow traffic.

I checked the firewall on the VM and it looks fine.

Anyone have any idea??

i have done  the command under the ethernet interface :" layer2-switch flow monitor TEST input" - for layer2 input.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Liad Dayan Tue, 04/10/2012 - 22:51
User Badges:


Thanks for the fast replay!!

iam using version 5.1

here is sample of the configuration:

flow exporter scrutinizer

description netflow-tester

destination - the netflow analyzer server ip address

version 9

source vlan 3 (

flow monitor TESTER

flow record netflow-original

exporter scrutinizer

** i did try to create my wn record for only layer2 data - without success.

After ive done this i start to add the interfaces i want to check.

int ethernet 2/1-2 - this is the uplink we want to test

layer2-switch flow monitor TESTER input

any idea`s?

Liad Dayan Wed, 04/11/2012 - 02:25
User Badges:

Here is the configruation on the Nexus 7k

flow exporter scrutinizer

  description export netflow to scrutinizer


  transport udp 6343

  source Vlan3

  version 9

flow monitor LIAD

  record netflow layer2-switched input

  exporter scrutinizer

interface port-channel1

  layer2-switched flow monitor LIAD input


Adam Casella Sun, 02/09/2014 - 12:31
User Badges:
  • Bronze, 100 points or more


Did you put "mac packet-classify"  on the layer 2 link?  SInce you are esentially placing a MAC ACL on the layer 2 interface when netflow is applied. This would be required to see IP traffic exported.   Other wise only "non-ip" traffic will be exported, which I would imagine would not be very helpful here.

Also keep in mind that the netflow-original recorder is really designed for layer 3 traffic and doesn't have any relevant layer 2 information, See below:

Flow record netflow-original:

    Description: Traditional IPv4 input NetFlow with origin ASs

    No. of users: 1

    Template ID: 258


        match ipv4 source address

        match ipv4 destination address

        match ip protocol

        match ip tos

        match transport source-port

        match transport destination-port

        match interface input

        match interface output

        match flow direction

        collect routing source as

        collect routing destination as

        collect routing next-hop address ipv4

        collect transport tcp flags

        collect counter bytes

        collect counter packets

        collect timestamp sys-uptime first

        collect timestamp sys-uptime last

This may not matter if you are putting this in between two routers, where the MAC's don't change, but you probably want to create you own recorder:

flow record layer2-netflow

  match datalink mac source-address

  match datalink mac destination-address

  match datalink vlan

You can also add in any of the above information as well from netflow orginal depending on what you actually want to see.




This Discussion