Submit a ticketCall us

Training Class Getting Started with SolarWinds Backup - February 28

This course offers customers an introduction to SolarWinds Backup, focusing on configuring the backup technology, taking backups, data restoration and data security. It is a great primer and will get you up to speed quickly on SolarWinds Backup.
Register for class.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic

Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic


This article discusses how user can enable Netflow on the VLAN interface to both layer 2 and 3 traffic. ​


All NTA versions


To see the traffic arriving on the switch ports that belong to VLAN, you need to enable layer 3 Netflow to display the information on the VLAN interface.  


Layer 3 Switched Netflow commands:

ip flow ingress Enables Netflow on the layer 3 interface.
ip flow ingresslayer2-switched  Enables layer 3 switched Netflow.
ip flow ingress infer-fields Capture the input and output interfaces for logical interfaces.


  • Applying these commands on the device may differ and many devices only support Netflow layer 3 but not layer 2.
  • Make sure that the NDE version is v5 . By default, it is set on version 7. 
  • Verify the NDE version is version 5, by default version 7 is configured.

For more information on Netflow Layer 3, click here

Here is a link to a Cisco document that goes through the steps of configuring Netflow on 6500 series switches for both hybrid and native IOS. 

The key command to monitor layer 2 is

ip flow ingress layer2-switched vlan xxxx.

The commands for layer2-switched traffic:

ip flow ingress layer2-switched vlan vlanlist
ip flow export layer2-switched vlan vlanlist
set mls bridged-flow-statistics enable  vlanlist (for CatOS)

Note: A PFC3B or PFC3BXL running 12.2(18)SXE or higher is required for this command, which enables NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.


Netflow only summarizes traffic that passes from one VLAN to another (interVLAN) or routed traffic which does not show layer 3 switched traffic. This is due to a disabled Netflow on the VLAN interface. 

Last modified