Submit a ticketCall us

Announcing NPM 12.2
With NPM 12.2 you can monitor your Cisco ASA firewalls, to monitor VPN tunnels for basic visibility and troubleshooting tunnels. NPM 12.2 also uses the SolarWinds Orion Installer so you can easily install and upgrade one or more Orion Platform products simultaneously.
See new features and improvements.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic

Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic


This article discusses how user can enable Netflow on the VLAN interface to both layer 2 and 3 traffic. ​


All NTA versions


To see the traffic arriving on the switch ports that belong to VLAN, you need to enable layer 3 Netflow to display the information on the VLAN interface.  


Layer 3 Switched Netflow commands:

ip flow ingress Enables Netflow on the layer 3 interface.
ip flow ingresslayer2-switched  Enables layer 3 switched Netflow.
ip flow ingress infer-fields Capture the input and output interfaces for logical interfaces.


  • Applying these commands on the device may differ and many devices only support Netflow layer 3 but not layer 2.
  • Make sure that the NDE version is v5 . By default, it is set on version 7. 
  • Verify the NDE version is version 5, by default version 7 is configured.

For more information on Netflow Layer 3, click here

Here is a link to a Cisco document that goes through the steps of configuring Netflow on 6500 series switches for both hybrid and native IOS. 

The key command to monitor layer 2 is

ip flow ingress layer2-switched vlan xxxx.

The commands for layer2-switched traffic:

ip flow ingress layer2-switched vlan vlanlist
ip flow export layer2-switched vlan vlanlist
set mls bridged-flow-statistics enable  vlanlist (for CatOS)

Note: A PFC3B or PFC3BXL running 12.2(18)SXE or higher is required for this command, which enables NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.


Netflow only summarizes traffic that passes from one VLAN to another (interVLAN) or routed traffic which does not show layer 3 switched traffic. This is due to a disabled Netflow on the VLAN interface. 

Last modified
14:09, 13 Nov 2015