Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Netflow Traffic Analyzer (NTA) > Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic

Enable Netflow on Cisco VLAN interfaces to show layer 2 and 3 traffic

Overview

This article discusses how user can enable Netflow on the VLAN interface to both layer 2 and 3 traffic. ​

Environment

All NTA versions

Resolution

To see the traffic arriving on the switch ports that belong to VLAN, you need to enable layer 3 Netflow to display the information on the VLAN interface.  

 

Layer 3 Switched Netflow commands:

ip flow ingress Enables Netflow on the layer 3 interface.
ip flow ingresslayer2-switched  Enables layer 3 switched Netflow.
ip flow ingress infer-fields Capture the input and output interfaces for logical interfaces.


Notes: 

  • Applying these commands on the device may differ and many devices only support Netflow layer 3 but not layer 2.
  • Make sure that the NDE version is v5 . By default, it is set on version 7. 
  • Verify the NDE version is version 5, by default version 7 is configured.


For more information on Netflow Layer 3, click here

Here is a link to a Cisco document that goes through the steps of configuring Netflow on 6500 series switches for both hybrid and native IOS. 

 
The key command to monitor layer 2 is

ip flow ingress layer2-switched vlan xxxx.


The commands for layer2-switched traffic:

ip flow ingress layer2-switched vlan vlanlist
ip flow export layer2-switched vlan vlanlist
set mls bridged-flow-statistics enable  vlanlist (for CatOS)

Note: A PFC3B or PFC3BXL running 12.2(18)SXE or higher is required for this command, which enables NDE for all traffic within the specified VLANs rather than just inter-VLAN traffic.

Cause

Netflow only summarizes traffic that passes from one VLAN to another (interVLAN) or routed traffic which does not show layer 3 switched traffic. This is due to a disabled Netflow on the VLAN interface. 

Last modified
14:09, 13 Nov 2015

Tags

Classifications

Public